Full review
OpenKP CAIHL draft report
Evidence-linked HugoScore draft report for a health AI tool that affects patients.
HugoScore CAIHL Draft Report: OpenKP
Status: Draft for human review Generated: 2026-06-08 Last reviewed: 2026-06-08 Review method: Deep public-source review of openkp.org, the public GitHub repository, README/design documentation, MCP server source, license metadata, Kaiser terms context, MCP documentation, and HIPAA right-of-access context; no hands-on install, security audit, or live Kaiser account testing. Service: OpenKP Vendor: OpenKP / Hugo Campos Category: Patient-controlled health records AI
Executive Summary
OpenKP is a local-first MCP server that lets an MCP-capable AI assistant read and carefully act on a Kaiser Permanente Northern California member's patient-portal record using the member's own credentials, on their own machine.
From a CAIHL perspective, OpenKP is strongly patient-directed: the patient owns the credentials, chooses the assistant, runs the bridge locally, and uses AI to interrogate their own record rather than serving institutional documentation, billing, or routing workflows.
Agency posture: Strongly agency-expanding Confidence: Medium-high draft, source-available
Conflict Of Interest Disclosure
OpenKP and HugoScore share the same maintainer. Hugo Campos built OpenKP and also runs this directory, so this profile is a self-evaluation, not an independent review. It is published with that label so readers can weigh it accordingly. Independent third-party review of OpenKP is invited and outstanding, and corrections or challenges to this profile are welcome through the site's submission form.
Evidence
- OpenKP website: https://openkp.org/
- GitHub repository: https://github.com/hugooc/OpenKP
- OpenKP package README: https://raw.githubusercontent.com/hugooc/OpenKP/main/openkp/README.md
- OpenKP design document: https://raw.githubusercontent.com/hugooc/OpenKP/main/DESIGN.md
- MCP server source: https://raw.githubusercontent.com/hugooc/OpenKP/main/openkp/src/openkp/mcp_server.py
- Kaiser Permanente terms context: https://healthy.kaiserpermanente.org/consumer-termsconditions
- MCP documentation: https://modelcontextprotocol.io/docs/getting-started/intro
- HHS HIPAA right-of-access FAQ: https://www.hhs.gov/hipaa/for-professionals/faq/2042/what-personal-health-information-do-individuals/index.html
Mixed HugoScore Profile
- Who does this AI serve? Patient-directed. OpenKP is built for KP members to direct AI over their own patient-portal record.
- Can patients tell AI is involved? Yes. The tool is explicitly an MCP bridge between an AI assistant and the patient's portal session.
- Can patients meaningfully choose? Yes, for technically capable users. It is local and voluntary, but setup requires comfort with Git, Python, MCP configuration, and KP NorCal credentials.
- Can patients correct or challenge what the AI produces? Partial. Patients can inspect, rerun, and audit local actions, but LLM interpretations and portal-source errors still require patient verification and ordinary Kaiser correction pathways.
- Does it help patients understand or act? Yes. It supports longitudinal note review, access-log inspection, lab trend questions, provider comparison, refill preview/commit, and care-team messaging.
Patient Agency Interpretation
OpenKP is one of the clearest examples in the current HugoScore set of AI infrastructure directed by the patient rather than deployed on the patient. It makes institutional record surfaces more legible and actionable to the person whose care they describe.
The main cautions are serious: OpenKP is not a clinical product, not a packaged consumer app, not independently audited, and not tested beyond Kaiser Northern California. It may also conflict with Kaiser portal terms. Local-first design reduces surveillance and credential-centralization risk, but the user's chosen AI assistant still receives parsed record content.
Publication Recommendation
Ready for human review as a draft profile. Do not publish as final until Kaiser terms risk, MCP client data handling, write-tool safety, accessibility, regional limitations, and independent security/usability review gaps are addressed.