RegWatch

RegWatch is a self-healing compliance monitor that ensures when healthcare regulations change. Your code adapts automatically, turning a 63-day remediation lag into a 3-minute automated patch

Comment

Inspiration

Healthcare companies waste 40+ hours per week manually tracking HIPAA regulation changes—reading Federal Register updates, comparing policy versions, and updating compliance checks. When regulations change, compliance teams scramble to audit thousands of lines of code, often missing violations until an OCR audit hits them with million-dollar fines.

We asked: what if compliance monitoring was automatic? What if regulation changes triggered instant code analysis and remediation? That's RegWatch: a system that monitors HIPAA updates, scans your codebase for violations, and auto-generates Pull Requests with fixes.

What it does

The key difference: RegWatch doesn't just tell you what's broken—it autonomously fixes your code.

RegWatch automates end-to-end HIPAA compliance:

  • GitHub integration: Connect your account to scan any repository directly
  • Multi-framework dropdown: Switch between HIPAA, SOC 2, GDPR, and FDA 21 CFR Part 11 compliance scans
  • Get instant compliance scores (0-100) for your selected framework
  • Scan for violations across encryption, access control, and audit logging
  • Get actionable reports with line numbers, violation types, and fine exposure estimates
  • Voice-powered alerts: ElevenLabs provides live audio briefings on your repository's compliance status
  • Monitor regulation changes that scrape HHS.gov and assess impact
  • Auto-remediate fixes with Pull Requests containing regenerated code
  • Flag complex issues with GitHub Issues
  • Accumulate tests over time so old requirements never break

How we built it

RegWatch is built with Prompt-Driven Development (PDD)—prompts are source code, Python is the artifact.

Backend:

  • Flask REST API with GitHub OAuth integration
  • Three HIPAA compliance checkers generated from prompts
  • Multi-agent orchestration: scraper → analyzer → impact assessor → remediator
  • Change tracker logs regulation updates
  • Regulation selector supporting multiple compliance frameworks

Agents:

  • Toolhouse.ai for web scraping and executing checkers
  • Claude 3.5 Sonnet for semantic diff analysis
  • GitHub API for repo access and creating PRs automatically
  • ElevenLabs for voice-powered compliance briefings

PDD Methodology:

  • When HIPAA updates, we modify the prompt file, run pdd sync, and the checker regenerates—zero manual code changes
  • Tests accumulate (47 → 51) so old checks still pass while new ones are added
  • Each regulation (HIPAA, GDPR, SOC 2) has its own prompt file for easy switching

Frontend:

  • GitHub OAuth login for seamless repository access
  • Dashboard with dropdown to select compliance framework
  • Real-time scanning and violation display
  • Color-coded severity (critical = red, high = orange, medium = yellow)

Challenges we ran into

Semantic Diff Accuracy: LLM flagged typo fixes as "substantive changes." Solution: Engineered prompts to classify substantive vs. clarification changes.

Git Auto-Remediation: Determining "is this auto-fixable?" required nuanced analysis. Solution: Built classifier for simple patterns vs. architectural issues. Achieved 60% auto-fix rate.

Accomplishments we're proud of

  • Built full compliance platform in 9 hours with multi-agent orchestration, git integration, and voice alerts
  • Implemented GitHub OAuth for one-click repository scanning
  • Built dropdown framework selector supporting HIPAA, SOC 2, GDPR, and FDA Part 11
  • Implemented Prompt-Driven Development across 12 modules—every component regenerable from /prompts
  • Demonstrated test accumulation: 47 tests → 51 tests after regulation change, old tests preserved
  • Achieved 60% auto-fix rate on HIPAA violations with PR generation
  • Created realistic test data: 3 hospital codebases (scores: 20/100, 67/100, 95/100)
  • Proved economic value: saves 60+ hours per regulation change, eliminates $500K-$2M fine exposure

What we learned

PDD changes how you build AI products. Instead of debugging Python, we debugged prompts. Iteration speed increased 3-4x.

Compliance is a business problem, not just technical. We pivoted our pitch from "AI-powered code scanner" to "eliminates $2M fines and saves 200 hours/year."

Voice UX is underrated. The voice demo ("Breaking: HIPAA encryption requirements updated") became our strongest engagement hook.

Built With

Share this project:

Updates