Build clinical AI on a PHI proxy.
MCP server, FHIR client, REST API — all on a CDR with persistent patient context and built-in de-identification. Self-hosted Docker. No BAA negotiations. 500 free credits on sign-up.
Docker · REST · MCP · FHIR R4 · TypeScript SDK · Epic · athenahealth · eClinicalWorks
# de-identify · PHI replaced with tokens
curl -X POST https://your-proxy/api/deidentify \
-H "X-API-Key: msk_live_..." \
-d '{"text":"Patient Jane Doe, DOB 1985-03-12"}'
# response
{ "text": "Patient [NAME_1], DOB [DATE_1]",
"sessionId": "ses_abc123" }
→ session key stored in your Redis only
← re-identify with the same session key
Every interface you need. One proxy.
REST API, native MCP server, FHIR R4 reads, and a persistent CDR — all running in your Docker environment with the same de-identification pipeline.
REST API
POST /api/deidentify · /api/reidentify · /api/fhir/deidentify. JSON in, JSON out. Any language, any framework.
Native MCP server
First-class Model Context Protocol support so Claude Desktop, Claude Code, and any MCP-compatible host can call the proxy as a tool.
FHIR R4 client
Read structured resources — Patient, Condition, Observation, MedicationRequest, DocumentReference — straight from Epic, athenahealth, or eClinicalWorks.
CDR persistent context
Medplum-backed Clinical Data Repository keeps a full longitudinal record per patient so every call has the whole chart, not just the latest payload.
Reversible tokenization
PHI is replaced with deterministic tokens ([NAME_1], [DATE_1], …). The session key lives only in your infra — re-identify after the model responds.
18 Safe Harbor IDs
All 18 identifier types specified in 45 CFR §164.514(b)(2) are stripped before any outbound request. Auditable, documented, CISO-ready.
Four endpoints. Infinite clinical context.
Authenticate with an API key. Every endpoint returns JSON. All FHIR resources are de-identified in-flight before the response leaves the proxy.
# clinical text de-identification
POST /api/deidentify
POST /api/reidentify
# FHIR R4 resources (de-identified)
POST /api/fhir/deidentify
POST /api/fhir/reidentify
# session management
GET /api/session
DELETE /api/session
# health
GET /health
# pull and run in your environment
docker pull ghcr.io/1putt-health/medscrub-proxy
# configure your EHR credentials
cp .env.example .env
# start the stack
docker compose up -d
# proxy running at localhost:3001
→ 500 free credits · no credit card required
PHI never leaves your infra. By design.
The de-identification proxy runs entirely in your environment. The session key that maps tokens back to real patient data never travels outside your Docker container.
No PHI leaves your infra
The proxy runs in your Docker environment. PHI is stripped and the session key never travels to a model API.
No BAA with a model vendor
Because the AI model only sees de-identified data, you are not disclosing PHI to it — no Business Associate Agreement required.
18 Safe Harbor identifiers removed
Names, dates, MRNs, SSNs, addresses, phone numbers, and all other 45 CFR §164.514(b)(2) identifiers are stripped on every request.
Deterministic, auditable de-id
The tokenization logic is documented code — not a black-box ML classifier. You can read exactly what gets removed and why.
HIPAA Safe Harbor · 45 CFR §164.514(b)(2) · 18/18 identifier types removed