Kipu MCP Server

A Model Context Protocol (MCP) server that provides seamless integration with the Kipu API. This server enables AI assistants and applications to access comprehensive healthcare data including patient records, vital signs, medications, appointments, and more through a secure, standardized interface.

🏥 About Wrkdn

This MCP server is brought to you by Wrkdn - the leading platform for AI-powered healthcare compliance and revenue optimization.

Why Healthcare Providers Choose Wrkdn:

📈 Increase Revenue: Find missed billing opportunities and boost insurance reimbursements
🛡️ Ensure Compliance: Automated protocol tracking reduces regulatory risk by up to 40%
⚡ Real-time Monitoring: AI-powered oversight of clinical protocols and documentation
🎯 Prevent Errors: Proactive alerts help staff maintain compliance before issues escalate

"Ensuring clinical compliance isn't just about avoiding penalties — it's about protecting patients and supporting frontline staff. Wrkdn's proactive approach is a game-changer."
- Joel N.H. Stern, PhD, Professor of Neurology, Zucker School of Medicine

Request a Demo | Learn More

🚀 Quick Start

Run the MCP server:

npx kipu-mcp

Or programmatically:

const { spawn } = require('child_process');

const mcpServer = spawn('npx', ['kipu-mcp'], {
  env: {
    ...process.env,
    KIPU_ACCESS_ID: 'your_access_id',
    KIPU_SECRET_KEY: 'your_secret_key',
    KIPU_APP_ID: 'your_app_id'
  }
});

🔧 Configuration

Required Environment Variables

Variable	Description	Required
`KIPU_ACCESS_ID`	Your Kipu API access identifier	✅
`KIPU_SECRET_KEY`	Secret key for HMAC signature generation	✅
`KIPU_APP_ID`	Application ID for your Kipu integration	✅

Optional Environment Variables (Data Anonymization)

Variable	Description	Default
`ANONYMIZE_PHI`	Enable PHI/PII anonymization for HIPAA compliance (`true`/`false`)	`false`
`ANONYMIZE_SCAN_CONTENT`	Enable content scanning to detect and redact PII patterns within string values (`true`/`false`)	`false`
`ANONYMIZE_CUSTOM_FIELDS`	Comma-separated list of additional fields to anonymize (supports wildcards with `*`)	(empty)

Data Anonymization for HIPAA Compliance

The server includes an optional data anonymization feature that redacts personally identifiable information (PII) and protected health information (PHI) before data is sent to LLMs. This enables HIPAA-compliant data analysis with third-party AI services.

Two Levels of Anonymization:

Field-Based Anonymization (default when ANONYMIZE_PHI=true):
- Anonymizes entire field values based on field names
- Fast and efficient for structured data
Content Scanning (when ANONYMIZE_SCAN_CONTENT=true):
- Scans string content for PII patterns (SSNs, emails, phone numbers, etc.)
- Redacts patterns found within text, comments, notes fields
- More thorough but may impact performance on large datasets

Field types automatically anonymized:

Names: first_name, last_name, full_name, nickname, maiden_name, etc.
Dates of Birth: dob, date_of_birth, birthdate
Addresses: street, city, zip_code, postal_code
Contact Info: phone, email, fax, mobile
ID Numbers: SSN, driver's license, passport, medical_record_number, member_id
Geographic Data: latitude, longitude, coordinates
Other PII: IP addresses, biometric identifiers, device identifiers

Content patterns detected and redacted (when content scanning is enabled):

Social Security Numbers (123-45-6789)
Phone numbers (555-123-4567)
Email addresses (user@example.com)
URLs (https://example.com)
IP addresses (192.168.1.1)
ZIP codes (62701)
Medical record numbers (MRN-123456)
Account/Member IDs (ACC-123456, MEM-789012)

To enable anonymization:

# In your .env file

# Basic field-based anonymization
ANONYMIZE_PHI=true

# Enable content scanning for maximum protection
ANONYMIZE_SCAN_CONTENT=true

# Optional: Add custom fields to anonymize
ANONYMIZE_CUSTOM_FIELDS=internal_id,custom_identifier,private_*

Example of anonymized output:

{
  "first_name": "[REDACTED-NAME]",
  "last_name": "[REDACTED-NAME]",
  "dob": "[REDACTED-DATE]",
  "email": "[REDACTED-EMAIL]",
  "phone": "[REDACTED-PHONE]",
  "notes": "Patient SSN: [SSN-REDACTED], contact: [EMAIL-REDACTED]",
  "diagnosis": "Type 2 Diabetes",  // Medical data preserved
  "visit_count": 5                  // Statistics preserved
}

This feature maintains data structure and preserves non-identifying clinical information, enabling meaningful analysis while protecting patient privacy.

Getting API Credentials

To obtain your Kipu API credentials:

Contact Kipu Systems to set up your healthcare integration
Request API access for your healthcare facility
Receive your ACCESS_ID, SECRET_KEY, and APP_ID

📚 Available Tools

The Kipu MCP server provides access to a comprehensive set of healthcare data endpoints:

👥 Patient Management

GetPatientsCensus - List all patients from a census of the database
GetPatientsLatest - List patients with updated_at within a date range
GetPatientsOccupancy - Occupancy
GetPatientsByPatientId - Fetch a Patient Record
GetVaultsPatients - Lists all soft-deleted patients
GetPatientsCareTeam - List a patient's care team
GetPatientsCareTeams - List all patients' care teams

💊 Clinical Data & Medications

GetPatientsMedications - List medications for a specific patient
GetMedications - List all medications
GetPatientsAllergies - List allergies scoped to a patient
GetAllergens - List all allergens
GetAllergies - List all allergies
GetPatientsDiagnoses - List diagnoses for a specific patient
GetDiagnoses - List all diagnoses
GetPatientsDiagnosisHistory - List a patient's diagnosis history

🩺 Vital Signs & Clinical Assessments

GetPatientsVitalSigns - List all vital signs scoped to a given patient
GetVitalSigns - List all vital signs
GetPatientsOrthostaticVitalSigns - List all Orthostatic vital signs scoped to a given patient
GetOrthostaticVitalSigns - List all orthostatic vital signs
GetPatientsCiwaArs - List all CiwaArs scoped to a given patient
GetCiwaArs - List all CiwaArs
GetPatientsCiwaBs - List all CiwaBs scoped to a given patient
GetCiwaBs - List all CiwaBs
GetPatientsCows - List all Cows scoped to a given patient
GetCows - List all Cows
GetPatientsGlucoseLogs - List all Glucose Logs scoped to a given patient
GetGlucoseLogs - List all GlucoseLogs

📅 Appointments & Scheduling

GetAppointments - List and search appointments
GetAppointmentsByAppointmentId - Fetch an Appointment Record
GetPatientsAppointments - List all appointments scoped to a given patient
GetProvidersAppointments - List all appointments scoped to a given provider
GetUsersAppointments - List all appointments scoped to a given user
GetSchedulerAppointments - List all appointments
GetSchedulerAppointmentByAppointmentId - Fetch an appointment
GetSchedulerAppointmentTypes - List all appointment types
GetSchedulerAppointmentStatuses - List all appointment statuses
GetSchedulerResources - List all resources

🏥 Orders & Admissions

GetPatientsOrders - List patient orders
GetPatientOrders - List all patient orders
GetPatientOrderByPatientOrderId - Fetch Details of a Patient Order
GetPatientsPatientOrders - List all patient orders scoped to a patient
GetPatientsAdmissions - List patient admissions history
GetPatientsProgramHistory - List a patient's program history

📋 Evaluations & Processes

GetPatientsEvaluations - List all patient evaluations
GetPatientsProcesses - List all patient processes
GetEvaluations - List all Evaluations
GetEvaluationByEvaluationId - Fetch Details for a Evaluation
GetPatientEvaluations - List all Patient Evaluations
GetPatientEvaluationByPatientEvaluationId - Fetch Details for a Patient Evaluation
GetPatientsPatientEvaluations - List all Patient Evaluations scoped to a patient

👥 Group Sessions & Therapy

GetGroupSessions - List all group sessions
GetGroupSessionsById - Fetches a group session
GetPatientsGroupSessions - List all group sessions scoped to a given patient
GetPatientsGroupSessionsById - Fetches group session of the given patient

💰 Insurance & Billing

GetPatientsInsurance - List insurance information for a specific patient
GetInsurances - List insurances with updated_at within a date range
GetPatientsUtilizationReviews - List patient utilization reviews
GetUtilizationReviewsLatest - List utilization reviews with updated_at within a date range
GetSettingsPayors - List all payors

📄 Consent & Documentation

GetConsentForms - List all Consent Forms
GetConsentFormRecords - List all Consent Form Records
GetConsentFormRecordsByRecordId - Fetch Details for a Consent Form Record
GetPatientsConsentFormRecords - List all Consent Form Records for a patient

👤 Users & Providers

GetUsers - List all Users
GetUsersById - Fetch a User Record
GetUsersRoles - List all roles scoped to a given user
GetProviders - List all Providers
GetProvidersById - Fetch a Provider Record
GetProvidersRoles - List all roles scoped to a given provider
GetRoles - List all Roles
GetRolesUsers - List all users scoped to a given role
GetUserTitles - List user titles

🏢 Administrative & Settings

GetLocations - List all locations
GetCareLevels - List all Levels of Care
GetContacts - List all contacts
GetContactsById - Fetches a contact
GetContactsReferrers - List all referrers
GetContactTypes - List all contact types
GetPatientSettings - List all patient settings
GetPatientColors - List all patient colors
GetPatientTags - List all patient tags
GetPatientDiets - List all patient diets
GetPatientsPatientDiets - List patient diets scoped to a patient
GetFlags - List all flags
GetFlagCategories - List all flag categories

🛡️ Security & Authentication

The server implements multiple layers of security:

Kipu API Authentication (Required)

The Kipu API uses HMAC-SHA1 signature-based authentication via the APIAuth security scheme. You must configure these environment variables:

KIPU_ACCESS_ID - Your Kipu API access identifier
KIPU_SECRET_KEY - Secret key for HMAC signature generation
KIPU_APP_ID - Application ID for your Kipu integration

Security Features

✅ Request timeout protection (30 seconds)
✅ Response size limits (10MB)
✅ SSL/TLS certificate validation
✅ Input validation and sanitization
✅ Header injection prevention
✅ Path traversal protection
✅ No credential logging
✅ PHI (Protected Health Information) access levels
✅ HIPAA compliance considerations

Security Best Practices

Never commit credentials to version control
Use environment variables or secret management systems
Rotate credentials regularly
Monitor access logs
Keep dependencies updated: Run npm audit regularly
Deploy behind HTTPS in production
Implement rate limiting at infrastructure level

For detailed security information, see SECURITY.md

Reporting Security Vulnerabilities

Please report security issues privately to the repository owner. Do not open public issues for security vulnerabilities.

🏗️ Development

Prerequisites

Node.js 20.0.0 or higher
TypeScript 5.8+
Valid Kipu API credentials

Local Development

Clone the repository:

git clone https://github.com/Wrkdn/kipu-mcp.git
cd kipu-mcp

Install dependencies:
```
npm install
```

Set up environment variables:

cp .env.example .env
# Edit .env with your credentials

Run local dev:
```
npm run dev
```

Development Scripts

npm run dev - Run with hot reload using tsx
npm run build - Compile TypeScript to JavaScript

🤝 Contributing

Fork the repository
Create your feature branch (git checkout -b feature/amazing-feature)
Commit your changes (git commit -m 'Add some amazing feature')
Push to the branch (git push origin feature/amazing-feature)
Open a Pull Request

📖 API Documentation

For detailed API documentation, visit the Kipu API Documentation.

🔗 Links

GitHub Repository: https://github.com/Wrkdn/kipu-mcp
NPM Package: https://www.npmjs.com/package/kipu-mcp
Wrkdn Platform: https://wrkdn.com

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

🆘 Support

Technical Issues: Create an issue
API Questions: Contact Kipu Systems

Built with ❤️ by the Wrkdn team for the healthcare community.

thedotmack/kipu-mcp

README