getGeneralDataSecurityChecklist
Generate a comprehensive data security checklist to help healthcare applications meet HIPAA compliance requirements for protecting patient health information.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| schema | Yes |
Implementation Reference
- server.ts:376-393 (handler)The asynchronous handler function for the 'getGeneralDataSecurityChecklist' tool. It returns a static markdown checklist for handling PII securely.
async () => { return { content: [{ type: 'text', text: ` # General PII Security Checklist 1. **Inventory:** Do you know exactly what PII you are collecting and where it is stored? 2. **Minimization:** Are you only collecting the PII that is absolutely necessary for your service to function? 3. **Access Control:** Is access to PII strictly limited on a need-to-know basis? 4. **Encryption:** Is all PII encrypted both in transit (TLS) and at rest? 5. **Logging:** Is all access to PII logged and monitored? 6. **Secure Deletion:** Do you have a process for securely and permanently deleting PII when it is no longer needed or when a user requests it? 7. **Training:** Is your team trained on how to handle PII securely and what to do in case of a data spill? ` }] }; } - server.ts:372-375 (schema)The tool metadata including description and input schema (empty object, no parameters expected).
{ description: 'Provides a general checklist for handling sensitive Personally Identifiable Information (PII), even if it is not PHI.', schema: z.object({}), }, - server.ts:370-394 (registration)The complete server.tool registration for the 'getGeneralDataSecurityChecklist' tool, including name, metadata, and inline handler.
server.tool( 'getGeneralDataSecurityChecklist', { description: 'Provides a general checklist for handling sensitive Personally Identifiable Information (PII), even if it is not PHI.', schema: z.object({}), }, async () => { return { content: [{ type: 'text', text: ` # General PII Security Checklist 1. **Inventory:** Do you know exactly what PII you are collecting and where it is stored? 2. **Minimization:** Are you only collecting the PII that is absolutely necessary for your service to function? 3. **Access Control:** Is access to PII strictly limited on a need-to-know basis? 4. **Encryption:** Is all PII encrypted both in transit (TLS) and at rest? 5. **Logging:** Is all access to PII logged and monitored? 6. **Secure Deletion:** Do you have a process for securely and permanently deleting PII when it is no longer needed or when a user requests it? 7. **Training:** Is your team trained on how to handle PII securely and what to do in case of a data spill? ` }] }; } );