What you need
Data sources
- Audit database — compliance check history, findings, remediation actions, and audit schedules
- EHR system — patient consent records, access logs, documentation completeness, and training records
- HR system — staff credentialing, license expiration dates, and mandatory training completion
Knowledge spaces
- Regulatory compliance documents — upload HIPAA regulations, CMS conditions of participation, state-specific requirements, and Joint Commission standards
- Internal compliance policies — upload your organization’s compliance manual, audit procedures, and incident response protocols
| Component | Name | Definition |
|---|---|---|
| Object | Compliance Check | Maps to the compliance_checks table in the audit database. Represents a single regulatory check with pass/fail status |
| Object | Finding | Maps to findings in the audit database. Represents a non-compliant item with severity, owner, and remediation deadline |
| Metric | Compliance Score | Percentage of checks that pass in a given scan period, weighted by severity |
| Metric | Open Findings Count | Total number of unresolved findings, segmented by severity and age |
| Dimension | Regulatory Category | Groups checks by regulation (HIPAA Privacy, HIPAA Security, CMS, State, Internal Policy) |
| Dimension | Severity | Classifies findings as critical, major, minor, or observation |
Agent setup
Create the agent
Go to Agent Space → New agent.
| Field | Value |
|---|---|
| Name | Compliance Monitor |
| Role | Healthcare Compliance Analyst |
| Goal | Monitor compliance status across regulatory domains, investigate flagged findings, and provide regulatory guidance with supporting citations |
Set the description
You are a healthcare compliance analyst who monitors operational data against regulatory requirements. You identify non-compliant items, assess their severity, and cite the specific regulation or policy section that applies. You provide remediation guidance based on internal compliance policies and track open findings to resolution. You are thorough and precise — every finding includes a regulatory reference and a clear description of the gap.
Scope data access
Grant access to:
- Audit database (compliance checks, findings, remediation tracking)
- EHR system (consent records, access logs, documentation status)
- HR system (credentialing, license dates, training records)
- Regulatory compliance documents knowledge space
- Internal compliance policies knowledge space
- Compliance Check and Finding objects, Compliance Score and Open Findings Count metrics
Add skills
Compliance status review
Compliance status review
Trigger: User asks the agent for the current compliance status or a summary of open findings.
- Query the audit database for the most recent compliance scan results.
- Calculate the overall compliance score using the weighted formula from the semantic layer.
- Group open findings by regulatory category and severity.
- Identify the top three areas with the lowest compliance scores.
- Return a compliance dashboard summary with the overall score, findings breakdown, and priority areas.
Finding investigation
Finding investigation
Trigger: User asks the agent to investigate a specific compliance finding.
- Retrieve the finding record from the audit database, including the check that generated it.
- Pull the relevant regulatory text from the regulatory compliance documents knowledge space.
- Gather the supporting operational data (e.g., the access log entry, the expired credential, the missing consent).
- Look up the remediation guidance in the internal compliance policies knowledge space.
- Return a detailed investigation report with the regulatory citation, evidence, remediation steps, and deadline.
Regulatory query
Regulatory query
Trigger: User asks a question about a specific regulation or compliance requirement.
- Search the regulatory compliance documents knowledge space for the relevant regulation or section.
- Extract the applicable requirements, definitions, and enforcement guidance.
- Cross-reference with internal compliance policies for the organization’s implementation approach.
- If the query involves data, pull the relevant operational metrics from the audit database.
- Return the regulatory text with plain-language interpretation and any supporting data.
Automation
Playbook: Weekly compliance scan
Set the trigger
Set the trigger to Schedule — Weekly on Monday at 6:00 AM, providing compliance teams with a fresh report at the start of each week.
Build the workflow
The workflow scans operational data across all regulatory domains and generates a findings report:
- Query the EHR system for patient consent records due for renewal, documentation completeness rates, and access log anomalies (e.g., after-hours access by non-clinical staff).
- Query the HR system for staff with credentials or licenses expiring within 30 days and overdue mandatory training.
- Query the audit database for open findings from prior scans and their remediation status.
- Condition — for each check, compare the result against the regulatory requirement. If non-compliant, create or update a finding record with the appropriate severity.
- Action — calculate the overall compliance score and score by regulatory category.
- Loop — for each new critical or major finding, assign an owner based on the department responsible and set a remediation deadline per the internal compliance policy.
- Delivery — distribute the weekly compliance report.
Configure delivery
- Email — send the full compliance report to the Chief Compliance Officer and department heads
- Slack — post a summary to
#compliancewith the overall score, new findings count, and any critical items - Email — send individual finding notifications to assigned owners with deadlines
What’s next
Appointment scheduling
Coordinate appointment bookings across providers and departments with automated scheduling logic.
All Healthcare use cases
See the full list.