healthclaw

FHIR standardized health data. MCP standardized how AI connects to tools. HealthClaw standardizes the security, privacy, and clinical safety guardrails in between.

Comment

About the Project

Healthcare has a data problem, but it is no longer just a storage problem.

FHIR standardized healthcare data exchange. MCP standardized how AI agents interact with tools. But there is still a missing layer between AI systems and sensitive clinical data:

the guardrails.

That is why I built HealthClaw.io — an open-source interoperability and safety framework designed for healthcare AI agents. (healthclaw.io)

HealthClaw explores what happens when patients, developers, providers, and AI agents can securely collaborate using FHIR-native workflows, human approval systems, provenance tracking, and interoperability-first design.

The Why

Healthcare systems today are fragmented across portals, EHR vendors, APIs, payer systems, and disconnected workflows.

Patients rarely control or fully understand their own data. Developers spend enormous effort moving healthcare data instead of solving problems. AI systems can summarize information, but they cannot safely operate on clinical systems without trust, permissions, auditability, and governance.

Most healthcare AI discussions today focus on intelligence.

I believe the harder problem is interoperability + safety.

HealthClaw was built around a core question:

What would healthcare look like if AI agents could safely interact with clinical data using open standards and patient-centered guardrails?

What HealthClaw Does

HealthClaw acts as a guardrail layer between AI agents and FHIR servers. (healthclaw.io)

The platform introduces security, privacy, governance, and human review patterns for healthcare AI systems.

Core capabilities include:

  • PHI redaction on all read operations
  • Immutable audit trails
  • Human-in-the-loop clinical approval workflows
  • Step-up authorization using signed tokens
  • FHIR validation gates before writes
  • Permission evaluation using FHIR R6 concepts
  • MCP tooling for AI agent interoperability
  • Vendor-neutral upstream FHIR proxy support
  • Provenance-driven evidence tracking
  • Patient-approved data correction workflows

Instead of giving agents unrestricted access to clinical systems, HealthClaw creates a structured workflow where every operation is observable, reviewable, and governed.

Key Concepts

Compiled Truth + Provenance

One of the central ideas behind HealthClaw is the concept of compiled truth.

Rather than simply returning raw FHIR resources, the system combines:

  • current clinical state
  • provenance history
  • evidence timelines
  • curation status
  • quality scoring

into a reviewable interaction model for both humans and agents. (healthclaw.io)

This creates explainable healthcare AI workflows instead of opaque agent behavior.

Curatr — Patient Data Quality

HealthClaw also includes Curatr, a patient-facing data quality engine.

Curatr evaluates FHIR resources against:

  • ICD-10
  • SNOMED CT
  • RxNorm
  • terminology services
  • structural validation rules

and explains issues in plain language. (healthclaw.io)

Patients can review and approve proposed fixes while maintaining a full provenance trail.

This shifts healthcare data quality from institution-only workflows toward patient participation.

Upstream FHIR Proxy

The platform supports secure proxying into real FHIR ecosystems including:

  • HAPI FHIR
  • SMART Health IT
  • Epic sandbox environments
  • Medplum
  • AWS HealthLake

while maintaining:

  • PHI redaction
  • audit logging
  • URL rewriting
  • validation
  • authorization guardrails

for every request. (SkillsMP)

Technical Stack

HealthClaw combines several modern interoperability technologies:

  • HL7 FHIR R4 + R6
  • SMART-on-FHIR concepts
  • MCP (Model Context Protocol)
  • Flask-based guardrail proxy
  • Node.js MCP server
  • Provenance-based auditing
  • Fasten Connect integrations
  • Open wearable ingestion
  • Human approval workflows
  • Multi-agent interoperability patterns

The system is intentionally open-source and vendor-neutral. (healthclaw.io)

Inspiration

This project came from years of working across:

  • healthcare interoperability
  • FHIR analytics
  • payer-provider exchange
  • quality measurement
  • population health
  • healthcare data quality
  • AI-assisted healthcare tooling

I also explored many of these ideas through ongoing writing on my Substack and FHIR IQ projects, especially around:

  • healthcare fragmentation
  • patient-controlled data
  • healthcare AI infrastructure
  • open ecosystems
  • interoperability realities
  • AI agent orchestration

A recurring pattern became obvious:

Healthcare keeps building smarter systems on top of disconnected foundations.

HealthClaw attempts to address the foundation itself.

Challenges

Building healthcare AI infrastructure is very different from building generic AI applications.

Some of the hardest challenges included:

  • balancing AI autonomy with clinical safety
  • handling inconsistent FHIR implementations
  • building explainable workflows
  • managing healthcare authorization patterns
  • preserving patient privacy
  • enabling human review without destroying usability
  • maintaining interoperability across vendors

Healthcare requires:

  • trust
  • provenance
  • governance
  • auditability
  • transparency

not just intelligence.

What I Learned

This project reinforced several major lessons:

  1. FHIR is the foundation, not the end state.
  2. AI agents require healthcare-native guardrails.
  3. Provenance matters as much as predictions.
  4. Patients need understandable, usable health intelligence.
  5. Open ecosystems will likely outperform closed healthcare AI platforms long term.

Most importantly:

Healthcare does not just need better AI.

It needs infrastructure that allows intelligence, interoperability, trust, and humans to work together.

Built With

Share this project:

Updates