https://github.com/jdawg555/hipaa-security-test
Free HIPAA Security Risk Assessment template for healthcare teams bringing PHI online. Adapted from the one we use for Luxon Sync.
https://github.com/jdawg555/hipaa-security-test
compliance healthcare hipaa phi security-risk-assessment template
Last synced: about 1 month ago
JSON representation
Free HIPAA Security Risk Assessment template for healthcare teams bringing PHI online. Adapted from the one we use for Luxon Sync.
- Host: GitHub
- URL: https://github.com/jdawg555/hipaa-security-test
- Owner: jdawg555
- License: mit
- Created: 2026-04-20T02:28:59.000Z (3 months ago)
- Default Branch: main
- Last Pushed: 2026-06-09T21:17:14.000Z (about 1 month ago)
- Last Synced: 2026-06-09T22:12:15.382Z (about 1 month ago)
- Topics: compliance, healthcare, hipaa, phi, security-risk-assessment, template
- Language: Python
- Homepage: https://luxonmedical.com/ai
- Size: 479 KB
- Stars: 1
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Security: SECURITY.md
- Roadmap: docs/roadmap/PARITY.md
- Notice: NOTICE
Awesome Lists containing this project
README
# hipaa-audit
> **Self-hosted HIPAA compliance workspace** — use it like Vanta or Drata, without the subscription.
[](LICENSE)
[](CHANGELOG.md)
Open your browser. Connect integrations. Run monitoring scans. Track vendors, access reviews, and personnel. Publish trust center and auditor portals.
**MIT licensed · runs on your machine or Docker · your data stays in your repo**
---
## Start in 60 seconds
```bash
pip install "hipaa-audit[serve,aws,github]"
mkdir ~/my-compliance && cd ~/my-compliance
hipaa-audit serve .
```
Opens **http://127.0.0.1:8787** — onboarding wizard → integrations → run scan.
Or with Docker:
```bash
git clone https://github.com/jdawg555/hipaa-security-test.git
cd hipaa-security-test
docker compose up
# → http://localhost:8787 (data in ./workspace-data/)
```
**Full guide:** [docs/how-to-use-this.md](docs/how-to-use-this.md)
**Closing gaps with Vanta/Drata:** [docs/roadmap/PARITY.md](docs/roadmap/PARITY.md) · `hipaa-audit parity`
---
## What you get (mapped to Vanta / Drata)
| Vanta / Drata | hipaa-audit workspace |
|---------------|---------------------|
| Dashboard | Posture score, pass/fail, open tasks |
| Integrations | Toggle AWS, GitHub, Okta, Google, Prowler, personnel, vendors… |
| Continuous tests | Run scan on demand or auto-scan every N hours |
| Personnel | Policy acks + training CSV |
| Vendors | Risk register + questionnaire portal |
| Access reviews | Quarterly campaign tracker |
| Devices | Jamf/Intune CSV import |
| Policies | 12 HIPAA policy templates |
| Trust Center | Auto-published after each scan |
| Auditor portal | Read-only evidence + ZIP export |
| HIPAA + SOC 2 + ISO 27001 | Optional framework supplements |
---
## Who this is for
- Healthcare startups needing **HIPAA Security Rule** discipline for enterprise customers
- Teams that want **Vanta-like workflow** but can run a local server or Docker
- Engineering-led security (comfortable with env vars for AWS/GitHub/Okta tokens)
## Who should still pay for Vanta/Drata
- Need 300+ one-click SaaS integrations
- Need MDM laptop agents (not CSV export)
- Need HRIS-driven onboarding and non-technical compliance hires only
---
## CLI (CI & power users)
The workspace uses the same engine:
```bash
hipaa-audit scan .
hipaa-audit export auditor
bash scripts/run-e2e.sh .
```
---
## License
[MIT](LICENSE) — see [NOTICE](NOTICE). Not legal advice; policies require counsel review.