II.
Workflow JSON
Structured · liveworkflow:hipaa-compliance-audit
HIPAA Compliance Audit json
Inspect the normalized record payload exactly as the atlas UI reads it.
{
"id": "workflow:hipaa-compliance-audit",
"_kind": "Workflow",
"_file": "workflows/workflows/workflows-security-compliance-deep.yaml",
"_cluster": "workflows",
"attributes": {
"displayName": "HIPAA Compliance Audit",
"workflowKind": "governance",
"triggerType": "scheduled",
"typicalCadence": "annually",
"complexity": "cross-team",
"description": "Audits systems handling protected health information (PHI) against HIPAA\nSecurity Rule and Privacy Rule requirements -- assessing administrative,\nphysical, and technical safeguards, reviewing access controls for ePHI,\nvalidating encryption at rest and in transit, auditing BAA coverage with\nthird-party vendors, and generating the compliance evidence package for\nexternal assessors. Excludes remediation implementation.\n"
},
"outgoingEdges": [
{
"from": "workflow:hipaa-compliance-audit",
"to": "role:security-reviewer",
"kind": "involves_role",
"attributes": {}
},
{
"from": "workflow:hipaa-compliance-audit",
"to": "role:cloud-architect",
"kind": "involves_role",
"attributes": {}
},
{
"from": "workflow:hipaa-compliance-audit",
"to": "role:engineering-manager",
"kind": "involves_role",
"attributes": {}
},
{
"from": "workflow:hipaa-compliance-audit",
"to": "skill-area:identity-security",
"kind": "requires_skill_area",
"attributes": {}
},
{
"from": "workflow:hipaa-compliance-audit",
"to": "skill-area:secrets-rotation",
"kind": "requires_skill_area",
"attributes": {}
},
{
"from": "workflow:hipaa-compliance-audit",
"to": "domain:security",
"kind": "applies_to_domain",
"attributes": {}
},
{
"from": "workflow:hipaa-compliance-audit",
"to": "domain:cybersecurity",
"kind": "applies_to_domain",
"attributes": {}
},
{
"from": "workflow:hipaa-compliance-audit",
"to": "responsibility:security-review",
"kind": "triggers_responsibility",
"attributes": {}
},
{
"from": "workflow:hipaa-compliance-audit",
"to": "responsibility:run-security-scans",
"kind": "triggers_responsibility",
"attributes": {}
},
{
"from": "workflow:hipaa-compliance-audit",
"to": "org-unit:security-team",
"kind": "performed_by_org_unit",
"attributes": {}
},
{
"from": "workflow:hipaa-compliance-audit",
"to": "org-unit:application-security-team",
"kind": "performed_by_org_unit",
"attributes": {}
},
{
"from": "workflow:hipaa-compliance-audit",
"to": "org-unit:engineering",
"kind": "performed_by_org_unit",
"attributes": {}
}
],
"incomingEdges": [
{
"from": "stack-profile:healthcare-hipaa-compliant",
"to": "workflow:hipaa-compliance-audit",
"kind": "follows_workflow"
}
]
}