# TLS · Healthcare Practice Finder (`agent-shield/healthcare-practice-finder`) Actor Find dental, medical, therapy, chiro, derm practices in any US metro via OpenStreetMap. Passive HIPAA web recon (HTTPS, headers, tracking pixels) → graded leads with outreach hooks. For MSPs, vCISOs, HIPAA consultants. By TOUGH LOVE SECURITY. - **URL**: https://apify.com/agent-shield/healthcare-practice-finder.md - **Developed by:** [ATM Pushout](https://apify.com/agent-shield) (community) - **Categories:** Lead generation, Business - **Stats:** 1 total users, 0 monthly users, 0.0% runs succeeded, NaN bookmarks - **User rating**: No ratings yet ## Pricing Pay per event This Actor is paid per event. You are not charged for the Apify platform usage, but only a fixed price for specific events. Learn more: https://docs.apify.com/platform/actors/running/actors-in-store#pay-per-event ## What's an Apify Actor? Actors are a software tools running on the Apify platform, for all kinds of web data extraction and automation use cases. In Batch mode, an Actor accepts a well-defined JSON input, performs an action which can take anything from a few seconds to a few hours, and optionally produces a well-defined JSON output, datasets with results, or files in key-value store. In Standby mode, an Actor provides a web server which can be used as a website, API, or an MCP server. Actors are written with capital "A". ## How to integrate an Actor? If asked about integration, you help developers integrate Actors into their projects. You adapt to their stack and deliver integrations that are safe, well-documented, and production-ready. The best way to integrate Actors is as follows. In JavaScript/TypeScript projects, use official [JavaScript/TypeScript client](https://docs.apify.com/api/client/js.md): ```bash npm install apify-client ``` In Python projects, use official [Python client library](https://docs.apify.com/api/client/python.md): ```bash pip install apify-client ``` In shell scripts, use [Apify CLI](https://docs.apify.com/cli/docs.md): ````bash # MacOS / Linux curl -fsSL https://apify.com/install-cli.sh | bash # Windows irm https://apify.com/install-cli.ps1 | iex ```bash In AI frameworks, you might use the [Apify MCP server](https://docs.apify.com/platform/integrations/mcp.md). If your project is in a different language, use the [REST API](https://docs.apify.com/api/v2.md). For usage examples, see the [API](#api) section below. For more details, see Apify documentation as [Markdown index](https://docs.apify.com/llms.txt) and [Markdown full-text](https://docs.apify.com/llms-full.txt). # README ## Healthcare Practice Finder — HIPAA Risk Recon + Outreach Hooks Find dental, medical, therapy, chiro, derm, optometry, podiatry, and physician practices in **any US metro**, run lightweight **passive HIPAA-style web recon** on each, and get back a graded lead list with **paste-ready outreach hooks**. Built for MSPs, vCISOs, HIPAA compliance vendors, healthcare-focused legal firms, and security shops doing TLS-style outbound to small-practice healthcare. ### Who this is for - **HIPAA outreach pros** who DM dentists/therapists about web compliance - **Healthcare MSPs** prospecting practices with weak external posture - **Compliance/legal vendors** triaging a metro for §164.312/§164.502 web exposures - **Pen-test firms** building a passive prequalification list before pitching ### What it does that no other Apify Actor does The Apify store has Google Maps scrapers (raw listings) and HTTPS checkers (raw status), but **no Actor combines healthcare-practice discovery with HIPAA-style web recon and grades the result**. This is a first-mover lead-gen tool. - **Discovery** via OpenStreetMap Overpass API (no Maps ToS exposure, no captcha, free upstream) - **Geocoding** via OSM Nominatim — pass `"Atlanta, GA"` and we resolve the bbox - **Per-practice passive recon** with native fetch (no Playwright, low cold-start) - HEAD: HTTPS reachability + 5 security headers (HSTS, XFO, CSP, XCTO, Referrer-Policy) - GET: regex-detect tracking pixels (Facebook, GTM, GA, TikTok, LinkedIn Insight, Hotjar) - **HIPAA risk score (0-100)** weighted by what HHS actually settles on: - Tracking pixels (PHI-to-third-party — see HHS 2024 guidance): **20 pts each, cap 60** - Missing security headers: **5 pts each, cap 25** - HTTP-only (§164.312(e)(1)): **25 pts** - **Paste-ready outreach hook** per row — under 240 chars, references the actual finding ### Sample input ```json { "metro": "Atlanta, GA", "radius_km": 15, "specialties": ["dentist", "psychotherapist", "chiropractor"], "min_risk_score": 30, "max_results": 50 } ```` ### Sample output (one dataset row) ```json { "name": "Buckhead Family Dental", "specialty": "dentist", "address": "3200 Peachtree Rd NE, Atlanta, GA, 30326", "phone": "+1-404-555-0142", "website": "https://buckheadfamilydental.example", "latitude": 33.8412, "longitude": -84.3782, "has_https": true, "missing_headers": ["content-security-policy", "strict-transport-security"], "detected_pixels": ["facebook_pixel", "google_tag_manager"], "hipaa_risk_score": 65, "captured_at": "2026-04-29T18:00:00.000Z", "suggested_outreach_hook": "Hi — quick note for Buckhead Family Dental: ran a passive scan and noticed facebook pixel + google tag manager on your site (PHI leakage exposure). Happy to send the full dentist HIPAA web-hygiene report (free, no pitch). Reply HIPAA?" } ``` ### Pricing **Pay-per-event** (recommended on Apify): | Event | Price | | --- | --- | | Run start | $0.10 | | Per practice returned | $0.02 | | Monthly minimum | $4.99 | A single metro scan returning 50 graded leads = **$1.10** total. At ~$2-10K LTV per HIPAA remediation engagement, every conversion pays the entire annual subscription back ~1000×. Alternative flat tier: **$19.99/mo with 1,500 leads included** (set as a separate subscription tier on apify.com). ### Compared to existing Apify Actors | Actor | Discovery | Per-result recon | HIPAA-grade scoring | Outreach hook | | --- | --- | --- | --- | --- | | Google Maps Scraper (apify/google-maps) | Yes (paid) | No | No | No | | Website HTTPS Checker | No | Partial | No | No | | **Healthcare Practice Finder** | **Yes (free OSM)** | **Yes** | **Yes** | **Yes** | ### Schedule Recommended cron: weekly per metro (`0 14 * * 1`). OSM tag changes are slow; weekly captures most new practices opening up. ### Source The recon + scoring logic mirrors the passive web-audit pattern used by the [TOUGH LOVE SECURITY](https://toughlovesec.win) outreach pipeline. Free for non-commercial inspection; commercial use is licensed via the Apify subscription. ### Notes & limits - OSM coverage of US healthcare practices is **~60-80%** in major metros, lower in rural areas. Pair with a paid Maps Scraper Actor as a top-up if you need 100% coverage. - Passive recon only — **no port scans, no exploits, no auth attempts**. Every check is what an unauthenticated public visitor would already see. - Tracking-pixel detection is regex-only and runs against the homepage. Deeper pages may carry additional pixels not captured here; treat the score as a floor. # Actor input Schema ## `metro` (type: `string`): City + state to search around, e.g. 'Houston, TX' or 'Atlanta, GA'. Geocoded via OpenStreetMap Nominatim to a center lat/lon. ## `radius_km` (type: `integer`): Search radius in kilometers around the geocoded metro center. 25 km covers most US metros' practice clusters; bump higher for sprawled markets like Houston/Dallas/LA. ## `specialties` (type: `array`): OSM healthcare/amenity values to query. Defaults cover the highest-volume HIPAA-outreach segments. Allowed: dentist, psychotherapist, physiotherapist, chiropractor, physician, dermatologist, optometrist, podiatrist. ## `min_risk_score` (type: `integer`): Only emit practices whose computed HIPAA risk score is >= this value. Filters out practices with already-tight websites — the kept set is your outreach-ready leads. ## `max_results` (type: `integer`): Hard cap on rows pushed to the dataset. The actor still scans the full Overpass result set, but stops emitting once the cap is hit. ## `include_hook` (type: `boolean`): When true, every row gets a `suggested_outreach_hook` field — a 200-char personalized DM template you can paste-and-send. ## Actor input object example ```json { "metro": "Atlanta, GA", "radius_km": 25, "specialties": [ "dentist", "psychotherapist", "physiotherapist", "chiropractor", "physician" ], "min_risk_score": 30, "max_results": 100, "include_hook": true } ``` # API You can run this Actor programmatically using our API. Below are code examples in JavaScript, Python, and CLI, as well as the OpenAPI specification and MCP server setup. ## JavaScript example ```javascript import { ApifyClient } from 'apify-client'; // Initialize the ApifyClient with your Apify API token // Replace the '' with your token const client = new ApifyClient({ token: '', }); // Prepare Actor input const input = {}; // Run the Actor and wait for it to finish const run = await client.actor("agent-shield/healthcare-practice-finder").call(input); // Fetch and print Actor results from the run's dataset (if any) console.log('Results from dataset'); console.log(`💾 Check your data here: https://console.apify.com/storage/datasets/${run.defaultDatasetId}`); const { items } = await client.dataset(run.defaultDatasetId).listItems(); items.forEach((item) => { console.dir(item); }); // 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/js/docs ``` ## Python example ```python from apify_client import ApifyClient # Initialize the ApifyClient with your Apify API token # Replace '' with your token. client = ApifyClient("") # Prepare the Actor input run_input = {} # Run the Actor and wait for it to finish run = client.actor("agent-shield/healthcare-practice-finder").call(run_input=run_input) # Fetch and print Actor results from the run's dataset (if there are any) print("💾 Check your data here: https://console.apify.com/storage/datasets/" + run["defaultDatasetId"]) for item in client.dataset(run["defaultDatasetId"]).iterate_items(): print(item) # 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/python/docs/quick-start ``` ## CLI example ```bash echo '{}' | apify call agent-shield/healthcare-practice-finder --silent --output-dataset ``` ## MCP server setup ```json { "mcpServers": { "apify": { "command": "npx", "args": [ "mcp-remote", "https://mcp.apify.com/?tools=agent-shield/healthcare-practice-finder", "--header", "Authorization: Bearer " ] } } } ``` ## OpenAPI specification ```json { "openapi": "3.0.1", "info": { "title": "TLS · Healthcare Practice Finder", "description": "Find dental, medical, therapy, chiro, derm practices in any US metro via OpenStreetMap. Passive HIPAA web recon (HTTPS, headers, tracking pixels) → graded leads with outreach hooks. For MSPs, vCISOs, HIPAA consultants. By TOUGH LOVE SECURITY.", "version": "1.0", "x-build-id": "Kau7xvaZjtXNb5xDF" }, "servers": [ { "url": "https://api.apify.com/v2" } ], "paths": { "/acts/agent-shield~healthcare-practice-finder/run-sync-get-dataset-items": { "post": { "operationId": "run-sync-get-dataset-items-agent-shield-healthcare-practice-finder", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for its completion, and returns Actor's dataset items in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } }, "/acts/agent-shield~healthcare-practice-finder/runs": { "post": { "operationId": "runs-sync-agent-shield-healthcare-practice-finder", "x-openai-isConsequential": false, "summary": "Executes an Actor and returns information about the initiated run in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/runsResponseSchema" } } } } } } }, "/acts/agent-shield~healthcare-practice-finder/run-sync": { "post": { "operationId": "run-sync-agent-shield-healthcare-practice-finder", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for completion, and returns the OUTPUT from Key-value store in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } } }, "components": { "schemas": { "inputSchema": { "type": "object", "required": [ "metro" ], "properties": { "metro": { "title": "Metro / city", "type": "string", "description": "City + state to search around, e.g. 'Houston, TX' or 'Atlanta, GA'. Geocoded via OpenStreetMap Nominatim to a center lat/lon." }, "radius_km": { "title": "Radius (km)", "minimum": 1, "maximum": 100, "type": "integer", "description": "Search radius in kilometers around the geocoded metro center. 25 km covers most US metros' practice clusters; bump higher for sprawled markets like Houston/Dallas/LA.", "default": 25 }, "specialties": { "title": "Specialties to include", "type": "array", "description": "OSM healthcare/amenity values to query. Defaults cover the highest-volume HIPAA-outreach segments. Allowed: dentist, psychotherapist, physiotherapist, chiropractor, physician, dermatologist, optometrist, podiatrist.", "default": [ "dentist", "psychotherapist", "physiotherapist", "chiropractor", "physician" ], "items": { "type": "string" } }, "min_risk_score": { "title": "Minimum HIPAA risk score (0-100)", "minimum": 0, "maximum": 100, "type": "integer", "description": "Only emit practices whose computed HIPAA risk score is >= this value. Filters out practices with already-tight websites — the kept set is your outreach-ready leads.", "default": 30 }, "max_results": { "title": "Max results", "minimum": 1, "maximum": 1000, "type": "integer", "description": "Hard cap on rows pushed to the dataset. The actor still scans the full Overpass result set, but stops emitting once the cap is hit.", "default": 100 }, "include_hook": { "title": "Include suggested outreach hook", "type": "boolean", "description": "When true, every row gets a `suggested_outreach_hook` field — a 200-char personalized DM template you can paste-and-send.", "default": true } } }, "runsResponseSchema": { "type": "object", "properties": { "data": { "type": "object", "properties": { "id": { "type": "string" }, "actId": { "type": "string" }, "userId": { "type": "string" }, "startedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "finishedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "status": { "type": "string", "example": "READY" }, "meta": { "type": "object", "properties": { "origin": { "type": "string", "example": "API" }, "userAgent": { "type": "string" } } }, "stats": { "type": "object", "properties": { "inputBodyLen": { "type": "integer", "example": 2000 }, "rebootCount": { "type": "integer", "example": 0 }, "restartCount": { "type": "integer", "example": 0 }, "resurrectCount": { "type": "integer", "example": 0 }, "computeUnits": { "type": "integer", "example": 0 } } }, "options": { "type": "object", "properties": { "build": { "type": "string", "example": "latest" }, "timeoutSecs": { "type": "integer", "example": 300 }, "memoryMbytes": { "type": "integer", "example": 1024 }, "diskMbytes": { "type": "integer", "example": 2048 } } }, "buildId": { "type": "string" }, "defaultKeyValueStoreId": { "type": "string" }, "defaultDatasetId": { "type": "string" }, "defaultRequestQueueId": { "type": "string" }, "buildNumber": { "type": "string", "example": "1.0.0" }, "containerUrl": { "type": "string" }, "usage": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "integer", "example": 1 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } }, "usageTotalUsd": { "type": "number", "example": 0.00005 }, "usageUsd": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "number", "example": 0.00005 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } } } } } } } } } ```