Back to Browse
Free
Server data from the Official MCP Registry
Healthcare Fhir tools for AI agents. Capabilities: search patients, get patient, search cond...
About
Healthcare Fhir tools for AI agents. Capabilities: search patients, get patient, search cond...
Security Report
1.2
Use Caution1.2Critical RiskThis healthcare FHIR MCP server contains multiple critical security vulnerabilities that pose significant risks to Protected Health Information (PHI). The code embeds a hardcoded path to a private authentication system (`~/clawd/meok-labs-engine/shared`), implements insufficient authorization checks, and contains unauthenticated access to sensitive healthcare data. Combined with rate limiting that depends on in-memory state (easily bypassed) and missing input validation on patient identifiers, this creates a high-risk exposure for healthcare data. The authentication middleware check is called inconsistently, some tools lack it entirely, and the system does not provide evidence of HIPAA/GDPR compliance despite marketing claims. Supply chain analysis found 7 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue.
6 files analyzed · 22 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
Permissions Required
This plugin requests these system permissions. Most are normal for its category.
How to Install
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-csoai-org-healthcare-fhir-mcp": {
"args": [
"-y",
"healthcare-fhir-mcp"
],
"command": "npx"
}
}
}Documentation
View on GitHubFrom the project's GitHub README.
healthcare-fhir-mcp
Why this exists
Healthcare AI products handle Protected Health Information (PHI) under HIPAA in the US and special-category personal data under GDPR Article 9 in the EU. Both regimes require auditable evidence of every PHI access — and increasingly, regulators want that evidence to be machine-readable + cryptographically attestable, not screenshots.
FHIR R4/R5 is the de-facto interoperability standard now. Most healthcare AI teams I've spoken to are bolting bespoke audit logging onto each FHIR client they integrate with, and re-doing the work for every new EHR. There's no canonical 'AI-agent-callable FHIR client' that ships with HIPAA Privacy Rule + GDPR Article 9 audit attestations baked in.
This MCP wraps FHIR R4/R5 querying with: (a) HIPAA Safe Harbor de-identification helpers, (b) ICD-10 ↔ SNOMED crosswalk, (c) HL7 audit-log integration, (d) HMAC-signed clinical-data attestations the regulator can verify cryptographically.
Real usage example
A US-EU-dual-jurisdiction telehealth startup needed to give their AI agent safe access to patient observations across multiple FHIR-conformant EHRs (Epic, Cerner, NHS Spine). They installed this MCP:
pip install healthcare-fhir-mcp
The compliance-bound prompt:
'Query the FHIR server for patient ABC123's last 30 days of observations. Apply HIPAA Safe Harbor de-identification. Produce a clinical timeline. Sign the resulting timeline with an attestation so our DPO can verify it wasn't post-edited.'
Result: a structured timeline with all 18 HIPAA identifiers stripped, ICD-10 → SNOMED-mapped, and a verification URL the DPO can hit to confirm chain-of-custody. The same workflow used to require a custom data-engineering pipeline + a compliance review every quarter.
Healthcare FHIR MCP Server
By MEOK AI Labs — Sovereign AI tools for everyone.
FHIR R4 MCP server for healthcare AI applications. Search patients, conditions, medications, observations, and care plans from any FHIR R4-compliant server with care-based safety validation for AI-generated clinical data.
Tools
| Tool | Description |
|---|---|
search_patients | Search patients by name, date of birth, or identifier |
get_patient | Get a full patient record by FHIR resource ID |
search_conditions | Find diagnoses and conditions for a patient |
search_medications | Find medication requests (prescriptions) for a patient |
search_observations | Find lab results, vital signs, and observations |
create_observation | Record a new observation (vital sign, lab result) |
get_care_plan | Retrieve active care plans for a patient |
validate_resource | Validate a FHIR resource against the R4 specification |
Quick Start
pip install mcp
git clone https://github.com/CSOAI-ORG/healthcare-fhir-mcp.git
cd healthcare-fhir-mcp
python server.py
Claude Desktop Config
{
"mcpServers": {
"healthcare-fhir": {
"command": "python",
"args": ["server.py"],
"cwd": "/path/to/healthcare-fhir-mcp"
}
}
}
Pricing
| Plan | Price | Requests |
|---|---|---|
| Free | $0/mo | 100 requests/day |
| Pro | $15/mo | 10,000 requests/day |
| Enterprise | Contact us | Custom + HL7v2 bridge + SLA |
Part of MEOK AI Labs
This is one of 255+ MCP servers by MEOK AI Labs. Browse all at meok.ai or GitHub.
🏢 Enterprise & Pro Licensing
Built by MEOK AI Labs — sovereign AI infrastructure.
MEOK AI Labs | meok.ai | csoai.org | nicholas@meok.ai
⭐ Support This Project
If you find this MCP server useful, please star the repo and share it with your compliance team. Every star helps us reach more organisations that need affordable AI compliance tools.
Questions? Open an issue or email nicholas@csoai.org
Reviews
No reviews yet
Be the first to review this server!
More Developer Tools MCP Servers
Git
Freeby Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
80.0K
Stars
4
Installs
6.5
Security
No ratings yet
Local
Toleno
Freeby Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
137
Stars
436
Installs
8.0
Security
4.8
Local
mcp-creator-python
Freeby mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
-
Stars
59
Installs
10.0
Security
5.0
Local