# hipaa-agent AI-powered HIPAA compliance officer for healthcare practices. 73-tool scanning, SRA, BAA generation, breach monitoring, and audit trails. NPI is the universal key. ## Quick Start ```bash # Connect this server (installs CLI if needed) npx -y @smithery/cli@latest mcp add hipaaagent/hipaa-agent # Browse available tools npx -y @smithery/cli@latest tool list hipaaagent/hipaa-agent # Get full schema for a tool npx -y @smithery/cli@latest tool get hipaaagent/hipaa-agent scan_practice # Call a tool npx -y @smithery/cli@latest tool call hipaaagent/hipaa-agent scan_practice '{}' ``` ## Direct MCP Connection Endpoint: `https://hipaa-agent--hipaaagent.run.tools` ## Tools (36) - `scan_practice` — Trigger a fresh HIPAA compliance scan for a healthcare practice. Always dispatches a new 70+ control scan via VPS — nev… - `batch_scan` — Dispatch fresh HIPAA compliance scans for multiple practices at once. Each practice costs 150 credits. If insufficient … - `get_scan_status` — Check the status of the latest scan for a practice. Returns grade, scan date, and whether data is available. Cost: 25 c… - `get_compliance_score` — Get the HIPAA Agent Compliance Score breakdown for a practice. Returns overall grade, numerical score, and per-category… - `get_report` — Get the full compliance report for a practice including all findings, severity breakdown, grade, and HIPAA section cita… - `get_audit_log` — Retrieve the SHA-256 hash chain audit trail for a practice. Returns timestamped, tamper-evident log entries for all com… - `get_evidence_package` — Compile a 10-component evidence package for auditors and insurers. Includes scan results, policy attestations, training… - `generate_baa` — Generate a Business Associate Agreement for a vendor. Requires active subscription or platform/MSP key. Cost: 25 credit… - `get_policies` — Get HIPAA policy documents generated for a practice. Requires active subscription or platform/MSP key. Cost: 25 credits. - `generate_sra` — Initiate a HIPAA Security Risk Assessment. Returns the first batch of questions for the respondent to answer. Requires … - `get_breach` — Check if a practice has been involved in any known HIPAA breaches reported to HHS. Matches by practice name and state. … - `get_breach_score` — Calculate a breach exposure risk score for a practice based on breach history, breached credentials, and industry bench… - `trigger_internal_scan` — Generate a deploy token for the internal network scanner agent. Returns an API key and installation instructions for de… - `get_internal_scan_status` — Check the status of the internal network scan agent deployment and whether results have been received. Cost: 25 credits. - `get_internal_findings` — Get the latest internal network scan results including encryption status, MFA compliance, network segmentation, patch l… - `lookup_practice` — Look up a healthcare practice by NPI number. Always fetches from the NPPES registry and augments with HIPAA Agent scan … - `get_outreach_status` — Get the outreach and drip campaign status for a practice. Returns email send history, drip stage, and engagement data. … - `get_practice_summary` — Get a comprehensive summary of a practice combining scan results, compliance score, findings count, breach history, and… - `get_training_status` — Get staff training completion records for a practice. Returns staff members and their training course completions inclu… - `get_vendor_baa_list` — Get vendor Business Associate Agreement tracking records for a practice. Returns all vendor BAAs with status, dates, an… - `log_incident` — Log a HIPAA security or privacy incident for a practice. Creates an incident report with type, description, and severit… - `get_incidents` — Get incident history for a practice. Returns all logged security and privacy incidents with status, severity, and resol… - `get_compliance_delta` — Get compliance controls that changed status since a given date. Shows improved and regressed controls with before/after… - `check_vendor` — Check vendor risk profile including breach history, BAA coverage, and security score. Input vendor_name or domain. Cost… - `get_compliance_state` — Get the HIPAA compliance readiness state for a practice. Tracks 13 requirements against the May 2026 deadline. Returns … - `subscribe_webhook` — Register a webhook URL to receive HIPAA compliance event notifications. Events: breach_detected, score_dropped, baa_exp… - `list_webhooks` — List active webhook subscriptions for a practice. Cost: 25 credits. - `get_breach_probability` — Calculate breach probability for a practice. Model: HHS base rate by specialty, adjusted by security grade penalty, gap… - `validate_workflow` — Validate whether a data workflow is HIPAA-compliant. Synchronous guardrail — returns allowed/denied with risk score, mi… - `get_controls` — Get HIPAA/NIST control-level assessment for a practice. Maps scan findings to 13 standardized controls with pass/fail/p… - `execute_agent_baa` — Execute a digital Business Associate Agreement between two healthcare practices. Verifies both parties have passing com… - `get_model_insights` — Get HIPAA Agent data intelligence model stats — vulnerability patterns discovered, remediation effectiveness tracking, … - `get_state_coverage` — Get scanning coverage by US state — total NPIs in registry, scanned count, average grade per state. Shows which states … - `get_threat_intel` — Get recent healthcare threat intelligence alerts from FBI Watchdog, HHS HC3, CISA KEV, and MS-ISAC. Returns alerts with… - `get_reputation` — Get HIPAA Agent verified reputation stats — total scans, unique practices, documents generated, breaches tracked, uptim… - `get_blockchain_anchor` — Get the blockchain anchor proof for a specific date. Returns the SHA-256 root hash of all audit events from that date, … ```bash # Get full input/output schema for a tool npx -y @smithery/cli@latest tool get hipaaagent/hipaa-agent ```