vlayer Documentation
vlayer (Verification Layer) is a CLI tool and platform that scans your codebase for HIPAA compliance issues. 131 rules (125 pattern-based + 6 AI-powered) that catch PHI exposures, missing encryption, and access control gaps before they reach production. Maps to the code-detectable controls of HIPAA §164.312 and the 2026 Security Rule NPRM.
What is vlayer?
vlayer automatically analyzes your code across 5 HIPAA categories using 17 scanners and 131 rules (125 pattern-based + 6 AI-powered):
- PHI Exposure - Detects SSN, MRN, DOB, diagnosis codes, and other PHI patterns
- Encryption Standards - Identifies weak crypto (MD5, DES) and missing TLS
- Audit Logging - Verifies proper logging of PHI access and operations
- Access Control - Finds SQL injection, XSS, CORS issues, hardcoded credentials
- Data Retention - Flags improper data deletion and retention policies
🎯 HIPAA 2026 Readiness
vlayer maps to the code-detectable controls of the HIPAA Security Rule (§164.312) and the 2026 NPRM, including:
- Encryption standards, audit log monitoring, access controls
- Network segmentation, multi-factor authentication, session management
- Vulnerability scanning, secure configuration, patch management
Some 2026 NPRM requirements are organizational rather than code-detectable and fall outside the scope of static code analysis — including asset inventory, penetration testing, risk assessments, security training, third-party/vendor risk management, and backup & disaster-recovery operations. vlayer flags what it can detect in your code; it does not by itself certify full HIPAA compliance.
Quick Start
# Install globally
npm install -g verification-layer
# Or use with npx (no install needed)
npx verification-layer scan ./src
# Scan with HTML report
npx verification-layer scan ./src -f html -o report.html
# Check compliance score (0-100)
npx verification-layer score ./src
# Auto-fix issues
npx verification-layer scan ./src --fix
Why vlayer?
Building healthcare software requires strict compliance with HIPAA regulations. Manual code reviews are time-consuming and error-prone. vlayer automates this process, catching issues early in development when they're cheapest to fix.
Key Features
| Feature | Description |
|---|---|
| 131 Detection Rules | 125 pattern-based + 6 AI-powered, across 17 scanners and 5 HIPAA categories |
| Compliance Score (0-100) | Track your HIPAA readiness over time |
| Training Module | 10 modules, 45+ questions, verifiable certificates |
| HIPAA Templates | 5 production-ready policy documents (IRP, BAA, NPP, etc.) |
| CI/CD Integration | GitHub Actions, pre-commit hooks, PR comments |
| Pro Dashboard | Historical scans, team management at app.vlayer.app |
| CI/CD Integration | Block non-compliant code automatically |
| Detailed Reports | Get actionable remediation guidance |
| HIPAA References | Learn which regulations apply |
| Open Source | Free to use, audit, and extend |
Getting Started
- Try the Playground - Test vlayer in your browser instantly
- Installation Guide - Set up vlayer in your project
- Quick Start - Run your first scan in 5 minutes
Support
- GitHub Issues: Report bugs and request features
- Discord: Join our community
- Email: support@vlayer.app