Server data from the Official MCP Registry
Read-only Medplum chart search and patient context for MCP clients.
Read-only Medplum chart search and patient context for MCP clients.
Valid MCP server (2 strong, 4 medium validity signals). No known CVEs in dependencies. ⚠️ Package registry links to a different repository than scanned source. Imported from the Official MCP Registry. 1 finding(s) downgraded by scanner intelligence.
15 files analyzed · 1 issue found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Set these up before or after installing:
Environment variable: MEDPLUM_ACCESS_TOKEN
Environment variable: MEDPLUM_CLIENT_ID
Environment variable: MEDPLUM_CLIENT_SECRET
Environment variable: MEDPLUM_BASE_URL
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-cbetz-last-ehr": {
"env": {
"MEDPLUM_BASE_URL": "your-medplum-base-url-here",
"MEDPLUM_CLIENT_ID": "your-medplum-client-id-here",
"MEDPLUM_ACCESS_TOKEN": "your-medplum-access-token-here",
"MEDPLUM_CLIENT_SECRET": "your-medplum-client-secret-here"
},
"args": [
"-y",
"@lastehr/mcp"
],
"command": "npx"
}
}
}From the project's GitHub README.
Open-source reference implementation for approval-gated FHIR agents. A permissioned agent over the patient chart: it reads the chart and proposes writes, and nothing is saved until you approve it. Bring your own backend and your own model key when you want a real agent—or start with the zero-key local synthetic walkthrough.
Last EHR is a layer, not an EHR. It runs on top of a headless FHIR backend (Medplum, or HAPI FHIR for local synthetic evaluation) and talks to it over the FHIR API. It is not the system of record, stores no PHI of its own, and never bundles or forks the backend.
Status: early / alpha. APIs, structure, and scope will change. Use synthetic data only. · License: Apache-2.0
Try the live demo: no sign-up, synthetic data, and every write goes through the approval gate.

| Goal | Start here |
|---|---|
| See the approval loop now | Try the live synthetic-data demo — no sign-up. |
| Give an MCP client bounded Medplum chart reads | npx -y @lastehr/mcp init --client claude-code |
| Try fixture MCP locally without FHIR credentials or a provider API key | npm run mcp:demo -- --client claude-code |
| Inspect the complete flow locally with no account or model key | npm run demo:local |
Find patients named Smith.Record a heart rate of 72 bpm for Maria Garcia.For MCP, @lastehr/mcp is deliberately a separate read-only surface:
search_patients and show_patient_info only. Configure a least-privilege
Medplum token before connecting it to a real project; full setup is in the
MCP guide and the Official MCP Registry listing.
Want to inspect those two MCP tools before configuring Medplum? From a
checkout, npm run mcp:demo starts the included local HAPI stack, resets the
four synthetic fixture charts, and prints a Claude Code/Cursor configuration.
That checkout-only MCP Local Lab needs no FHIR/Medplum credentials or
model-provider API key of its own and is restricted to fixture patients. Your
MCP client still uses its normal account and may send those synthetic results
to its model provider. It is not the published package, generic HAPI support,
or a path for PHI.
Project = tenant, ProjectMembership = user, AccessPolicy = RBAC). Last EHR doesn't reimplement any of that, and writes are bounded by your AccessPolicy.Last EHR is Medplum-supported for authenticated deployments and includes a local, no-auth HAPI FHIR mode for synthetic-data evaluation. Other FHIR R4 backends need an adapter before they are supported. See the full support matrix for the web, SMART, MCP, auth, and evaluation boundaries before choosing a path.
Next.js 15 (App Router) + React 19. The agent lives in app/api/chat/route.ts (streamText + FHIR tools); the FHIR calls go through a small backend interface (lib/fhir/backend.ts) with two built-in adapters: Medplum (hosted or self-hosted, token-authenticated) and local HAPI FHIR for synthetic evaluation. The interface is four methods plus contract notes, so an adapter for another headless EHR is a small, well-scoped contribution. See docs/adapters.md and the roadmap.
flowchart LR
B["Browser chat"] --> A["/api/chat<br/>streamText + 4 FHIR tools"]
A -- "reads<br/>search_patients, show_patient_info" --> M[("Your FHIR backend<br/>(Medplum or HAPI)")]
A -- "writes<br/>add_note, record_observation" --> C{"Approval card"}
C -- "Approve & save" --> M
C -- "Cancel" --> N["Nothing saved"]
M -. "Every call runs as the signed-in user,<br/>bounded by your AccessPolicy.<br/>The layer stores no PHI." .-> A
On the public demo, writes are also tagged with your session, so you only ever see the seed data plus your own edits.
Fastest: try the hosted demo at lastehr.com/demo. No account, no keys, synthetic data.
One-click deploy with your own keys:
You'll still need a Medplum project seeded with the synthetic patients (npm run seed, below) for the demo to have data.
Run it locally. Prerequisites: Node 22.18+ (or 24.2+), a Medplum project (Medplum-hosted free tier or your own), and one tool-capable model API key (OpenAI, Anthropic, or Amazon Bedrock).
git clone https://github.com/cbetz/last-ehr.git
cd last-ehr
npm install
cp .env.example .env.local # then edit .env.local (see below)
npm run seed # load synthetic patients into your Medplum
npm run dev # http://localhost:3000/demo
At minimum set, in .env.local:
OPENAI_API_KEY (default provider), or ANTHROPIC_API_KEY with AI_PROVIDER=anthropic, or AWS credentials plus AI_PROVIDER=bedrock and MODEL_ID;NEXT_PUBLIC_MEDPLUM_BASE_URL / MEDPLUM_BASE_URL if you're pointing at your own Medplum (leave blank to use Medplum's hosted API);MEDPLUM_CLIENT_ID + MEDPLUM_CLIENT_SECRET (a Medplum ClientApplication): used by npm run seed, and by the no-sign-in quickstart when you also set NEXT_PUBLIC_QUICKSTART=true. Or set NEXT_PUBLIC_MEDPLUM_GOOGLE_CLIENT_ID to sign in via Medplum's Google OAuth instead.npm run seed loads a small synthetic patient set (scripts/fixtures/patients.ts: four patients with conditions, medications, allergies, immunizations, and vitals/labs, two named "Smith"). It wipes and recreates those patients each run, so it is safe to re-run. Then open /demo and ask: "find patients named Smith." Use synthetic data only.
Local FHIR stack, no Medplum account or model key: the repo ships a Docker Compose stack with HAPI FHIR and Postgres, plus an explicit scripted walkthrough that exercises the approval loop without calling an external model provider.
npm install
npm run demo:local # HAPI, seed data, and http://localhost:3000/demo
demo:local forces the local HAPI + scripted configuration without creating or
overwriting .env.local. This fixed, no-network walkthrough always finds the
seeded Maria Garcia record and proposes one Heart rate: 72 bpm Observation.
It does not interpret your prompt, browse charts, or call a model provider; the
FHIR wrapper permits only that synthetic record and observation. Press Ctrl-C
to stop Next.js; use npm run demo:local:down to remove the local stack.
Honest scope: the local HAPI server runs with no auth, so this mode is for
local, single-tenant use only; per-browser session isolation is client-side
filtering, not a security boundary. The published @lastehr/mcp package still
requires Medplum credentials; the separate checkout-only npm run mcp:demo
Local Lab instead exposes two synthetic, read-only charts without credentials.
Neither local route is a real-data or production path. To run a real agent
against HAPI, configure .env.local with a supported model key instead. The
hosted public demo stays on Medplum.
To run the app container too, use npm run docker:local after filling
.env.local; it combines the HAPI/Postgres compose stack with the app image.
For the longer version, see docs/quickstart.md.
Last EHR can launch directly from app.medplum.com. Register it once in your Medplum project by creating a ClientApplication with:
launchUri = https://<your-deploy>/launchredirectUri = https://<your-deploy>/launch/callbackthen set SMART_CLIENT_ID to that ClientApplication's id in your deployment.
Last EHR appears on the Apps tab of every Patient and Encounter page;
launching it opens the chat already scoped to that patient, reusing your
Medplum sign-in (SMART App Launch with PKCE, public client, no secret). The
token is bounded by the granted SMART scopes and your AccessPolicy, and writes
still stop at the approval card.
@lastehr/mcp is a small, standalone MCP server for
Medplum. It gives Claude Code, Cursor, and other MCP clients two bounded chart
read tools—search_patients and show_patient_info—with no write tools in
the 0.1.x line.
npx -y @lastehr/mcp init --client claude-code
Authenticate with a least-privilege MEDPLUM_ACCESS_TOKEN, or
MEDPLUM_CLIENT_ID plus MEDPLUM_CLIENT_SECRET; set MEDPLUM_BASE_URL for a
self-hosted Medplum instance. Read access can still return PHI, so review the
MCP client's model-provider and data-handling boundary before connecting it to
a real project.
From a checkout, npm run mcp builds and starts that same package. Full setup,
client configuration, and the support boundary are in the MCP guide.
The Official MCP Registry listing is the canonical discovery record for the exact, verified release.
To evaluate the MCP surface before configuring Medplum, use the separate local lab from a repository checkout:
npm install
npm run mcp:demo -- --client claude-code
It starts local HAPI, reloads the repository's synthetic fixture records, and
prints a client registration command. The generated MCP process has exactly
the same two read-only tool names but can only resolve those fixture patients.
It is not included in @lastehr/mcp, does not make HAPI a supported package
backend, and must never be pointed at real data. The Local Lab server needs no
FHIR credential or provider API key, but the MCP client itself still needs its
normal model account and may transmit the synthetic tool output to that model.
Every variable is documented in .env.example. The real-agent
model path is provider-agnostic with one hard rule: every external provider
offered here can carry a BAA, because deployments of this project head toward
real clinical data even though the demo is synthetic-only. The scripted
option is a separate, explicit, zero-key local HAPI walkthrough—not a model
provider or a PHI-ready mode.
| AI_PROVIDER | Key | Example MODEL_ID | BAA path |
|---|---|---|---|
scripted | None | Fixed local synthetic sequence | No external provider call. Requires explicit local HAPI flags; cannot act as a general agent. |
openai (default) | OPENAI_API_KEY | gpt-4.1-mini | OpenAI signs BAAs with zero-retention options for API traffic on qualifying plans. |
anthropic | ANTHROPIC_API_KEY | claude-sonnet-4-6 | Anthropic signs BAAs with zero-retention options for API traffic on qualifying plans. |
bedrock | AWS credential env + AWS_REGION | us.anthropic.claude-haiku-4-5-20251001-v1:0 | Amazon Bedrock is available under an AWS BAA for eligible services; set an explicit model id or inference profile. |
The BAA requirement applies to the external-provider rows: signing one is the operator's step, not a default, and a bare API key is not PHI-ready. Aggregators that cannot sign a BAA (OpenRouter, per their current public terms) are deliberately not offered. Analytics (PostHog) and the marketing-site waitlist (Neon) are optional and lastehr.com-specific.
Last EHR stores no patient data of its own; everything lives in your FHIR backend. But be clear about what the approval gate is: it is a write-safety control, not a privacy control. In external-model modes, anything the agent reads from the chart is sent to your model provider as context, under your API key, with no approval step. The scripted local demo makes no model request and is restricted to its one seeded synthetic record; it is not a path for real data.
Use synthetic data unless you have real agreements in place. Pointing this at real PHI requires, at minimum:
See SECURITY.md for the full posture and how to report vulnerabilities.
Self-hosting is free and Apache-2.0. A managed hosted tier (managed Medplum + a signed BAA, multi-tenancy, billing) may follow, built only after the open-source core has traction.
A personal open-source project. Not affiliated with, endorsed by, or sponsored by Medplum, Vercel, or any employer.
Apache-2.0. See NOTICE for third-party attributions, CONTRIBUTING.md to contribute, and GOVERNANCE.md for how the project is run.
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.