Skip to main content

vlayer Documentation

vlayer (Verification Layer) is a CLI tool and platform that scans your codebase for HIPAA compliance issues. 131 rules (125 pattern-based + 6 AI-powered) that catch PHI exposures, missing encryption, and access control gaps before they reach production. Maps to the code-detectable controls of HIPAA §164.312 and the 2026 Security Rule NPRM.

What is vlayer?

vlayer automatically analyzes your code across 5 HIPAA categories using 17 scanners and 131 rules (125 pattern-based + 6 AI-powered):

  • PHI Exposure - Detects SSN, MRN, DOB, diagnosis codes, and other PHI patterns
  • Encryption Standards - Identifies weak crypto (MD5, DES) and missing TLS
  • Audit Logging - Verifies proper logging of PHI access and operations
  • Access Control - Finds SQL injection, XSS, CORS issues, hardcoded credentials
  • Data Retention - Flags improper data deletion and retention policies

🎯 HIPAA 2026 Readiness

vlayer maps to the code-detectable controls of the HIPAA Security Rule (§164.312) and the 2026 NPRM, including:

  • Encryption standards, audit log monitoring, access controls
  • Network segmentation, multi-factor authentication, session management
  • Vulnerability scanning, secure configuration, patch management

Some 2026 NPRM requirements are organizational rather than code-detectable and fall outside the scope of static code analysis — including asset inventory, penetration testing, risk assessments, security training, third-party/vendor risk management, and backup & disaster-recovery operations. vlayer flags what it can detect in your code; it does not by itself certify full HIPAA compliance.

Quick Start

# Install globally
npm install -g verification-layer

# Or use with npx (no install needed)
npx verification-layer scan ./src

# Scan with HTML report
npx verification-layer scan ./src -f html -o report.html

# Check compliance score (0-100)
npx verification-layer score ./src

# Auto-fix issues
npx verification-layer scan ./src --fix

Why vlayer?

Building healthcare software requires strict compliance with HIPAA regulations. Manual code reviews are time-consuming and error-prone. vlayer automates this process, catching issues early in development when they're cheapest to fix.

Key Features

FeatureDescription
131 Detection Rules125 pattern-based + 6 AI-powered, across 17 scanners and 5 HIPAA categories
Compliance Score (0-100)Track your HIPAA readiness over time
Training Module10 modules, 45+ questions, verifiable certificates
HIPAA Templates5 production-ready policy documents (IRP, BAA, NPP, etc.)
CI/CD IntegrationGitHub Actions, pre-commit hooks, PR comments
Pro DashboardHistorical scans, team management at app.vlayer.app
CI/CD IntegrationBlock non-compliant code automatically
Detailed ReportsGet actionable remediation guidance
HIPAA ReferencesLearn which regulations apply
Open SourceFree to use, audit, and extend

Getting Started

Support