mcp-tool/quality-assurance-report.json

{
  "timestamp": "2025-07-08T21:51:41.326Z",
  "summary": {
    "hipaaCompliance": {
      "status": "NEEDS_ATTENTION",
      "violations": 10
    },
    "authentication": {
      "status": "NEEDS_ATTENTION",
      "issues": 8
    },
    "parameterAccuracy": {
      "status": "PASS",
      "accuracy": "90.0%",
      "checkedEndpoints": 10,
      "accurateEndpoints": 9
    }
  },
  "issues": {
    "hipaaViolations": [
      {
        "type": "HIPAA_VIOLATION",
        "path": "/api/emr/provider-register",
        "issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
        "recommendation": "Move to PROVIDER or PATIENT category"
      },
      {
        "type": "HIPAA_VIOLATION",
        "path": "/api/emr/set-password",
        "issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
        "recommendation": "Move to PROVIDER or PATIENT category"
      },
      {
        "type": "HIPAA_VIOLATION",
        "path": "/api/emr/provider/reset-password",
        "issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
        "recommendation": "Move to PROVIDER or PATIENT category"
      },
      {
        "type": "HIPAA_VIOLATION",
        "path": "/api/patient/refresh-token",
        "issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
        "recommendation": "Move to PROVIDER or PATIENT category"
      },
      {
        "type": "HIPAA_VIOLATION",
        "path": "/api/patient/available-slots/{date}",
        "issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
        "recommendation": "Move to PROVIDER or PATIENT category"
      },
      {
        "type": "HIPAA_VIOLATION",
        "path": "/api/patient/available-slots/{date}",
        "issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
        "recommendation": "Move to PROVIDER or PATIENT category"
      },
      {
        "type": "HIPAA_VIOLATION",
        "path": "/api/appointment/verify/{appointmentId}",
        "issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
        "recommendation": "Move to PROVIDER or PATIENT category"
      },
      {
        "type": "HIPAA_VIOLATION",
        "path": "/api/appointment-participants/{appointmentId}",
        "issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
        "recommendation": "Move to PROVIDER or PATIENT category"
      },
      {
        "type": "HIPAA_VIOLATION",
        "path": "/api/get/document/{userId}/{rowId}/{key}",
        "issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
        "recommendation": "Move to PROVIDER or PATIENT category"
      },
      {
        "type": "HIPAA_VIOLATION",
        "path": "/api/get/document/{userId}/{rowId}/{key}",
        "issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
        "recommendation": "Move to PROVIDER or PATIENT category"
      }
    ],
    "authIssues": [
      {
        "type": "AUTH_MISMATCH",
        "path": "/api/emr/provider-register",
        "currentAuth": "PUBLIC",
        "expectedAuth": "PROVIDER",
        "issue": "Sensitive endpoint should require PROVIDER authentication"
      },
      {
        "type": "AUTH_MISMATCH",
        "path": "/api/emr/set-password",
        "currentAuth": "PUBLIC",
        "expectedAuth": "PROVIDER",
        "issue": "Sensitive endpoint should require PROVIDER authentication"
      },
      {
        "type": "AUTH_MISMATCH",
        "path": "/api/emr/provider/forgot-password",
        "currentAuth": "PUBLIC",
        "expectedAuth": "PROVIDER",
        "issue": "Sensitive endpoint should require PROVIDER authentication"
      },
      {
        "type": "AUTH_MISMATCH",
        "path": "/api/emr/provider/reset-password",
        "currentAuth": "PUBLIC",
        "expectedAuth": "PROVIDER",
        "issue": "Sensitive endpoint should require PROVIDER authentication"
      },
      {
        "type": "AUTH_MISMATCH",
        "path": "/api/patient/refresh-token",
        "currentAuth": "PUBLIC",
        "expectedAuth": "PATIENT",
        "issue": "Sensitive endpoint should require PATIENT authentication"
      },
      {
        "type": "AUTH_MISMATCH",
        "path": "/api/patient/available-slots/{date}",
        "currentAuth": "PUBLIC",
        "expectedAuth": "PATIENT",
        "issue": "Sensitive endpoint should require PATIENT authentication"
      },
      {
        "type": "AUTH_MISMATCH",
        "path": "/api/patient/available-slots/{date}",
        "currentAuth": "PUBLIC",
        "expectedAuth": "PATIENT",
        "issue": "Sensitive endpoint should require PATIENT authentication"
      },
      {
        "type": "AUTH_MISMATCH",
        "path": "/api/affiliate/set-password",
        "currentAuth": "PUBLIC",
        "expectedAuth": "AFFILIATE",
        "issue": "Sensitive endpoint should require AFFILIATE authentication"
      }
    ],
    "parameterIssues": []
  },
  "recommendations": [
    {
      "priority": "HIGH",
      "category": "HIPAA Compliance",
      "action": "Review and recategorize 10 endpoints that may violate HIPAA requirements"
    },
    {
      "priority": "HIGH",
      "category": "Authentication",
      "action": "Fix authentication requirements for 8 sensitive endpoints"
    }
  ]
}