# Module 1.2: Claude for Complex Legal Analysis & Document Review

**Exercise 1.5: Regulatory Compliance Assessment**

**Objective:** Conduct comprehensive compliance review for a healthcare organization using AI assistance. Analyze policies against HIPAA, ADA, EEOC, and state privacy laws.

---

## Setup & Configuration
Install dependencies and configure the Anthropic client.

**Note:** This notebook requires an API key from Anthropic.

- **Get an API Key:** Sign up at [console.anthropic.com](https://console.anthropic.com/).

In [None]:
%pip install anthropic python-dotenv

In [None]:
import anthropic
import os
import getpass
from IPython.display import display, Markdown

# 1. Load API Key
try:
    from dotenv import load_dotenv
    load_dotenv()
except ImportError:
    pass

api_key = os.getenv('ANTHROPIC_API_KEY')
if not api_key:
    api_key = getpass.getpass('Enter your Anthropic API Key: ')
    os.environ['ANTHROPIC_API_KEY'] = api_key

client = anthropic.Anthropic(api_key=api_key)
print("Anthropic Client configured.")

## Step 1: Load Compliance Documents
For this exercise, we will load a set of sample compliance policies (`sample_compliance_docs.txt`). Ensure this file contains the text of the policies to be reviewed (HIPAA, Employment, Privacy, Vendor Agreements).

In [None]:
doc_text = ""
try:
    with open("sample_compliance_docs.txt", "r") as f:
        doc_text = f.read()
    print(f"Compliance documents loaded successfully! Length: {len(doc_text)} characters.")
except FileNotFoundError:
    print("Error: sample_compliance_docs.txt not found. Please ensure the file exists in the directory.")

In [None]:
def analyze_with_claude(prompt_instructions, document_text, model="claude-sonnet-4-5-20250929"):
    """
    Helper function to send a prompt to Claude with the document text.
    """
    if not document_text:
        print("Error: No document text provided.")
        return

    full_prompt = f"""
    System: You are an expert legal compliance officer and regulatory analyst. Be precise, cite specific potential violations where possible, and provide actionable remediation steps.
    
    Context Document:
    {document_text}
    
    Task: {prompt_instructions}
    
    Output format: Markdown.
    """
    
    print("Analyzing... Please wait.")
    try:
        message = client.messages.create(
            model=model,
            max_tokens=4000,
            messages=[
                {"role": "user", "content": full_prompt}
            ]
        )
        display(Markdown(message.content[0].text))
    except Exception as e:
        print(f"An error occurred: {e}")

## Task 1: HIPAA Compliance Analysis
**Goal:** Analyze HIPAA compliance policies against current regulations.

In [None]:
analyze_with_claude(
    "Analyze the provided HIPAA compliance policies (Section 1) against current HIPAA regulations (Privacy, Security, and Breach Notification Rules). Identify specific gaps, non-compliant clauses, and areas needing improvement (e.g., encryption standards, access logs).",
    doc_text
)

## Task 2: Employment Practices Review (ADA & EEOC)
**Goal:** Review employment practices for ADA and EEOC compliance.

In [None]:
analyze_with_claude(
    "Review the employment practices (Section 2) for compliance with ADA and EEOC regulations. Specifically evaluate the legality of 'medical examinations prior to a job offer' and the process for reasonable accommodations.",
    doc_text
)

## Task 3: Data Protection & State Privacy
**Goal:** Assess data protection practices against state privacy laws.

In [None]:
analyze_with_claude(
    "Assess the data protection and breach notification policies (Section 3) against modern state privacy standards (like CCPA/CPRA, NY SHIELD, etc.). Critique the 90-day breach notification timeline and the data retention period.",
    doc_text
)

## Task 4: Vendor Agreement Evaluation
**Goal:** Evaluate vendor agreements for regulatory compliance requirements.

In [None]:
analyze_with_claude(
    "Evaluate the vendor agreement terms (Section 4) for regulatory compliance, specifically regarding Business Associate Agreements (BAAs), liability caps in the event of a PHI breach, and audit frequencies.",
    doc_text
)

## Task 5: Compliance Gap Analysis & Roadmap
**Goal:** Generate compliance gap analysis with remediation timeline.

In [None]:
analyze_with_claude(
    "Based on all previous analyses, generate a comprehensive Compliance Gap Analysis Table. Columns should be: 'Area', 'Identified Gap', 'Risk Level (High/Med/Low)', 'Recommended Remediation', and 'Suggested Timeline'. Follow this with a brief implementation roadmap.",
    doc_text
)

---
**Professional Standards Verification:**
- [ ] Regulatory references verified for accuracy
- [ ] Current enforcement actions considered
- [ ] AI assistance usage documented for audit trail
- [ ] Disclaimer: This analysis is AI-assisted and requires review by a qualified legal compliance professional.

**Date:** 2026-01-12

**Author:** [Your Name]