PHI never leaves your infrastructure. By design, not by policy.
Doctors use ChatGPT, Claude, and Gemini every day, but pasting patient data into a chat box is not safe. MedScrub strips all 18 HIPAA Safe Harbor identifiers inside your own infrastructure before any request reaches a model.
- Undercoded visits
- $205K / year
- Missed CCM billing
- $148K / year
- HIPAA identifiers stripped
- All 18
- Patient data sent to MedScrub
- None
Every other clinical AI company builds a proprietary model and processes your raw patient data on their servers.
You pay a premium for their model choice, their data handling, their cloud. A BAA with a model vendor is a legal fig leaf, not a technical guarantee.
We asked a different question: what if you could use any AI model safely?
Consumer LLMs are already the best reasoning engines on the planet and they get better every month. The missing piece is not the model — it is a way to use them with clinical data without violating HIPAA.
Three components. One safe workspace.
MedScrub is not another AI scribe. It is infrastructure that makes any consumer LLM safe for clinical work.
PHI Proxy
All 18 HIPAA Safe Harbor identifiers are stripped before data reaches any AI model. Names, dates, MRNs, addresses: replaced with deterministic tokens that are 100% reversible on the way back.
Clinical Data Repository
Patient data syncs from your EHR into a local CDR that your practice owns. Labs, vitals, conditions, medications, encounters: structured FHIR data that powers every AI workflow.
Any consumer LLM
You choose the model: OpenAI, Claude, Gemini, Mistral, or local models via Ollama. API keys stay on your machine. As models improve, MedScrub improves with them — no vendor lock-in.
EHR → CDR → PHI Proxy → Consumer LLM → Re-identified Output → EHR Write-back
Patient data never reaches an AI model with identifiers attached. The physician sees the final output with all context restored.
Five reasons this approach wins.
Capital efficient
We do not train models. We do not run GPU clusters. Consumer LLMs do the heavy lifting; we make them safe. As models get cheaper and better, so does MedScrub.
No vendor lock-in
When a better model comes out — and one always does — you switch in seconds. No migration, no retraining, no contract renegotiation.
Data gravity compounds
The CDR accumulates structured clinical data over time. Every sync makes SOAP notes more accurate, pre-visit summaries more complete, and prior auth letters more evidence-based.
Trust by architecture
PHI de-identification is not a policy — it is a technical guarantee. The proxy strips identifiers deterministically. There is no way for an AI model to see a patient name, even if it tried.
Compliance revenue compounds
MIPS quality measures, CCM billing, E/M coding accuracy: each generates recurring revenue. A practice that finds $148K/year in CCM billing in year 1 keeps that revenue in year 2 and 3.
Built by 1PuttHealth
1PuttHealth helps companies build on healthcare interoperability standards: FHIR, EHR integrations, clinical data infrastructure. MedScrub is our flagship product — the physician sidekick we kept seeing the market need.