By aks129
Secure AI agent interactions with FHIR R4/R6 clinical data via MCP guardrails: proxy requests to EHRs with automatic PHI redaction on reads, step-up authorization for writes, immutable audit trails, tenant isolation; ingest from Epic/Cerner via Fasten, evaluate and correct data quality with Curatr, export de-identified health records.
npx claudepluginhub aks129/healthclawguardrails --plugin healthclaw-guardrailsHealthClaw Curatr (healthclaw.io) — patient-facing FHIR data quality evaluation and correction. Use when: (1) Evaluating a patient's health record for coding issues (deprecated code systems, invalid codes, missing required fields), (2) Presenting issues in plain language with clinical impact, (3) Applying patient-approved corrections with full Provenance tracking, (4) Preparing a structured correction request for the patient's healthcare provider. Supports FHIR R4 US Core v9 resources: Condition, AllergyIntolerance, MedicationRequest, Immunization, Procedure, DiagnosticReport — with ICD-10-CM, SNOMED CT, LOINC, CVX, and RxNorm validation via public terminology APIs.
Use this skill whenever connecting a patient's real health records from EHR systems (Epic, Cerner, Athena) or the TEFCA national network into HealthClaw Guardrails. Covers: Fasten Stitch widget embed, org_connection_id registration, EHI export job tracking, NDJSON ingestion status, TEFCA IAS identity-verified multi-provider retrieval, and post-import Curatr quality scan workflow.
HealthClaw Guardrails (healthclaw.io) — FHIR agent guardrails for clinical data access via MCP. Supports FHIR R4 US Core v9 (stable) and FHIR R6 ballot3 (experimental). Use when: (1) Reading patient data through MCP tools with automatic PHI redaction, (2) Writing clinical resources with two-phase propose/commit and step-up authorization, (3) Querying observation statistics or recent lab results, (4) Evaluating R6 Permission resources for access control decisions, (5) Auditing agent access to healthcare data. 14 MCP tools.
Connect to real FHIR servers through the MCP guardrail proxy. Use when: (1) Connecting to HAPI FHIR, SMART Health IT, or Epic sandbox servers, (2) Proxying AI agent requests to production EHR systems with guardrails, (3) Ensuring upstream server URLs never leak to clients, (4) Understanding how redaction, audit, and step-up auth apply to upstream data.
HealthEx → HealthClaw-redacted export via the official MCP Python SDK (mcp>=1.2). Use when: (1) Pulling fresh clinical data from HealthEx as the upstream source of truth (not from the local HealthClaw store), (2) Writing a PHI-redacted snapshot to disk before any ingest, so the raw MCP response never hits the filesystem, (3) Producing a single-file JSON or NDJSON bundle for downstream import via `/import`, (4) Running the pipeline headlessly from a Telegram bot or cron on the Mac mini. For the older direct-REST pull against the local FHIR store, see the `healthex-export` skill.
HealthClaw HealthEx Export (healthclaw.io) — automated personal health record export from the local HealthClaw FHIR store. Use when: (1) The patient wants to export all their health data from the HealthClaw local store as a portable FHIR bundle, (2) Migrating health data to a new tenant or archive, (3) Creating a de-identified snapshot for sharing with a provider or second opinion, (4) Pre-screening records for Curatr quality issues before a full evaluation, (5) Automating the HealthEx → local FHIR store ingestion pipeline.
Connect your health records from any US health system via HealthEx, pull your complete clinical history, analyze it with Claude, and optionally export to a personal de-identified FHIR store with automated data quality curation via HealthClaw Guardrails. Supports Epic, Cerner, CommonWell, Carequality, and most major US EHR networks. Triggers when a user asks to connect health records, pull medical history, review lab results, check immunizations, identify care gaps, or export data to a personal FHIR store.
PHI redaction patterns for FHIR resources following HIPAA Safe Harbor. Use when: (1) Redacting patient health information from FHIR resources before AI agent access, (2) Implementing de-identification for clinical data pipelines, (3) Understanding what fields are stripped, masked, or truncated in FHIR resources, (4) Building read paths that automatically protect patient privacy.
Share bugs, ideas, or general feedback.
Mental health and wellness analysis tool that identifies psychological patterns, assesses health status, and provides personalized recommendations integrated with sleep, exercise, and nutrition data.
The NPI Registry Connector gives Claude access to the US National Provider Identifier (NPI) Registry, containing information about all HIPAA-covered healthcare providers in the United States.
11 healthcare privacy skills: HIPAA Privacy/Security Rules, risk analysis, BAA management, de-identification, telehealth
Claude Code skill pack for OpenEvidence medical AI (24 skills)
HIPAA compliance advisor covering Privacy Rule, Security Rule, and Breach Notification — document generation, technical safeguards for cloud, and breach response.
Claude Code plugin for Shiny Health - cross-platform health data queries for Apple HealthKit and Android Health Connect in .NET MAUI
The security layer between AI agents and clinical data. A healthclaw.io open source project.
v1.3.0 | 288+ tests | 16 MCP tools | FHIR R4 US Core v9 + R6 v6.0.0-ballot3 | Fasten Connect | Open Wearables | Claude Code plugin
FHIR standardized how health data is structured. MCP standardized how AI connects to tools. Nobody standardized the guardrails in between. This project does.
Heart rate, HRV, SpO2, steps, sleep, BP, glucose, body weight — from Garmin, Oura, Polar, Suunto, Whoop, Fitbit, Strava, Ultrahuman — flow into HealthClaw as FHIR Observations with correct LOINC codes and device Provenance. Compiled Truth timelines now include wearable-sourced data; SmartHealthConnect's healthy-habits + diet-exercise skills read them through the same fhir_search they already use.
wearables docker-compose profile. It owns per-provider OAuth; we own the FHIR mapping.r6/wearables/mapper.py translates 13 metrics to LOINC + UCUM FHIR Observations. Unknown fields fall through with code.text — no data loss.WEARABLES_POLL_INTERVAL (default 900s), posts through /Bundle/$ingest-context with step-up + X-Agent-Id: wearable-sync.wearables_sync_status MCP tool (16 tools total) returns connection status + _meta.ui.resourceUri pointing at the new Connection Manager MCP App./r6/fhir/mcp-apps/wearables/ — cards per provider: connect / re-auth / sync / view.Quick start: OPEN_WEARABLES_URL=http://open-wearables:8000 docker-compose --profile wearables up -d.
Every other health tool shows you data. HealthClaw shows you the trail.
GET /<type>/<id>/$compiled-truth — returns current redacted resource + curation state + quality score + full Provenance timeline (newest first).fhir_compiled_truth MCP tool — agents call this before making resource-specific claims; responses carry _meta.ui.resourceUri pointing to an embeddable review surface./r6/fhir/mcp-apps/compiled-truth/<type>/<id> — focused HTML page: current data, evidence timeline, approve / re-evaluate actions. Zero install.curation_state (raw → in_review → curated) and quality_score (0.0–1.0) now persisted on every resource..health-context.yaml — single declaration of jurisdiction, audience, regulations, defaults. Read by the guardrail stack; mirrored in SmartHealthConnect.This is a vendor-neutral guardrail proxy that sits between any AI agent and any FHIR server. Every request passes through:
AI Agent ──▶ MCP Server ──▶ Guardrail Proxy ──▶ Any FHIR Server
↓ (HAPI, Epic,
PHI redaction Medplum, etc.)
Audit trail
Step-up auth
Human-in-the-loop
HealthClaw ships as a Claude Code plugin marketplace. Two plugins are available:
# Add the marketplace
claude plugin marketplace add aks129/HealthClawGuardrails
# Install the FHIR guardrail plugin (this repo)
claude plugin install healthclaw-guardrails@healthclaw-marketplace
# Install the personal-health companion plugin (SmartHealthConnect)
claude plugin install smarthealthconnect@healthclaw-marketplace
| Plugin | Skills | Source |
|---|---|---|
healthclaw-guardrails | curatr, fasten-connect, fhir-r6-guardrails, fhir-upstream-proxy, healthex-export, phi-redaction | aks129/HealthClawGuardrails |
smarthealthconnect | care-completion, diet-exercise, healthy-habits, kids-health, medication-refills, research-monitor | aks129/SmartHealthConnect |
Each skill is auto-discoverable — Claude loads it when your prompt matches the skill's trigger phrases (e.g. "check my care gaps", "redact this bundle", "run Curatr on my conditions").
# Install dependencies
uv sync
# Run (local mode with SQLite)
STEP_UP_SECRET=your-secret python main.py