For Developers

Ship AI Features Without Worrying About PHI

An HTTP API and MCP server for fast PHI de-identification with full reversibility. Strip all 18 HIPAA identifiers, route to any consumer LLM, and re-identify on return. Self-hosted or cloud.

Consumption-based creditsSelf-hosted or managedNo minimums

Two Interfaces. Any LLM. Full Reversibility.

De-identify clinical text in milliseconds, send it to any model, and get back a response with all patient context restored.

HTTP API

Drop-in replacement for OpenAI and Anthropic endpoints. Same request format, same streaming — MedScrub handles de-identification transparently.

MCP Server

Model Context Protocol interface for agent workflows. Use MedScrub as a tool in any AI pipeline: de-identify, process, re-identify in one call.

Any Model, No BAA

PHI is stripped before data leaves your infrastructure. Use GPT-4o, Claude, Gemini, or local models; no BAA required with AI providers.

One API Call

Send clinical text with PHI. Get back an AI response with PHI restored. MedScrub handles de-identification, LLM routing, and re-identification transparently.

  • Drop-in replacement for OpenAI/Anthropic endpoints
  • MCP server for agent and pipeline workflows
  • Streaming supported; de-identification happens before the stream starts
  • Deterministic tokenization; same input always produces the same tokens
cURL
curl -X POST https://api.medscrub.ai/v1/chat \
  -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-4o",
    "messages": [{
      "role": "user",
      "content": "Summarize this patient:
        John Smith, DOB 3/15/1979,
        MRN 847291, HbA1c 7.8%,
        BP 138/88, BMI 31.2"
    }]
  }'
What the LLM actually sees:
"[PATIENT_001], [AGE] yo,
 HbA1c 7.8%, BP 138/88, BMI 31.2"
PHI stripped → LLM processes → PHI restored in response

How It Works

MedScrub sits between your application and any AI provider. PHI never reaches the model.

Your App
MedScrub Proxy
Any LLM

Your app sends PHI → MedScrub strips it → Clean data reaches the LLM → Response re-identified on return

Your Self-Hosted Platform

Monitor and manage your self-hosted MedScrub platform — PHI Proxy, NER Engine, CDR Server, Session Store, and Database all running on your infrastructure.

MedScrub Platform — self-hosted system management with PHI Proxy, NER Engine, CDR, and session services

EHR Connectivity

MedScrub connects to Epic and athenahealth via FHIR, with more coming soon.

Epic FHIR R4 (SMART on FHIR, backend services)
athenahealth FHIR API
Any FHIR R4-compliant EHR
Write-back to source EHR via proxy

Platform Capabilities

PHI Proxy

Strips all 18 HIPAA identifiers with high accuracy on structured FHIR data. Deterministic, auditable, 100% reversible.

FHIR Integration

Backend systems integration for Epic and athenahealth. Read patient data, write clinical notes back via FHIR R4.

FHIR CDR

Self-hosted clinical data repository. Your patient data in a FHIR-native store you control; not locked in a vendor's cloud.

Multi-Model Routing

Route to GPT-4o, Claude, Gemini, or any OpenAI-compatible endpoint. Switch models without changing your code.

MCP Interface

Model Context Protocol support for agent workflows. Use MedScrub as a tool in your AI pipeline.

Self-Hosted

Deploy on your infrastructure. Docker, Kubernetes, or bare metal. Air-gapped deployments supported for maximum security.

What Teams Build with MedScrub

Any AI feature that touches clinical data, made HIPAA-compliant in one line.

Clinical Decision Support

Differential diagnosis, treatment suggestions, drug interactions; powered by any LLM.

Clinical Documentation

Generate notes, summaries, discharge instructions, or patient communications from de-identified data.

Patient-Facing AI

Chatbots for intake, symptom checking, health coaching, or care navigation; safely personalized.

Medical Coding and Billing

AI-assisted ICD-10, CPT, or SNOMED coding from clinical documentation.

Care Coordination

AI-powered patient routing, referral management, or care plan generation.

Dev and Testing

Use de-identified production data in staging environments without HIPAA risk.

Built for Every Stage

Early-Stage Startups

Go from idea to HIPAA-compliant MVP in weeks, not months. No enterprise contracts or BAA negotiations.

  • Pay-as-you-go credits
  • Self-hosted Docker
  • No minimums

Growth-Stage Companies

Integrate clinical AI into existing products without rebuilding your compliance infrastructure.

  • Volume discounts
  • Multi-model routing
  • FHIR integration

Health Systems and Research

Self-host for maximum control. Run AI workloads on clinical data without PHI leaving your network.

  • Air-gapped deployment
  • SSO and admin controls
  • Dedicated support

Compliance and Security

HIPAA Compliant

PHI de-identified before AI processing.

HIPAA-Grade De-ID

On structured FHIR data; deterministic, auditable approach.

100% Reversible

Full re-identification for EHR write-back.

Self-Hosted Option

Air-gapped deployment on your own infrastructure.

Start Building

Consumption-based pricing. Pay for what you use. No minimums.