Skip to content

Improve HIPAA audit-control coverage gates#1416

Open
MAUROCERON wants to merge 1 commit into
UnitOneAI:mainfrom
MAUROCERON:improve/hipaa-audit-controls-1413
Open

Improve HIPAA audit-control coverage gates#1416
MAUROCERON wants to merge 1 commit into
UnitOneAI:mainfrom
MAUROCERON:improve/hipaa-audit-controls-1413

Conversation

@MAUROCERON
Copy link
Copy Markdown

@MAUROCERON MAUROCERON commented Jun 6, 2026

Implements #1413.

Summary

  • Adds a 164.312(b) audit-control evidence gate for ePHI system coverage, event taxonomy, log source, integrity/time basis, retention, and activity-review linkage.
  • Adds an output matrix so HIPAA reviews can document audit-control coverage per ePHI system instead of accepting generic logging.
  • Adds edge-case fixtures for login-only logging, mutable logs, missing activity-review linkage, missing Business Associate audit evidence, and complete coverage.

Validation

  • Checked Markdown fence balance for the updated skill and new fixture.
  • Verified required markers: Audit-control evidence gate, Event taxonomy, Integrity/time basis, Activity-review linkage, Not Evaluable, Business Associate.
  • Verified official eCFR and NIST reference URLs return HTTP 200.

Payment details can be provided privately after maintainer acceptance.

@MAUROCERON MAUROCERON mentioned this pull request Jun 6, 2026
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MAUROCERON