Open Source · MIT License · FHIR R4 + R6

The guardrail layer between
AI agents and clinical data

FHIR standardized health data. MCP standardized how AI connects to tools. HealthClaw standardizes the security, privacy, and clinical safety guardrails in between.

Try the Live Dashboard Read the Docs
0
MCP Tools
0
FHIR Resource Types
0
Tests Passing
0
Guardrail Layers
How it works

Every request passes through 6 layers

When an AI agent accesses clinical data through HealthClaw, each request is validated, redacted, authorized, and recorded before anything touches the FHIR server.

🛡️
PHI Redacted
Names, addresses, DOB stripped before agent sees data
$validate Gate
Structural validation before any write proposal
🔒
Permission Eval
R6 Permission $evaluate: deny by default
🔑
HMAC Step-up
Signed token with 128-bit nonce, 5-min TTL
👤
Human Gate
Clinical writes blocked until human confirms
📋
Audit Trail
Immutable, append-only record of every action
PHI Redaction

The agent never sees raw patient data

Applied on every read path: direct reads, search results, upstream proxy responses, and context envelopes. Agents work with safe, de-identified data by default.

Stored in FHIR Server
name: Maria Elena Rivera mrn: MRN-2026-4471 phone: 617-555-0198 address: 123 Clinical Ave, Boston MA 02101 dob: 1985-03-15
Delivered to AI Agent
name: M. E. Rivera mrn: ***4471 phone: [Redacted] address: Boston, MA dob: 1985
Built for

Three paths, one guardrail stack

Whether you're building an AI health agent, managing your own health data, or evaluating compliance infrastructure — HealthClaw meets you where you are.

AI Agent Developer
Ship HIPAA-safe agents in minutes, not months
  • 12 MCP tools — drop into Claude Desktop or any MCP client
  • Works with any FHIR server (HAPI, Epic, Medplum, AWS)
  • PHI redaction, audit, step-up auth — zero config
  • uv sync && python main.py — running in 10 seconds
Quick Start →
💊
Patient / Consumer
See what's wrong with your health data — and fix it
  • Curatr checks records against live medical code databases
  • Plain-language explanations of coding errors and their impact
  • You approve every fix — full provenance trail, no black boxes
  • Connect 1,000+ EHR systems via Fasten Connect
Try Curatr →
🏥
Health System / Payer
Let AI agents touch clinical data without a compliance disaster
  • Vendor-neutral proxy — works with your existing FHIR stack
  • Tenant isolation, immutable audit, OAuth 2.1 + PKCE
  • Human-in-the-loop for clinical writes (HTTP 428 pattern)
  • 266 tests, Playwright e2e, open source (MIT)
Architecture →
Curatr — Patient Data Quality

Your health data is full of errors. Now you can fix them.

Curatr evaluates FHIR resources against live public terminology services, explains issues in plain language, and lets you approve fixes with full provenance tracking.

critical
Deprecated ICD-9
Local lookup
warning
Invalid ICD-10-CM
NLM Clinical Tables
warning
Unknown SNOMED CT
tx.fhir.org
warning
Missing RxNorm
RXNAV API
info
Display mismatch
Cross-check
warning
Missing fields
Structural

Every approved fix creates a linked Provenance resource recording patient intent, field changes, and agent attribution — recorded in the immutable audit trail. No black-box corrections.

Comparison

Vendor-neutral by design

HealthClaw works with any FHIR server. The guardrails are the product, not the data layer.

HealthClaw AWS HealthLake Medplum MCP Raw FHIR
Any FHIR server
PHI redaction on reads
Immutable audit trail Separate Partial
Step-up auth for writes Separate Built-in
Human-in-the-loop
R6 Permission $evaluate
Setup time 10 sec 30+ min 15+ min Varies
Get Started

Running in 10 seconds

No accounts. No API keys. No cloud setup. Clone, install, run.

# Install + run in 10 seconds
uv sync
STEP_UP_SECRET=your-secret python main.py

# Or with Docker
docker-compose up -d --build

# Connect to your FHIR server
FHIR_UPSTREAM_URL=https://hapi.fhir.org/baseR4 python main.py
From the Builder

The why behind this

Building a New, Empowered Health System

The current health data system was built around institutions, not patients. What happens when we flip that?

Read on Substack →
How I Build My Personal OpenClaw

A walkthrough of building an AI health agent using OpenClaw skills and HealthClaw Guardrails with real health data.

Read on Substack →