This is the entrypoint skill when someone explicitly mentions HIPAA, covered entities, or business associate agreements. It stays intentionally thin and acts as a routing layer: it activates healthcare-phi-compliance for the actual implementation rules around PHI handling, logging, and encryption, then applies HIPAA-specific decision gates on top like "does this vendor have a BAA?" and "is access limited to minimum necessary?" The smart move here is treating HIPAA as an overlay rather than reimplementing privacy rules from scratch. Use it when the request is framed around US healthcare compliance, and let it escalate to healthcare-reviewer when clinical workflows or production architecture are involved.
npx skills add https://github.com/affaan-m/everything-claude-code --skill hipaa-compliance