← ClaudeAtlas

medical-ai-compliance-gatelisted

Audit a medical/health-AI codebase or data pipeline against GDPR, EU MDR, ISO 27001, and SOC 2 — gated by automated checks that actually run. A stdlib Python scanner runs ~29 heuristics from a 47-control catalog (hardcoded secrets, PII/PHI in logs, encryption at rest, TLS, audit logging, retention/ erasure, RBAC, EU data residency, consent, model cards, data lineage, SBOM, dependency pinning, CI/tests/monitoring), maps each finding to its control + framework + severity, fails the build on blocking gaps, and sends the rest to a mandatory human attestation. Use for a compliance/readiness audit or gap analysis, a healthcare/medical-AI compliance checklist or CI gate, or a DPIA/RoPA starting point. Honest scope: engineering assistance to PREPARE for compliance — NOT legal advice, certification, an MDR conformity assessment/CE marking, or a Notified Body, ISO, or SOC 2 audit. Triggers: "GDPR", "MDR", "medical device software", "MDSW", "ISO 27001", "SOC 2", "compliance gate", "DPIA", "healthcare AI audit".
NeuralMedic-DE/claude-skills · ★ 0 · AI & Automation · score 75
Install: claude install-skill NeuralMedic-DE/claude-skills
# Medical AI compliance gate (GDPR · MDR · ISO 27001 · SOC 2, verified) Prepare a medical/health-AI system for compliance and **prove the machine-decidable part** — gaps are surfaced by a scanner that runs over the repo, fixed by severity, and re-scanned until green; then a mandatory human attestation completes the gate. ## Core principle **Gaps are measured, not assumed.** The loop is: scan → triage by severity → fix the cause → re-scan, until the automated gate is green; then complete the manual attestation before any readiness claim. **Be honest about scope (this is the rule that keeps the skill correct):** this is **engineering assistance to prepare for compliance**, nothing more. It is **NOT** legal advice, **NOT** a regulatory certification, **NOT** an EU MDR conformity assessment or CE marking, **NOT** a Notified Body audit, **NOT** an ISO 27001 certification, and **NOT** a SOC 2 attestation. MDR conformity for medical-device software (MDSW) additionally requires a QMS (ISO 13485), risk management (ISO 14971), a clinical evaluation, and — for most classes — a Notified Body, none of which this replaces. Heuristics have false positives and negatives. **Passing the gate ≠ compliant.** Never report "GDPR/MDR/ISO/SOC 2 compliant" on a green scan — report "0 blocking automated controls; manual attestation pending/complete." → `references/01-frameworks-and-scope.md` ## When to use vs. not - Use for: a compliance/readiness **gap analysis** of a health-AI codebase or data