MCP Architecture Guide for Healthcare: Connecting Clinical Systems to AI Agents
A practical walkthrough for CIOs, CTOs, CMIOs, and healthcare technology leadership.
See the Medical/Healthcare AI overview for business context, or the general MCP architecture guide for a broader introduction to MCP.
In this guide
- 1. The healthcare data problem
- 2. Inventory your systems
- 3. Build MCP servers for each system
- 4. Add an MCP broker
- 5. Connect agents
- 6. Example: Clinical decision support across systems
- 7. Example: Prior authorization workflow
- 8. Example: Care coordination across providers
- 9. Security checklist for healthcare
- 10. Next steps
1. The healthcare data problem
Healthcare organizations run on fragmented systems. Clinical data lives in Epic or Cerner. Practice management runs through athenahealth or NextGen. Lab results come from LabCorp or Quest. Prescriptions flow through Surescripts. Revenue cycle sits in Waystar or Availity.
Clinicians waste hours switching between platforms, re-entering information, and manually cross-referencing data across systems. A physician checking drug interactions has to consult the EHR, the pharmacy system, and possibly the formulary — three systems, three searches, three sets of results to reconcile.
MCP (Model Context Protocol) solves this by giving AI agents a standardized way to query each system through a thin API wrapper called an MCP server. Every MCP server runs on your infrastructure — inside your network, under your control. No PHI ever leaves your servers.
The result: a clinician asks a question in natural language, and the agent pulls the answer from whichever systems hold the relevant data — all within your air-gapped environment.
2. Inventory your systems
Before building anything, catalog the systems your organization relies on. Each system becomes a candidate for an MCP server. Healthcare systems benefit from HL7 FHIR as a standardized data exchange format.
| System | Category | Example Products | API Standard |
|---|---|---|---|
| EHR | Clinical | Epic, Cerner/Oracle Health, Allscripts, athenahealth | HL7 FHIR |
| Practice Management | Operations | athenahealth, AdvancedMD, Kareo, NextGen | REST |
| Lab & Imaging | Diagnostics | LabCorp, Quest, PACS systems | HL7 FHIR / DICOM |
| Revenue Cycle | Billing | Waystar, Availity, Change Healthcare | REST / X12 |
| Pharmacy | Medications | Surescripts, DrFirst, RxNorm | NCPDP / FHIR |
| Telehealth | Virtual Care | Zoom for Healthcare, Doxy.me, Teladoc | REST |
| Patient Portal | Engagement | MyChart, athenahealth Patient Portal | HL7 FHIR |
| SSO / Identity | Security | Okta, Azure AD, SAML, smart card | SCIM / REST |
Your organization may use different products — what matters is the category. Every category is a candidate for an MCP server that runs on your infrastructure.
3. Build MCP servers for each system
Each system gets a thin API wrapper — an MCP server — that exposes a small set of tools. The server translates natural-language-friendly tool calls into the system's native API (typically HL7 FHIR for clinical systems).
Critical: Every MCP server runs on your organization's servers, inside your network perimeter. No PHI, clinical data, or patient information ever transits through any third-party infrastructure.
Example — an Epic MCP server (via HL7 FHIR) might expose these tools:
# Epic MCP Server (HL7 FHIR) — runs on YOUR servers tools: - get_patient_summary(patient_id) - search_patients(name, dob, mrn) - get_medications(patient_id, status) - get_lab_results(patient_id, test_type, date_range) - get_care_plan(patient_id)
A Surescripts MCP server might expose:
# Surescripts MCP Server — runs on YOUR servers tools: - check_drug_interactions(medications) - get_formulary_status(medication, insurance_plan) - get_prescription_history(patient_id, date_range)
Each server is a standalone service. If Epic has a maintenance window, the pharmacy server still works. If you switch from Surescripts to DrFirst, you replace one MCP server — agents don't change.
4. Add an MCP broker
The broker sits between agents and MCP servers. It routes requests, enforces access policies, and logs everything for HIPAA compliance and audit.
Why a broker matters for healthcare: HIPAA's minimum necessary standard requires that users only access the PHI needed for their specific role. The broker enforces this — every request is authenticated, authorized, and logged.
| Role | Can Access | Cannot Access |
|---|---|---|
| Physician | Assigned patients, clinical data, lab results, imaging | Unassigned patients, billing data |
| Nurse | Assigned unit patients, vitals, medications, care plans | Financial data, unassigned patients |
| Medical Coder | Encounter documentation, diagnosis codes, procedures | Full clinical notes, patient PII |
| Patient Portal | Their own records, lab results, medications, appointments | All other patient data |
Every request through the broker generates an audit log entry: who asked, what they asked, which systems were queried, what was returned. These logs are exportable for HIPAA audits, compliance investigations, and quality reviews.
5. Connect agents
Agents don't connect to Epic, Surescripts, or Waystar directly. They talk to the broker, which routes to the right MCP server based on the question.
Physician asks:
"What medications is patient Martinez currently
taking, and are there any interactions with
the metformin I'm considering prescribing?"
Broker routes to:
1. Epic MCP → get_medications("martinez", "active")
2. Surescripts MCP → check_drug_interactions(
["lisinopril", "atorvastatin", "metformin"]
)
Agent responds:
"Patient Martinez is currently on lisinopril 10mg
daily and atorvastatin 20mg daily. No significant
interactions found with metformin 500mg.
Note: Monitor renal function — both metformin and
lisinopril affect kidney function. Latest eGFR
from 2026-01-15 is 72 mL/min (adequate for
metformin initiation)."
All PHI stayed on your servers.The physician sees a natural-language answer. Behind the scenes, the broker verified their access to the patient, queried two MCP servers, and logged the entire interaction — all within your network.
6. Example: Clinical decision support across systems
Scenario: A physician needs to evaluate a patient's current medications before prescribing a new antibiotic.
Physician asks:
"Patient Williams needs an antibiotic for a UTI.
Check current medications and allergies, then
recommend options compatible with her profile."
Agent flow:
1. Epic MCP → get_medications("williams", "active")
2. Epic MCP → get_allergies("williams")
3. Surescripts MCP → check_drug_interactions(
current_meds + ["nitrofurantoin",
"trimethoprim-sulfamethoxazole",
"ciprofloxacin"]
)
4. Surescripts MCP → get_formulary_status(
["nitrofurantoin", "TMP-SMX"],
insurance="Blue Cross PPO"
)
Agent responds:
"Patient Williams — current meds: warfarin 5mg,
metoprolol 50mg, omeprazole 20mg.
Allergies: Penicillin (rash), Sulfa (hives).
Antibiotic analysis:
- Nitrofurantoin: RECOMMENDED. No interactions.
Formulary Tier 1 ($5 copay).
- TMP-SMX: CONTRAINDICATED. Sulfa allergy.
- Ciprofloxacin: CAUTION. Significant interaction
with warfarin — increases INR. Avoid unless
no alternative.
Recommendation: Nitrofurantoin 100mg BID x 5 days.
Monitor INR at next visit regardless."
Clinical data never left your servers.7. Example: Prior authorization workflow
Scenario: A staff member needs to complete a prior authorization for an MRI.
Staff member asks:
"Start a prior auth for MRI lumbar spine for
patient Thompson. Diagnosis: chronic low back
pain, failed 6 weeks of physical therapy."
Agent flow:
1. Epic MCP → get_patient_summary("thompson")
2. Epic MCP → get_encounters("thompson",
type="physical_therapy",
date_range="last_90_days"
)
3. Payer MCP → get_auth_requirements(
procedure="MRI lumbar spine",
insurance="Aetna PPO",
diagnosis="M54.5"
)
4. Payer MCP → submit_auth_request(
patient="thompson",
procedure="72148",
clinical_docs=[...attached]
)
Agent responds:
"Prior authorization submitted to Aetna PPO:
- Procedure: MRI Lumbar Spine (CPT 72148)
- Diagnosis: M54.5 (Low back pain)
- Supporting documentation:
- 8 PT visits over 6 weeks (confirmed in EHR)
- Failed conservative treatment documentation
- Referring physician: Dr. Garcia
Aetna auth reference #: PA-2026-45678
Expected turnaround: 2-3 business days.
Auto-follow-up scheduled for 72 hours.
All required clinical criteria met per
Aetna's imaging guidelines."
All patient data processed on your servers.8. Example: Care coordination across providers
Scenario: A care coordinator needs to arrange a specialist referral and ensure continuity of care.
Care coordinator asks:
"Patient Davis needs a cardiology referral for
new-onset atrial fibrillation. Find an in-network
cardiologist, prepare the referral, and send
relevant records."
Agent flow:
1. Epic MCP → get_patient_summary("davis")
2. Epic MCP → get_lab_results("davis",
tests=["CBC", "TSH", "BMP", "troponin"],
date_range="last_30_days"
)
3. Practice Mgmt MCP → find_specialists(
specialty="cardiology",
insurance="UnitedHealthcare HMO",
availability="next_2_weeks"
)
4. Referral MCP → create_referral(
patient="davis",
specialist="Dr. Kim, Cardiology Associates",
records=["EKG", "echo_order", "med_list"]
)
Agent responds:
"Referral prepared for Patient Davis:
- Specialist: Dr. Sarah Kim, Cardiology Associates
(in-network, UHC HMO). Next available: Feb 12.
- Referral authorization: Submitted (HMO required)
Records package prepared:
- Recent EKG showing AFib with RVR
- Current medication list (metoprolol started
by ED, warfarin pending)
- Lab results: TSH normal, troponin negative
- ED visit summary from Jan 28
Patient contacted: Feb 12 at 2:00 PM confirmed.
Follow-up with PCP scheduled for Feb 19."
Referral processed entirely on your network.9. Security checklist for healthcare
Healthcare AI has unique security requirements driven by HIPAA, state privacy laws, and clinical safety obligations.
- ✓All MCP servers on your infrastructure — no cloud relay, no third-party processing. PHI never transits through any external system.
- ✓Air-gapped deployment available — for organizations requiring maximum PHI protection, the entire AI infrastructure can run without internet connectivity.
- ✓Role-based access per HIPAA minimum necessary — users only access the PHI needed for their specific role. Enforced automatically at the broker level.
- ✓Full audit logs — every agent interaction logged with who asked, what was queried, and what was returned. Exportable for HIPAA audits and compliance reviews.
- ✓No BAA needed with AI vendor — you own and operate everything. No third-party vendor processes or stores PHI, so no Business Associate Agreement is required.
- ✓Full code ownership — you own the entire platform source code. Inspect, modify, and audit every line. No black-box vendor dependencies.
- ✓Encryption at rest and in transit — all data encrypted within your network. TLS between components, AES-256 at rest.
- ✓AI assists, never replaces clinical judgment — agents provide evidence-based guidance and workflow automation. Clinicians maintain full supervisory control over all AI output.
10. Next steps
Ready to connect your organization's systems to AI agents — on your own servers, with full code ownership?
- 1.Free 30-minute assessment — we'll map your systems, identify MCP server candidates, and outline the architecture. Schedule now →
- 2.Calculate your costs — see how ibl.ai compares to per-clinician healthcare AI tools. AI Cost Calculator →
- 3.Check your readiness — 5 questions, 2 minutes. AI Readiness Assessment →
- 4.Explore the Healthcare AI overview — see all available agents and capabilities. Healthcare AI Solutions →
Also available: MCP Architecture Guides for Enterprise, Government, Higher Education, K-12, Legal, Financial Services, and Hospital/Health Systems.
For a general introduction to MCP, see the MCP Architecture Guide.