For developers & builders

Build clinical AI on a PHI proxy.

MCP server, FHIR client, REST API — all on a CDR with persistent patient context and built-in de-identification. Self-hosted Docker. No BAA negotiations. 500 free credits on sign-up.

Docker · REST · MCP · FHIR R4 · TypeScript SDK · Epic · athenahealth · eClinicalWorks

terminal · deidentify

# de-identify · PHI replaced with tokens

curl -X POST https://your-proxy/api/deidentify \

-H "X-API-Key: msk_live_..." \

-d '{"text":"Patient Jane Doe, DOB 1985-03-12"}'

# response

{ "text": "Patient [NAME_1], DOB [DATE_1]",

"sessionId": "ses_abc123" }

→ session key stored in your Redis only

← re-identify with the same session key

<50ms p95   18/18 Safe Harbor IDs   session key stays in your infra
Developer surface

Every interface you need. One proxy.

REST API, native MCP server, FHIR R4 reads, and a persistent CDR — all running in your Docker environment with the same de-identification pipeline.

HTTP

REST API

POST /api/deidentify · /api/reidentify · /api/fhir/deidentify. JSON in, JSON out. Any language, any framework.

MCP

Native MCP server

First-class Model Context Protocol support so Claude Desktop, Claude Code, and any MCP-compatible host can call the proxy as a tool.

FHIR R4

FHIR R4 client

Read structured resources — Patient, Condition, Observation, MedicationRequest, DocumentReference — straight from Epic, athenahealth, or eClinicalWorks.

CDR

CDR persistent context

Medplum-backed Clinical Data Repository keeps a full longitudinal record per patient so every call has the whole chart, not just the latest payload.

De-id

Reversible tokenization

PHI is replaced with deterministic tokens ([NAME_1], [DATE_1], …). The session key lives only in your infra — re-identify after the model responds.

HIPAA

18 Safe Harbor IDs

All 18 identifier types specified in 45 CFR §164.514(b)(2) are stripped before any outbound request. Auditable, documented, CISO-ready.

API reference

Four endpoints. Infinite clinical context.

Authenticate with an API key. Every endpoint returns JSON. All FHIR resources are de-identified in-flight before the response leaves the proxy.

proxy · endpoints

# clinical text de-identification

POST /api/deidentify

POST /api/reidentify

# FHIR R4 resources (de-identified)

POST /api/fhir/deidentify

POST /api/fhir/reidentify

# session management

GET /api/session

DELETE /api/session

# health

GET /health

docker · quick start

# pull and run in your environment

docker pull ghcr.io/1putt-health/medscrub-proxy

# configure your EHR credentials

cp .env.example .env

# start the stack

docker compose up -d

# proxy running at localhost:3001

→ 500 free credits · no credit card required

Why self-hosted

PHI never leaves your infra. By design.

The de-identification proxy runs entirely in your environment. The session key that maps tokens back to real patient data never travels outside your Docker container.

No PHI leaves your infra

The proxy runs in your Docker environment. PHI is stripped and the session key never travels to a model API.

No BAA with a model vendor

Because the AI model only sees de-identified data, you are not disclosing PHI to it — no Business Associate Agreement required.

18 Safe Harbor identifiers removed

Names, dates, MRNs, SSNs, addresses, phone numbers, and all other 45 CFR §164.514(b)(2) identifiers are stripped on every request.

Deterministic, auditable de-id

The tokenization logic is documented code — not a black-box ML classifier. You can read exactly what gets removed and why.

HIPAA Safe Harbor · 45 CFR §164.514(b)(2) · 18/18 identifier types removed

Clinical AI that your infra controls.

Start free with 500 credits. Deploy in an afternoon. PHI stays inside your Docker environment from day one.