Summary
This connects Claude to Sentinel Health Compliance's HIPAA Agent API, letting you pull compliance grades by NPI, dispatch full scans, retrieve findings, and generate security risk assessments directly from your prompt. You get the same operations their REST API exposes: grade lookups, breach checks, full 83-tool scans that return letter grades and compliance scores, and SRA generation. Reach for this when you're building workflows that need to check provider compliance status, automate audit prep, or pull compliance intel into insurance underwriting or MSP dashboards. It's built on their metered API, so the same credit system applies. If you're handling healthcare vendor risk or building tooling for practices that need OCR-ready attestation reports, this saves you from manually hitting endpoints.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Tools
Public tool metadata for what this MCP can expose to an agent.
36 tools
scan_practiceTrigger a fresh HIPAA compliance scan for a healthcare practice. Always dispatches a new 70+ control scan via VPS — never returns cached results. Returns a job_id for polling via get_scan_status. Optionally specify notification_email to receive the PDF report when the scan com...3 params
Trigger a fresh HIPAA compliance scan for a healthcare practice. Always dispatches a new 70+ control scan via VPS — never returns cached results. Returns a job_id for polling via get_scan_status. Optionally specify notification_email to receive the PDF report when the scan com...
Parameters* required
npistring10-digit National Provider Identifier
domainstringPractice website domain (e.g. exampleclinic.com). If omitted, looked up from existing scan data.
notification_emailstringEmail address to send the completed PDF report to.
batch_scanDispatch fresh HIPAA compliance scans for multiple practices at once. Each practice costs 150 credits. If insufficient credits for the full batch, the entire request is rejected. Max 50 practices per call.1 params
Dispatch fresh HIPAA compliance scans for multiple practices at once. Each practice costs 150 credits. If insufficient credits for the full batch, the entire request is rejected. Max 50 practices per call.
Parameters* required
practicesarrayArray of practices to scan (max 50)
get_scan_statusCheck the status of the latest scan for a practice. Returns grade, scan date, and whether data is available. Cost: 25 credits.1 params
Check the status of the latest scan for a practice. Returns grade, scan date, and whether data is available. Cost: 25 credits.
Parameters* required
npistring10-digit NPI
get_compliance_scoreGet the HIPAA Agent Compliance Score breakdown for a practice. Returns overall grade, numerical score, and per-category scores across 10 compliance categories. Cost: 25 credits.1 params
Get the HIPAA Agent Compliance Score breakdown for a practice. Returns overall grade, numerical score, and per-category scores across 10 compliance categories. Cost: 25 credits.
Parameters* required
npistring10-digit NPI
get_reportGet the full compliance report for a practice including all findings, severity breakdown, grade, and HIPAA section citations. Cost: 25 credits.1 params
Get the full compliance report for a practice including all findings, severity breakdown, grade, and HIPAA section citations. Cost: 25 credits.
Parameters* required
npistring10-digit NPI
get_audit_logRetrieve the SHA-256 hash chain audit trail for a practice. Returns timestamped, tamper-evident log entries for all compliance actions. Cost: 25 credits.1 params
Retrieve the SHA-256 hash chain audit trail for a practice. Returns timestamped, tamper-evident log entries for all compliance actions. Cost: 25 credits.
Parameters* required
npistring10-digit NPI
get_evidence_packageCompile a 10-component evidence package for auditors and insurers. Includes scan results, policy attestations, training records, BAA ledger, and audit trail. Async — returns job_id. Cost: 25 credits.1 params
Compile a 10-component evidence package for auditors and insurers. Includes scan results, policy attestations, training records, BAA ledger, and audit trail. Async — returns job_id. Cost: 25 credits.
Parameters* required
npistring10-digit NPI
generate_baaGenerate a Business Associate Agreement for a vendor. Requires active subscription or platform/MSP key. Cost: 25 credits.9 params
Generate a Business Associate Agreement for a vendor. Requires active subscription or platform/MSP key. Cost: 25 credits.
Parameters* required
npistring10-digit NPI of the covered entity (practice)
risk_levelstringRisk level (default: standard)one of
low · standard · highvendor_namestringName of the business associate / vendor
vendor_emailstringVendor email — if provided, the BAA is sent for signing
agreement_typestringAgreement type (default: baa)one of
baa · subcontractor_baaeffective_datestringEffective date (ISO 8601)
expiration_datestringExpiration date (ISO 8601)
vendor_contact_namestringName of vendor contact person
services_descriptionstringDescription of services the vendor provides that involve PHI
get_policiesGet HIPAA policy documents generated for a practice. Optionally email them to a recipient. Requires active subscription or platform/MSP key. Cost: 25 credits.2 params
Get HIPAA policy documents generated for a practice. Optionally email them to a recipient. Requires active subscription or platform/MSP key. Cost: 25 credits.
Parameters* required
npistring10-digit NPI
notification_emailstringIf provided, emails all policies to this address as a formatted digest
generate_sraInitiate a HIPAA Security Risk Assessment. Returns the first batch of questions for the respondent to answer. Requires active subscription or platform/MSP key. Cost: 500 credits.5 params
Initiate a HIPAA Security Risk Assessment. Returns the first batch of questions for the respondent to answer. Requires active subscription or platform/MSP key. Cost: 500 credits.
Parameters* required
npistring10-digit NPI of the practice
practice_namestringPractice name (auto-looked up from scan data if omitted)
respondent_namestringFull name of the person completing the SRA
respondent_rolestringRole/title of the respondent (e.g. Practice Manager, HIPAA Officer)
respondent_emailstringEmail of the person completing the SRA
get_breachCheck if a practice has been involved in any known HIPAA breaches reported to HHS. Matches by practice name and state. Cost: 25 credits.1 params
Check if a practice has been involved in any known HIPAA breaches reported to HHS. Matches by practice name and state. Cost: 25 credits.
Parameters* required
npistring10-digit NPI
get_breach_scoreCalculate a breach exposure risk score for a practice based on breach history, breached credentials, and industry benchmarks. Cost: 25 credits.1 params
Calculate a breach exposure risk score for a practice based on breach history, breached credentials, and industry benchmarks. Cost: 25 credits.
Parameters* required
npistring10-digit NPI
trigger_internal_scanGenerate a deploy token for the internal network scanner agent. Returns an API key and installation instructions for deploying the agent inside a practice network. Cost: 25 credits.1 params
Generate a deploy token for the internal network scanner agent. Returns an API key and installation instructions for deploying the agent inside a practice network. Cost: 25 credits.
Parameters* required
npistring10-digit NPI
get_internal_scan_statusCheck the status of the internal network scan agent deployment and whether results have been received. Cost: 25 credits.1 params
Check the status of the internal network scan agent deployment and whether results have been received. Cost: 25 credits.
Parameters* required
npistring10-digit NPI
get_internal_findingsGet the latest internal network scan results including encryption status, MFA compliance, network segmentation, patch levels, and endpoint security. Cost: 25 credits.1 params
Get the latest internal network scan results including encryption status, MFA compliance, network segmentation, patch levels, and endpoint security. Cost: 25 credits.
Parameters* required
npistring10-digit NPI
lookup_practiceLook up a healthcare practice by NPI number. Always fetches from the NPPES registry and augments with HIPAA Agent scan data if available. Returns provider name, specialty, address, and compliance grade. Cost: 25 credits.1 params
Look up a healthcare practice by NPI number. Always fetches from the NPPES registry and augments with HIPAA Agent scan data if available. Returns provider name, specialty, address, and compliance grade. Cost: 25 credits.
Parameters* required
npistring10-digit NPI
get_outreach_statusGet the outreach and drip campaign status for a practice. Returns email send history, drip stage, and engagement data. Cost: 25 credits.1 params
Get the outreach and drip campaign status for a practice. Returns email send history, drip stage, and engagement data. Cost: 25 credits.
Parameters* required
npistring10-digit NPI
get_practice_summaryGet a comprehensive summary of a practice combining scan results, compliance score, findings count, breach history, and internal scan status. Cost: 25 credits.1 params
Get a comprehensive summary of a practice combining scan results, compliance score, findings count, breach history, and internal scan status. Cost: 25 credits.
Parameters* required
npistring10-digit NPI
get_training_statusGet staff training completion records for a practice. Returns staff members and their training course completions including scores and dates. Cost: 25 credits.1 params
Get staff training completion records for a practice. Returns staff members and their training course completions including scores and dates. Cost: 25 credits.
Parameters* required
npistring10-digit NPI
get_vendor_baa_listGet vendor Business Associate Agreement tracking records for a practice. Returns all vendor BAAs with status, dates, and contact info. Cost: 25 credits.1 params
Get vendor Business Associate Agreement tracking records for a practice. Returns all vendor BAAs with status, dates, and contact info. Cost: 25 credits.
Parameters* required
npistring10-digit NPI
log_incidentLog a HIPAA security or privacy incident for a practice. Creates an incident report with type, description, and severity. Returns the incident ID for tracking. Cost: 25 credits.4 params
Log a HIPAA security or privacy incident for a practice. Creates an incident report with type, description, and severity. Returns the incident ID for tracking. Cost: 25 credits.
Parameters* required
npistring10-digit NPI
severitystringSeverity level: low, medium, high, critical (default: medium)
descriptionstringDetailed description of the incident
incident_typestringType of incident: breach, unauthorized_access, device_loss, phishing, policy_violation, system_failure, other
get_incidentsGet incident history for a practice. Returns all logged security and privacy incidents with status, severity, and resolution dates. Cost: 25 credits.1 params
Get incident history for a practice. Returns all logged security and privacy incidents with status, severity, and resolution dates. Cost: 25 credits.
Parameters* required
npistring10-digit NPI
get_compliance_deltaGet compliance controls that changed status since a given date. Shows improved and regressed controls with before/after comparison. Cost: 25 credits.2 params
Get compliance controls that changed status since a given date. Shows improved and regressed controls with before/after comparison. Cost: 25 credits.
Parameters* required
npistring10-digit NPI
sincestringISO date to compare from (e.g. 2026-01-01)
check_vendorCheck vendor risk profile including breach history, BAA coverage, and security score. Input vendor_name or domain. Cost: 25 credits.2 params
Check vendor risk profile including breach history, BAA coverage, and security score. Input vendor_name or domain. Cost: 25 credits.
Parameters* required
domainstringVendor website domain
vendor_namestringVendor/business associate name
get_compliance_stateGet the HIPAA compliance readiness state for a practice. Tracks 13 requirements against the May 2026 deadline. Returns state (compliant/near_compliant/in_progress/early_stage/not_started), completed count, next action, and per-requirement status. Cost: 25 credits.1 params
Get the HIPAA compliance readiness state for a practice. Tracks 13 requirements against the May 2026 deadline. Returns state (compliant/near_compliant/in_progress/early_stage/not_started), completed count, next action, and per-requirement status. Cost: 25 credits.
Parameters* required
npistring10-digit NPI
subscribe_webhookRegister a webhook URL to receive HIPAA compliance event notifications. Events: breach_detected, score_dropped, baa_expiring, scan_completed, control_failed, sra_expired. Payloads signed with HMAC-SHA256. Cost: 25 credits.3 params
Register a webhook URL to receive HIPAA compliance event notifications. Events: breach_detected, score_dropped, baa_expiring, scan_completed, control_failed, sra_expired. Payloads signed with HMAC-SHA256. Cost: 25 credits.
Parameters* required
npistring10-digit NPI to monitor
urlstringHTTPS URL to receive webhook POST payloads
eventsarrayEvent types to subscribe to
list_webhooksList active webhook subscriptions for a practice. Cost: 25 credits.1 params
List active webhook subscriptions for a practice. Cost: 25 credits.
Parameters* required
npistring10-digit NPI
get_breach_probabilityCalculate breach probability for a practice. Model: HHS base rate by specialty, adjusted by security grade penalty, gap penalties (no MFA +8%, no encryption +12%, flat network +15%, no backups +10%), and prior breach history 3x multiplier. Cost: 25 credits.1 params
Calculate breach probability for a practice. Model: HHS base rate by specialty, adjusted by security grade penalty, gap penalties (no MFA +8%, no encryption +12%, flat network +15%, no backups +10%), and prior breach history 3x multiplier. Cost: 25 credits.
Parameters* required
npistring10-digit NPI
validate_workflowValidate whether a data workflow is HIPAA-compliant. Synchronous guardrail — returns allowed/denied with risk score, missing controls, and HIPAA citations. No prior scan required. Zero PHI. Cost: 25 credits.5 params
Validate whether a data workflow is HIPAA-compliant. Synchronous guardrail — returns allowed/denied with risk score, missing controls, and HIPAA citations. No prior scan required. Zero PHI. Cost: 25 credits.
Parameters* required
npistringOptional 10-digit NPI for practice context
data_typestringData classification: phi, de_identified, limited_data_set, non_phi
destinationstringTarget: cloud_us, cloud_intl, on_prem, vendor, email, fax, portal
workflow_typestringType: data_transfer, cloud_migration, vendor_share, backup, messaging
controls_appliedarrayControls already in place (e.g. encryption_in_transit, baa, mfa)
get_controlsGet HIPAA/NIST control-level assessment for a practice. Maps scan findings to 13 standardized controls with pass/fail/partial status, risk scores, and required actions. Cost: 25 credits.1 params
Get HIPAA/NIST control-level assessment for a practice. Maps scan findings to 13 standardized controls with pass/fail/partial status, risk scores, and required actions. Cost: 25 credits.
Parameters* required
npistring10-digit NPI
execute_agent_baaExecute a digital Business Associate Agreement between two healthcare practices. Verifies both parties have passing compliance grades (C or above), creates a signed BAA with SHA-256 digital signature, and logs to the audit trail. Cost: 25 credits.5 params
Execute a digital Business Associate Agreement between two healthcare practices. Verifies both parties have passing compliance grades (C or above), creates a signed BAA with SHA-256 digital signature, and logs to the audit trail. Cost: 25 credits.
Parameters* required
initiator_npistring10-digit NPI of the initiating party
effective_datestringBAA effective date (ISO 8601, default: today)
expiration_datestringBAA expiration date (ISO 8601, default: 1 year from today)
counterparty_npistring10-digit NPI of the counterparty
services_descriptionstringDescription of services involving PHI (default: Healthcare data processing services)
get_model_insightsGet HIPAA Agent data intelligence model stats — vulnerability patterns discovered, remediation effectiveness tracking, breach calibration coefficients, specialty benchmarks, and state coverage. Cost: 25 credits.
Get HIPAA Agent data intelligence model stats — vulnerability patterns discovered, remediation effectiveness tracking, breach calibration coefficients, specialty benchmarks, and state coverage. Cost: 25 credits.
No parameter schema in public metadata yet.
get_state_coverageGet scanning coverage by US state — total NPIs in registry, scanned count, average grade per state. Shows which states have been expanded and their scan progress. Cost: 25 credits.1 params
Get scanning coverage by US state — total NPIs in registry, scanned count, average grade per state. Shows which states have been expanded and their scan progress. Cost: 25 credits.
Parameters* required
statestringFilter to a specific 2-letter state code (e.g., CA, TX). Omit for all states.
get_threat_intelGet recent healthcare threat intelligence alerts from FBI Watchdog, HHS HC3, CISA KEV, and MS-ISAC. Returns alerts with severity, healthcare relevance scores, and source attribution. Cost: 25 credits.4 params
Get recent healthcare threat intelligence alerts from FBI Watchdog, HHS HC3, CISA KEV, and MS-ISAC. Returns alerts with severity, healthcare relevance scores, and source attribution. Cost: 25 credits.
Parameters* required
daysnumberLookback period in days (default 30, max 90)
limitnumberMax results (default 50, max 100)
sourcestringFilter by source: FBI_Watchdog, HHS_HC3, CISA_KEV, MS_ISAC
severitystringFilter by severity: critical, high, medium, low
get_reputationGet HIPAA Agent verified reputation stats — total scans, unique practices, documents generated, breaches tracked, uptime, and SHA-256 data integrity hash. Free, no authentication required.
Get HIPAA Agent verified reputation stats — total scans, unique practices, documents generated, breaches tracked, uptime, and SHA-256 data integrity hash. Free, no authentication required.
No parameter schema in public metadata yet.
get_blockchain_anchorGet the blockchain anchor proof for a specific date. Returns the SHA-256 root hash of all audit events from that date, the Base L2 transaction hash, and a Basescan verification link. Proves compliance records have not been tampered with. Free, no authentication required.1 params
Get the blockchain anchor proof for a specific date. Returns the SHA-256 root hash of all audit events from that date, the Base L2 transaction hash, and a Basescan verification link. Proves compliance records have not been tampered with. Free, no authentication required.
Parameters* required
datestringDate in YYYY-MM-DD format
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
