Chia Health MCP Server

MCP (Model Context Protocol) server for the Chia Health telehealth prescription platform. Enables AI assistants (ChatGPT, Claude, Gemini, OpenClaw, Copilot, and custom agents) to help patients browse medications, complete medical intake, sign consent documents, place orders, pay, and manage their treatment — all through natural conversation.

Available treatments include GLP-1 medications (semaglutide, tirzepatide including tablets), peptide therapies (sermorelin, NAD+, glutathione), and longevity programs. All prescriptions are evaluated by licensed US healthcare providers and delivered from FDA-regulated 503A compounding pharmacies across all 50 US states + DC.

Getting Started

doctormcp is a remote MCP server — connect over the network, no local installation required.

Server URL: https://mcp.chia.health/ Transport: Streamable HTTP Metadata: https://mcp.chia.health/server.json

{
  "mcpServers": {
    "chia-health": {
      "url": "https://mcp.chia.health/"
    }
  }
}

{
  "mcpServers": {
    "chia-health": {
      "url": "https://mcp.chia.health/"
    }
  }
}

{
  "mcpServers": {
    "chia-health": {
      "url": "https://mcp.chia.health/"
    }
  }
}

{
  "mcpServers": {
    "chia-health": {
      "serverUrl": "https://mcp.chia.health/"
    }
  }
}

Verify Connection

Once connected, your AI assistant can immediately call these public tools (no auth required):

medications.categories     → medication categories
medications.list           → all medications with pricing
medications.availability   → check if a medication ships to your state
eligibility.check          → pre-screen age, state, BMI

What Can Your AI Assistant Do?

* Auth tools use session_id (no token) except auth.check_payment which uses a bearer token.

Important: All prescriptions are evaluated and approved by licensed US healthcare providers. doctormcp facilitates the patient workflow — it does not make clinical decisions.

Authentication

Patients can browse freely without authentication — discovery, eligibility, and intake question preview are all public.

When the patient is ready to proceed with their medical intake, they verify their email:

1. auth.start(email, phone, name) → sends OTP to email, returns session_id
2. auth.verify_otp(session_id, code) → returns guest-scoped bearer token

The guest token enables intake, consent, ordering, and checkout. After payment, auth.check_payment upgrades the token to full scope for portal access (care plan, messaging, refills).

Tool Catalog

Auth

Discovery (public, no auth)

Qualification (public + guest)

Consent (guest token required)

Ordering (guest token required)

Checkout (guest token required)

Patient Portal (full token required — after payment)

Provider (guest token required)

Example Agent Flows

1. Browse Medications (no auth)

User: "What weight loss medications do you offer?"

Agent calls: medications.list
→ Returns categories with semaglutide, tirzepatide, etc.

Agent calls: medications.details(medication="semaglutide-injectable")
→ Returns plans (1-month $349, 4-month $299/mo, 6-month $249/mo)

Agent calls: medications.availability(medication="semaglutide-injectable", state="TX")
→ { "available": true }

Agent calls: eligibility.check(age=35, state="TX", bmi=31.2)
→ { "eligible": true, "available_medications": [...] }

2. Full Ordering Flow (auth → intake → consent → order → pay)

== VERIFY IDENTITY ==

1. auth.start(email="[email protected]", phone="5551234567", first_name="Jane")
   → { "session_id": "abc123...", "otp_sent": true }

2. auth.verify_otp(session_id="abc123...", code="847293")
   → { "guest_token": "mcp_...", "scope": "guest" }

== MEDICAL INTAKE ==

3. intake.questions(medication="semaglutide-injectable")
   → Structured questionnaire (demographics, vitals, medical history, etc.)
   → Agent asks patient each question conversationally

4. intake.submit(patient_email, patient_name, answers, bearer_token)
   → { "intake_id": "42", "next_step": "get_required_consents" }

5. consent.list(intake_id="42", bearer_token)
   → 5 consent documents (telehealth, treatment, pharmacy, HIPAA, AI disclosure)

6. For each consent:
   a. consent.text(consent_id, bearer_token)
      → Full text the agent MUST present verbatim
   b. Patient confirms: "I agree"
   c. consent.submit(intake_id, consent_id, "I agree", bearer_token)

== ORDER & PAY ==

7. order.create(intake_id, medication, form, plan_months, shipping_address, bearer_token)
   → { "order_id": "99", "total": "1079.39", "next_step": "create_checkout" }

8. checkout.create(order_id="99", bearer_token)
   → { "checkout_id": "7", "payment_url": "https://chia.health/checkout/aBc-_xyz" }
   → Agent shares link with patient; also sent via email+SMS

9a. (ACP path) checkout.complete(checkout_id="7", shared_payment_token="spt_...", bearer_token)
    → { "payment_status": "success", "confirmation_number": "CHIA-000099" }

9b. (Fallback) Patient opens payment_url in browser, pays on Chia checkout page

10. auth.check_payment(bearer_token)
    → { "paid": true, "scope": "full" }  // token upgraded, portal unlocked

3. Patient Portal (full token, after payment)

1. portal.log_weight(patient_id, weight_lbs=195.5, date="2026-06-15", bearer_token)
   → { "recorded": true }

2. portal.care_plan(patient_id, bearer_token)
   → Current medication, phase, dosing schedule, recent weights

3. portal.log_side_effects(patient_id, effects=["nausea"], severity="mild", bearer_token)
   → { "recorded": true, "flagged_for_review": false }

4. portal.message(patient_id, message="Nausea improving", bearer_token)
   → { "sent": true, "estimated_response_time": "24-48 hours" }

Stripe ACP Integration

doctormcp uses Stripe's Agentic Commerce Protocol (ACP) for payment processing:

1. Order Creation — order.create calculates the total and creates a pre-payment order record.
2. Checkout Initiation — checkout.create creates a Stripe PaymentIntent (for ACP) and generates an authenticated payment link. The link auto-authenticates patients in the browser and lands on the Chia Health checkout page. Also sent via email and SMS.
3. Payment Completion — Two paths:
   • ACP: checkout.complete accepts a Shared Payment Token (SPT) from the AI platform and confirms the PaymentIntent. Instant, in-conversation payment.
   • Fallback: The agent shares the payment_url (authenticated magic-link) with the patient. The patient opens it in their browser, auto-authenticates, and pays on the Chia Health checkout page. The agent polls auth.check_payment to detect completion.
4. Post-Payment — On success (either path), a Subscription and Enrollment are created automatically. auth.check_payment upgrades the agent's token to full scope for portal access.

HIPAA Compliance

• Audit Logging — Every access to protected health information (PHI) is logged with actor identity, action type, resource, IP address, and timestamp. Logs are retained for 10 years.
• Consent Records — All patient consent confirmations include verbatim confirmation text, method (AI agent conversational), platform, session ID, and IP address. Consent records are immutable.
• Input Sanitization — All inputs are validated and sanitized. Control characters are stripped, lengths enforced, and domain-specific formats (email, state, phone, ZIP) are validated.
• OTP-First Auth — Email ownership verified via 6-digit OTP before any patient data access. SHA-256 hashed tokens with scoped access (guest/full). No token issued without email verification.
• Rate Limiting — Redis-backed token-bucket rate limiting per user and endpoint category (public: 100/min, auth: 5/min, authenticated: 30/min, consent: 10/min, checkout: 5/min).
• Minimal Data Exposure — Tools return only the data needed for the current step. Sensitive fields (payment details, full SSN) are never returned.

Support

• Issues: github.com/chia-health/chia-mcp/issues
• Website: chia.health
• Email: [email protected]

License

Apache License 2.0 — see LICENSE for details.

Copyright 2026 Chia Health, Inc.