Server Details
HIPAA compliance AI agent — scan, grade, SRA, and generate compliance docs.
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
See and control every tool call
Available Tools
30 toolsbatch_scanInspect
Dispatch fresh HIPAA compliance scans for multiple practices at once. Each practice costs 150 credits. If insufficient credits for the full batch, the entire request is rejected. Max 50 practices per call.
| Name | Required | Description | Default |
|---|---|---|---|
| practices | Yes | Array of practices to scan (max 50) |
check_vendorInspect
Check vendor risk profile including breach history, BAA coverage, and security score. Input vendor_name or domain. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| domain | No | Vendor website domain | |
| vendor_name | No | Vendor/business associate name |
generate_baaInspect
Generate a Business Associate Agreement for a vendor. Requires active subscription or platform/MSP key. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI of the covered entity (practice) | |
| risk_level | No | Risk level (default: standard) | |
| vendor_name | Yes | Name of the business associate / vendor | |
| vendor_email | No | Vendor email — if provided, the BAA is sent for signing | |
| agreement_type | No | Agreement type (default: baa) | |
| effective_date | No | Effective date (ISO 8601) | |
| expiration_date | No | Expiration date (ISO 8601) | |
| vendor_contact_name | No | Name of vendor contact person | |
| services_description | Yes | Description of services the vendor provides that involve PHI |
generate_sraInspect
Initiate a HIPAA Security Risk Assessment. Returns the first batch of questions for the respondent to answer. Requires active subscription or platform/MSP key. Cost: 500 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI of the practice | |
| practice_name | No | Practice name (auto-looked up from scan data if omitted) | |
| respondent_name | Yes | Full name of the person completing the SRA | |
| respondent_role | No | Role/title of the respondent (e.g. Practice Manager, HIPAA Officer) | |
| respondent_email | Yes | Email of the person completing the SRA |
get_audit_logInspect
Retrieve the SHA-256 hash chain audit trail for a practice. Returns timestamped, tamper-evident log entries for all compliance actions. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI |
get_breachInspect
Check if a practice has been involved in any known HIPAA breaches reported to HHS. Matches by practice name and state. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI |
get_breach_probabilityInspect
Calculate breach probability for a practice. Model: HHS base rate by specialty, adjusted by security grade penalty, gap penalties (no MFA +8%, no encryption +12%, flat network +15%, no backups +10%), and prior breach history 3x multiplier. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI |
get_breach_scoreInspect
Calculate a breach exposure risk score for a practice based on breach history, breached credentials, and industry benchmarks. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI |
get_compliance_deltaInspect
Get compliance controls that changed status since a given date. Shows improved and regressed controls with before/after comparison. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI | |
| since | Yes | ISO date to compare from (e.g. 2026-01-01) |
get_compliance_scoreInspect
Get the HIPAA Agent Compliance Score breakdown for a practice. Returns overall grade, numerical score, and per-category scores across 10 compliance categories. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI |
get_compliance_stateInspect
Get the HIPAA compliance readiness state for a practice. Tracks 13 requirements against the May 2026 deadline. Returns state (compliant/near_compliant/in_progress/early_stage/not_started), completed count, next action, and per-requirement status. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI |
get_controlsInspect
Get HIPAA/NIST control-level assessment for a practice. Maps scan findings to 13 standardized controls with pass/fail/partial status, risk scores, and required actions. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI |
get_evidence_packageInspect
Compile a 10-component evidence package for auditors and insurers. Includes scan results, policy attestations, training records, BAA ledger, and audit trail. Async — returns job_id. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI |
get_incidentsInspect
Get incident history for a practice. Returns all logged security and privacy incidents with status, severity, and resolution dates. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI |
get_internal_findingsInspect
Get the latest internal network scan results including encryption status, MFA compliance, network segmentation, patch levels, and endpoint security. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI |
get_internal_scan_statusInspect
Check the status of the internal network scan agent deployment and whether results have been received. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI |
get_outreach_statusInspect
Get the outreach and drip campaign status for a practice. Returns email send history, drip stage, and engagement data. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI |
get_policiesInspect
Get HIPAA policy documents generated for a practice. Requires active subscription or platform/MSP key. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI |
get_practice_summaryInspect
Get a comprehensive summary of a practice combining scan results, compliance score, findings count, breach history, and internal scan status. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI |
get_reportInspect
Get the full compliance report for a practice including all findings, severity breakdown, grade, and HIPAA section citations. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI |
get_scan_statusInspect
Check the status of the latest scan for a practice. Returns grade, scan date, and whether data is available. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI |
get_training_statusInspect
Get staff training completion records for a practice. Returns staff members and their training course completions including scores and dates. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI |
get_vendor_baa_listInspect
Get vendor Business Associate Agreement tracking records for a practice. Returns all vendor BAAs with status, dates, and contact info. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI |
list_webhooksInspect
List active webhook subscriptions for a practice. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI |
log_incidentInspect
Log a HIPAA security or privacy incident for a practice. Creates an incident report with type, description, and severity. Returns the incident ID for tracking. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI | |
| severity | No | Severity level: low, medium, high, critical (default: medium) | |
| description | Yes | Detailed description of the incident | |
| incident_type | Yes | Type of incident: breach, unauthorized_access, device_loss, phishing, policy_violation, system_failure, other |
lookup_practiceInspect
Look up a healthcare practice by NPI number. Always fetches from the NPPES registry and augments with HIPAA Agent scan data if available. Returns provider name, specialty, address, and compliance grade. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI |
scan_practiceInspect
Trigger a fresh HIPAA compliance scan for a healthcare practice. Always dispatches a new 70+ control scan via VPS — never returns cached results. Returns a job_id for polling via get_scan_status. Optionally specify notification_email to receive the PDF report when the scan completes. Cost: 150 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit National Provider Identifier | |
| domain | No | Practice website domain (e.g. exampleclinic.com). If omitted, looked up from existing scan data. | |
| notification_email | No | Email address to send the completed PDF report to. |
subscribe_webhookInspect
Register a webhook URL to receive HIPAA compliance event notifications. Events: breach_detected, score_dropped, baa_expiring, scan_completed, control_failed, sra_expired. Payloads signed with HMAC-SHA256. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI to monitor | |
| url | Yes | HTTPS URL to receive webhook POST payloads | |
| events | Yes | Event types to subscribe to |
trigger_internal_scanInspect
Generate a deploy token for the internal network scanner agent. Returns an API key and installation instructions for deploying the agent inside a practice network. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | Yes | 10-digit NPI |
validate_workflowInspect
Validate whether a data workflow is HIPAA-compliant. Synchronous guardrail — returns allowed/denied with risk score, missing controls, and HIPAA citations. No prior scan required. Zero PHI. Cost: 25 credits.
| Name | Required | Description | Default |
|---|---|---|---|
| npi | No | Optional 10-digit NPI for practice context | |
| data_type | Yes | Data classification: phi, de_identified, limited_data_set, non_phi | |
| destination | Yes | Target: cloud_us, cloud_intl, on_prem, vendor, email, fax, portal | |
| workflow_type | Yes | Type: data_transfer, cloud_migration, vendor_share, backup, messaging | |
| controls_applied | Yes | Controls already in place (e.g. encryption_in_transit, baa, mfa) |
To claim this server, publish a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [
{
"email": "your-email@example.com"
}
]
}The email address must match the email associated with your Glama account. Once verified, the server will appear as claimed by you.
Control your server's listing on Glama, including description and metadata
Receive usage reports showing how your server is being used
Get monitoring and health status updates for your server
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!