Regulated add-on · HIPAA · SOC 2 · HITRUST · per seat

Ship healthcare software with
compliance built in,
not bolted on.

Pipp Health adds the Secure phase to the RePPIT workflow — running HIPAA/SOC2/HITRUST checklists against every diff before it ships. The loop doesn't close until it's clean.

Pipp Health assesses and surfaces; it does not certify. Not a substitute for qualified legal or compliance counsel or a qualified security auditor.

Get Pipp HealthSee the docs
took secure — RePPITS Secure phase
# — running Secure phase after Test passed
$ took secure
Frameworks: HIPAA ✓ SOC2 ✓ HITRUST (partial)
Running diff against enabled checklists...
HIPAA § 164.312(a)(2)(iv) — Encryption at rest PASS
HIPAA § 164.312(e)(2)(ii) — Encryption in transit PASS
HIPAA § 164.312(b) — Audit controls WARN
audit_log writes present but no tamper-evidence
Suggested: add log hash chaining before this ships
SOC2 CC6.1 — Access control logic PASS
SOC2 CC6.7 — Input validation PASS
SOC2 CC7.2 — Vulnerability disclosure FAIL
3 new npm deps with no security review
Organizational controls (not code-verifiable):
○ BAA with new subprocessor — requires human verification
○ Breach notification process — not provable in diff
2 issues require fixing before this diff can ship.
Loop: Implement → Test → Secure
$

^ What a Secure phase run looks like. PASS/WARN/FAIL per control. Org controls surfaced separately.

The Secure phase

RePPIT becomes RePPITS

In regulated mode, a sixth gate runs after Test. If issues are found, the loop repeats: Implement → Test → Secure — until the diff is clean. Secure also runs standalone for auditing uncommitted changes.

R
Research
P
Propose
P
Plan
I
Implement
T
Test
S
Secure
new

Loop: Implement → Test → Secure until clean

When Secure returns FAIL or WARN issues, you fix them in Implement, re-run Test, and re-run Secure. The diff cannot ship until Secure passes. This is what “built in, not bolted on” means.

Frameworks

HIPAA, SOC 2, and HITRUST

Each framework runs as a checklist against the diff. Every item returns PASS, WARN, FAIL, or SKIPPED. Only enabled frameworks run; checklists are customizable per workspace.

HIPAA
§164.308–312
  • PHI detection incl. PHI-in-logs
  • Encryption at rest & in transit
  • Access control & minimum-necessary
  • Audit trails & tamper evidence
  • BAA verification tracking
  • Breach-notification readiness
  • Administrative/physical safeguards (org controls surfaced)
  • Telehealth-specific rules
SOC 2
Trust Service Criteria CC1–CC9
  • Availability, Confidentiality, Processing Integrity, Privacy
  • Injection prevention
  • Secrets management
  • Input validation
  • Dependency auditing
  • Incident management readiness
  • Change management controls
HITRUST
CSF v11 control categories
  • Access control & session management
  • Risk management
  • Encryption standards
  • Security operations
  • Incident & breach management
  • Business continuity
  • Privacy controls
  • Cross-tenant isolation
PASS
WARN
FAIL
SKIPPED
The defining principle

Code-verifiable vs organizational controls

A green diff must never auto-pass what code can't prove. This is what makes the assessment trustworthy rather than theater.

Code-verifiable

  • Encryption implementation is present in the diff
  • PHI absent from log statements
  • Access control logic follows role checks
  • Input validation present on all endpoints
  • No hardcoded secrets in changed files

Took assesses these directly against the diff. PASS/WARN/FAIL.

Organizational controls

  • BAAs signed with all subprocessors
  • Physical safeguards at data center
  • Breach notification SLA and runbook
  • Employee security training records
  • Board-level risk oversight

Took surfaces these and tracks them separately. They are NEVER silently passed. A human must verify each one.

PHI/PII scanning

Standing scan, not just at the gate

PHI/PII detection runs as a standing scan across every diff — not only at the Secure gate. It catches PHI appearing in log statements, error messages, API responses, and commit messages before they ship.

Pipp Health retains an assessment audit trail per diff — useful evidence for auditors, useful leverage for developers proving their workflow is disciplined.

PHI in log.info() / console.log() calls
SSN / DOB / MRN patterns in API response bodies
Patient identifiers in error messages
PHI in URL parameters
PII in commit message bodies
FHIR resource data leaking into non-HIPAA storage
Also included
Audit trail
Every Secure phase assessment is retained as auditor evidence. Timestamp, framework version, PASS/WARN/FAIL per control.
Composable with Pipp
Non-technical healthcare builders get Pipp narration + Health compliance gates simultaneously.
RePPIT Health compatible
Interoperates with the existing RePPIT Health VS Code extension and Claude Code plugin (/secure, /reppit commands).
Team governance
With a Team plan: compliance gates across repos, org-wide policy, per-PR compliance checks.

Disclaimer: Pipp Health assesses and surfaces compliance signals; it does not certify compliance with any framework. It is not a substitute for qualified legal counsel, a qualified security auditor, or your organization's own compliance program. Organizational controls must be verified by humans.

Ship regulated code with confidence.

The Secure phase is an add-on to Pipp Pro. Contact us for team and enterprise pricing.

Get Pipp HealthTalk to us