hipaa-compliance-mcp
v0.1.0
Published
MCP server for HIPAA compliance — browse safeguard requirements, assess compliance readiness, generate policy templates, evidence checklists, and gap analysis for healthcare organizations
Maintainers
crawdeReadme
hipaa-compliance-mcp
MCP server for HIPAA compliance — browse safeguard requirements, assess compliance readiness, generate policy templates, evidence checklists, and gap analysis for covered entities and business associates.
Tools
| Tool | Description |
|------|-------------|
| browse_safeguards | Browse HIPAA safeguard requirements by rule, category, or priority |
| assess_readiness | Score HIPAA compliance readiness based on implemented safeguards |
| generate_policy | Generate HIPAA-compliant policy templates with organization details |
| gap_analysis | Identify compliance gaps with prioritized remediation roadmap |
| evidence_template | Generate evidence collection templates for audits and OCR investigations |
| risk_assessment | Generate a structured HIPAA Security Rule risk assessment (NIST SP 800-30) |
Coverage
- Administrative Safeguards (164.308): Security management, risk analysis, workforce security, training, incident response, contingency planning, business associates
- Physical Safeguards (164.310): Facility access, workstation use/security, device and media controls
- Technical Safeguards (164.312): Access control, audit controls, integrity, authentication, transmission security
- Privacy Rule (164.530): Privacy policies, officer designation, patient right of access, accounting of disclosures
- Breach Notification (164.400-414): Risk assessment, individual notification, HHS notification
Installation
npx hipaa-compliance-mcpUsage with Claude Desktop
Add to your claude_desktop_config.json:
{
"mcpServers": {
"hipaa-compliance": {
"command": "npx",
"args": ["-y", "hipaa-compliance-mcp"]
}
}
}Usage with VS Code
Add to your .vscode/mcp.json:
{
"servers": {
"hipaa-compliance": {
"command": "npx",
"args": ["-y", "hipaa-compliance-mcp"]
}
}
}Example Usage
Browse all administrative safeguards:
Use the browse_safeguards tool with category "administrative"
Assess your compliance readiness:
Use assess_readiness with your implemented safeguard IDs: ["AS-1", "AS-2", "AS-4", "TS-1", "TS-5"]
Generate a risk analysis policy:
Use generate_policy with safeguardId "AS-2" and your organization name
Run a gap analysis:
Use gap_analysis with your implemented safeguards to get a prioritized remediation plan
Prepare for an OCR investigation:
Use evidence_template with format "ocr_investigation" for any safeguard
License
MIT