HIPAA AgentHIPAA Agent
Deploy Your Agent
Developers & Enterprise

Integrate HIPAA Compliance
Into Your Workflow via API

Pull the HIPAA Agent Compliance Score for any US healthcare provider by NPI. Grade lookups, compliance scans, AI reports, policy generation, training programs, and more.

REST API, MCP Server, A2A Protocol. NPI is the universal key. Metered pricing.

Request API AccessView Pricing ↓

API & Enterprise Pricing

Three tracks. NPI is the universal key.

TRACK 1

Per-Check API

On-demand compliance data for insurance, legal, and agent integrations.

Grade Lookup$25/check
Breach Check$25/check
Findings Retrieval$25/check
Full Compliance Scan + Report$150/check
Security Risk Assessment$500/check

$5,000 annual minimum (credited against usage)

Request API Access
TRACK 2

MSP / Reseller

Manage HIPAA compliance for your client portfolio.

Standard1–24 practices
$179/practice/mo
Professional25–99 practices
$129/practice/mo
includes white-label
Enterprise100+ practices
$99/practice/mo
includes white-label + portfolio reports
SRA Batch Onboarding
1–24 practices$350/each
25–99 practices$250/each
100+ practices$150/each
Contact Sales
TRACK 3

Consumer Plans

Direct plans for individual healthcare practices.

HIPAA Monitor$99/mo

Monthly external scan, HIPAA Agent Compliance Score, PDF report, breach alerts.

Security Risk Assessment$499 one-time

comprehensive multi-tool external + 12-phase internal scan, 27 questions, AI-generated SRA report, 30-day email sequence.

HIPAA Compliance Platform$299/mo

Everything — monthly scanning, 24 policies, staff training, BAA management, evidence packages, weekly intelligence, annual SRA refresh, GPT access.

View Plans

Authentication

Request an API key at compliance@hipaaagent.ai. Include your key in every request via the X-API-Key header. Keys are tied to your billing account.

Rate Limits

Standard: 60 requests/minute. Bulk tier: 600 requests/minute. Rate limit headers (X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset) included in every response.

Code Examples

cURLGrade lookup
curl -X GET "https://hipaaagent.ai/v1/a2a/grade/1234567890" \
  -H "X-API-Key: your_api_key" \
  -H "Content-Type: application/json"

# Response
# "compliance_score" = HIPAA Agent Compliance Score™ (0-100)
# "grade" = HIPAA Agent Compliance Score™ letter grade (A-F)
{
  "npi": "1234567890",
  "practice_name": "Sacramento Family Dental",
  "compliance_score": 72,
  "grade": "C",
  "categories": {
    "email_security": { "score": 45, "weight": 35 },
    "application_security": { "score": 82, "weight": 13 },
    "privacy_compliance": { "score": 90, "weight": 10 }
  },
  "scan_date": "2026-02-28T09:14:34Z"
}
PythonScan dispatch + async polling
import requests

API_KEY = "your_api_key"
BASE = "https://hipaaagent.ai/v1/a2a"

# Dispatch a full compliance scan
resp = requests.post(
    f"{BASE}/scans/dispatch",
    headers={"X-API-Key": API_KEY},
    json={
        "npi": "1234567890",
        "scan_type": "full",
        "callback_url": "https://your-app.com/webhook"
    }
)

# 202 Accepted — async scan dispatched
data = resp.json()
# {
#   "status": "accepted",
#   "job_id": "job_7f3a9bc1d92e",
#   "poll_url": "/v1/a2a/jobs/job_7f3a9bc1d92e",
#   "estimated_duration_ms": 45000
# }

# Poll for completion
import time
while True:
    job = requests.get(
        f"{BASE}/../v1/a2a/jobs/{data['job_id']}",
        headers={"X-API-Key": API_KEY}
    ).json()
    if job["status"] == "completed":
        # grade = HIPAA Agent Compliance Score™ letter grade (A-F)
        print(f"Grade: {job['result']['grade']}")
        break
    time.sleep(5)

Webhooks: All async endpoints accept an optional callback_url. When the job completes, we POST the full result to your webhook endpoint.

Node.jsGrade lookup
const response = await fetch('https://hipaaagent.ai/v1/a2a/grade/1234567890', {
  headers: { 'X-API-Key': process.env.HIPAA_AGENT_API_KEY }
});
// compliance_score = HIPAA Agent Compliance Score™ (0-100)
// grade = HIPAA Agent Compliance Score™ letter grade (A-F)
const { grade, compliance_score, categories } = await response.json();
console.log(`Grade: ${grade} (${compliance_score}/100)`);

Internal Network Scanner

Deploy a local agent inside your network. 12-phase scan covers encryption, MFA, segmentation, asset inventory, and more. Results merge with your external scan for a unified compliance grade.

1
Deploy
Install the scanner on any machine inside the network.
2
Scan
12-phase internal scan: ports, encryption, MFA, segmentation, patches, backups, ePHI flow.
3
Results
Automatic upload to HIPAA Agent. Combined with external scan for unified compliance grade.
# Request a deploy token via API
curl -X POST "https://hipaaagent.ai/v1/a2a/network/deploy/YOUR_NPI" \
  -H "X-API-Key: your_api_key"

# Install and run the scanner
npx @hipaaagent/network-scanner --key DEPLOY_TOKEN

# Or install globally
npm install -g @hipaaagent/network-scanner
hipaa-scan register --api-key DEPLOY_TOKEN
hipaa-scan scan

May 2026 HIPAA Security Rule Coverage

Combined external + internal scanning verifies all 13 requirements.

Encryption at rest verification
§164.312(a)(2)(iv)
Multi-factor authentication
§164.312(d)
Network segmentation analysis
§164.312(a)(1)
Asset inventory & classification
§164.310(d)(1)
Patch management & EOL detection
§164.308(a)(5)(ii)(B)
Backup & 72-hour restore readiness
§164.308(a)(7)(ii)(A)
ePHI data flow mapping
§164.312(e)(1)
Vulnerability scanning (external)
§164.308(a)(8)
Security risk assessment
§164.308(a)(1)(ii)(A)
Policy documentation (24 policies)
§164.316(b)(1)
Staff training verification
§164.308(a)(5)(i)
BAA management & tracking
§164.308(b)(1)
Audit trail with SHA-256 hashing
§164.312(b)

Integration Protocols

REST API

Primary

Primary integration method. JSON request/response, API key authentication, metered billing. Full spec at /openapi-a2a.yaml. View →

MCP Server

AI Native

Model Context Protocol for Claude, ChatGPT, and custom AI assistants. Expose compliance tools natively.

A2A Protocol

Agent Economy

Google Agent-to-Agent protocol for direct machine-to-machine compliance task delegation.

Agent Card

Discovery

Discoverable at /.well-known/agent-card.json. Describes capabilities, pricing, and rate limits for agent discovery. See our agent card for machine-readable capability discovery. View →

Engineering BlogMarch 9, 2026

HIPAA Agent is Now Agent-Ready: How AI Agents Can Automate Healthcare Compliance

HIPAA compliance fails because it demands sustained human attention across dozens of tasks. AI agents don't forget, don't miss deadlines, and don't get distracted. REST API, MCP Server, A2A Protocol — three integration paths for the agent economy.

Read the full post →

Built For

MSPs

Monitor 100+ clinics from one API. Trigger scans, pull grades, generate reports for your entire client base programmatically.

Insurance

Automate underwriting compliance checks. Pull compliance grades and breach history for any practice by NPI before binding a policy.

DSOs

Standardize compliance across locations. Run scans across every practice in your organization and track remediation centrally.

EHR Vendors

Embed compliance into onboarding. When a new practice joins your EHR, trigger a compliance scan and surface their grade inside your product.

Compliance Consultants

White-label compliance infrastructure. Run scans, generate policies, and deliver evidence packages under your brand for your entire client portfolio.

JSON-RPC 2.0 Adapter

The A2A endpoint at POST /api/a2a accepts both REST and spec-compliant JSON-RPC 2.0 requests. Batch requests supported.

JSON-RPC 2.0Single request
curl -X POST "https://hipaaagent.ai/api/a2a" \
  -H "X-API-Key: your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "method": "hipaa.grade",
    "params": { "npi": "1234567890" },
    "id": 1
  }'

# Response
{
  "jsonrpc": "2.0",
  "result": {
    "npi": "1234567890",
    "grade": "C",
    "compliance_score": 72,
    "categories": { ... }
  },
  "id": 1
}

16 Named Methods

hipaa.scanhipaa.gradehipaa.findingshipaa.breachhipaa.srahipaa.policieshipaa.baahipaa.evidencehipaa.batchhipaa.reputationhipaa.validate_workflowhipaa.breach_probabilityhipaa.vendor_riskhipaa.get_controlshipaa.compliance_statehipaa.compliance_delta

Trust & Transparency

Publicly verifiable reputation stats backed by SHA-256 data integrity hashes. Every number comes from live database queries.

MACHINE-READABLE

Agent Reputation Dashboard

Total scans, practices served, findings detected, breaches tracked, documents generated, average response time, and uptime. Queryable via REST, MCP, or agent card. SHA-256 integrity hash for every data snapshot.

View Reputation →GET /api/reputation

Request API Access

Contact us for API keys, enterprise pricing, or partnership inquiries. NPI-based metered billing — no per-practice licensing.

compliance@hipaaagent.ai