Open Source · MIT License · FHIR R4 + R6

The guardrail layer between
AI agents and clinical data

FHIR standardized health data. MCP standardized how AI connects to tools. HealthClaw standardizes the security, privacy, and clinical safety guardrails in between.

Try the Live Dashboard Read the Docs
0
MCP Tools
0
FHIR Resource Types
0
Tests Passing
0
Guardrail Layers
New in v1.2.0 · Compiled Truth

See what your record says now — and why it says that.

Every other health tool shows you data. HealthClaw shows you the trail. One FHIR operation, one MCP tool, one review surface. Built on the dead-simple primitive every PHR is missing: current state + append-only evidence.

📖
One primitive
GET /$compiled-truth

Returns a FHIR Parameters bundle: the redacted current resource, its curation state, quality score, and the full Provenance timeline — newest first. Nothing hidden.

🧩
One MCP tool
fhir_compiled_truth

Agents call this before making resource-specific claims. Responses carry _meta.ui.resourceUri — an embeddable review surface. No more chat-text walls of fine print.

🗂️
One review surface
MCP App · native HTML

A focused page renders exactly when the agent needs it: current data left, evidence right, approve / re-evaluate bottom. Zero install. No app-nobody-opens.

// Example: agent reads the compiled truth before answering
curl -H "X-Tenant-Id: your-tenant" \
    https://healthclaw.io/r6/fhir/Condition/<id>/$compiled-truth
// Or via MCP from Claude Desktop
> fhir_compiled_truth(resource_type="Condition", resource_id="<id>")

Inspired by the compiled-truth + append-only-evidence pattern. Backed by R6 Provenance. Patient-first by construction.

How it works

Every request passes through 6 layers

When an AI agent accesses clinical data through HealthClaw, each request is validated, redacted, authorized, and recorded before anything touches the FHIR server.

🛡️
PHI Redacted
Names, addresses, DOB stripped before agent sees data
$validate Gate
Structural validation before any write proposal
🔒
Permission Eval
R6 Permission $evaluate: deny by default
🔑
HMAC Step-up
Signed token with 128-bit nonce, 5-min TTL
👤
Human Gate
Clinical writes blocked until human confirms
📋
Audit Trail
Immutable, append-only record of every action
PHI Redaction

The agent never sees raw patient data

Applied on every read path: direct reads, search results, upstream proxy responses, and context envelopes. Agents work with safe, de-identified data by default.

Stored in FHIR Server
name: Maria Elena Rivera mrn: MRN-2026-4471 phone: 617-555-0198 address: 123 Clinical Ave, Boston MA 02101 dob: 1985-03-15
Delivered to AI Agent
name: M. E. Rivera mrn: ***4471 phone: [Redacted] address: Boston, MA dob: 1985
Built for

Three paths, one guardrail stack

Whether you're building an AI health agent, managing your own health data, or evaluating compliance infrastructure — HealthClaw meets you where you are.

AI Agent Developer
Ship HIPAA-safe agents in minutes, not months
  • 15 MCP tools — drop into Claude Desktop or any MCP client
  • One-line Claude Code install (marketplace below)
  • Works with any FHIR server (HAPI, Epic, Medplum, AWS)
  • PHI redaction, audit, step-up auth — zero config
Quick Start →
💊
Patient / Consumer
See what's wrong with your health data — and fix it
  • Curatr checks records against live medical code databases
  • Plain-language explanations of coding errors and their impact
  • You approve every fix — full provenance trail, no black boxes
  • Connect 1,000+ EHR systems via Fasten Connect
  • Wearable data (Garmin, Oura, Polar, Whoop, Fitbit) via Open Wearables
Try Curatr →
🏥
Health System / Payer
Let AI agents touch clinical data without a compliance disaster
  • Vendor-neutral proxy — works with your existing FHIR stack
  • Tenant isolation, immutable audit, OAuth 2.1 + PKCE
  • Human-in-the-loop for clinical writes (HTTP 428 pattern)
  • 288 tests, Playwright e2e, open source (MIT)
Architecture →
Claude Code Plugin

Install HealthClaw skills into Claude Code in one line

The healthclaw-marketplace hosts two plugins that ship as auto-discoverable Claude Code skills. Add the marketplace once, install either plugin, and Claude invokes the right skill whenever your prompt matches its triggers — no manual tool wiring.

// Add the marketplace (once)
$ claude plugin marketplace add aks129/HealthClawGuardrails
// Install the guardrail plugin (FHIR + MCP + Curatr + Fasten Connect)
$ claude plugin install healthclaw-guardrails@healthclaw-marketplace
// Or install the personal-health companion
$ claude plugin install smarthealthconnect@healthclaw-marketplace
🛡️
healthclaw-guardrails
FHIR agent guardrails + EHR integration
  • fhir-r6-guardrails — 15 MCP tools, PHI redaction, step-up auth, audit
  • curatr — data-quality evaluation + patient-approved fixes
  • fasten-connect — EHR + TEFCA ingestion
  • phi-redaction — HIPAA Safe Harbor de-identification
  • fhir-upstream-proxy — HAPI · Epic · Medplum
  • healthex-export — portable FHIR bundle export
💚
smarthealthconnect
Personal health management skills
  • care-completion — HEDIS preventive-care gaps
  • medication-refills — refill windows + projections
  • healthy-habits — longitudinal health dashboard
  • diet-exercise — activity logging + correlations
  • kids-health — CDC schedules + school compliance
  • research-monitor — trials, preprints, FDA signals
View on GitHub →

Marketplace manifest: .claude-plugin/marketplace.json · Skills authored against Anthropic's Skill Authoring Guide

Curatr — Patient Data Quality

Your health data is full of errors. Now you can fix them.

Curatr evaluates FHIR resources against live public terminology services, explains issues in plain language, and lets you approve fixes with full provenance tracking.

critical
Deprecated ICD-9
Local lookup
warning
Invalid ICD-10-CM
NLM Clinical Tables
warning
Unknown SNOMED CT
tx.fhir.org
warning
Missing RxNorm
RXNAV API
info
Display mismatch
Cross-check
warning
Missing fields
Structural

Every approved fix creates a linked Provenance resource recording patient intent, field changes, and agent attribution — recorded in the immutable audit trail. No black-box corrections.

Comparison

Vendor-neutral by design

HealthClaw works with any FHIR server. The guardrails are the product, not the data layer.

HealthClaw AWS HealthLake Medplum MCP Raw FHIR
Any FHIR server
PHI redaction on reads
Immutable audit trail Separate Partial
Step-up auth for writes Separate Built-in
Human-in-the-loop
R6 Permission $evaluate
Setup time 10 sec 30+ min 15+ min Varies
Get Started

Running in 10 seconds

No accounts. No API keys. No cloud setup. Clone, install, run.

# Install + run in 10 seconds
uv sync
STEP_UP_SECRET=your-secret python main.py

# Or with Docker
docker-compose up -d --build

# Connect to your FHIR server
FHIR_UPSTREAM_URL=https://hapi.fhir.org/baseR4 python main.py
From the Builder

The why behind this

Building a New, Empowered Health System

The current health data system was built around institutions, not patients. What happens when we flip that?

Read on Substack →
How I Build My Personal OpenClaw

A walkthrough of building an AI health agent using OpenClaw skills and HealthClaw Guardrails with real health data.

Read on Substack →
Stay in the loop

Get release notes & new guardrail patterns

A short email when we ship a new MCP tool, redaction rule, or upstream-server integration. No marketing — just what's actually changed in the repo.

Subscribers get the quickstart guide PDF as a thank-you. Or grab it now: healthclaw-quickstart.pdf · explore the skill catalogue.
We use Resend to deliver mail from updates@healthclaw.io. One-click unsubscribe in every email.