mcp-fhir

@flexpa/mcp-fhir is an experimental MCP (Model Context Protocol) server that connects to a FHIR server using SMART on FHIR access tokens. It exposes MCP tools to search for FHIR resources and read individual FHIR resources, returning results in FHIR JSON and supporting resource access via fhir:// URIs.

Evaluated Mar 30, 2026 (22d ago)
Repo ↗ Ai Ml mcp fhir healthcare smart-on-fhir api-integration typeScript experimental
⚙ Agent Friendliness
48
/ 100
Can an agent use this?
🔒 Security
49
/ 100
Is it safe for agents?
⚡ Reliability
19
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
62
Documentation
70
Error Messages
0
Auth Simplicity
55
Rate Limits
10

🔒 Security

TLS Enforcement
60
Auth Strength
65
Scope Granularity
15
Dep. Hygiene
45
Secret Handling
55

Uses a SMART on FHIR access token supplied via environment variables. The README does not specify token storage/logging behavior, TLS requirements, or fine-grained scope constraints. It also does not document handling of sensitive FHIR data returned to the MCP client.

⚡ Reliability

Uptime/SLA
0
Version Stability
25
Breaking Changes
30
Error Recovery
20
AF Security Reliability

Best When

Prototyping an MCP-based assistant workflow over FHIR data where the FHIR server and token handling are already managed securely.

Avoid When

When you need a documented, stable, production-grade integration contract or when rate limits/error semantics from the MCP server are critical to automate robustly.

Use Cases

  • Integrate an LLM client that supports MCP with a FHIR backend
  • Search FHIR resources by resourceType and searchParams
  • Read specific FHIR resources by URI and provide results as context for downstream LLM workflows

Not For

  • Production clinical workloads without additional validation and hardening
  • Environments that cannot provide (or securely handle) a SMART on FHIR access token
  • Use cases requiring strict privacy-by-design controls without further configuration/auditing

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: SMART on FHIR access token via environment variable FHIR_ACCESS_TOKEN
OAuth: No Scopes: No

Authentication is described as a SMART on FHIR access token provided through FHIR_ACCESS_TOKEN. The README does not document scopes, refresh flow, or token lifecycle management.

Pricing

Free tier: No
Requires CC: No

No pricing information provided (appears to be an open-source package/library).

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • README does not describe pagination or how to handle FHIR Bundle pagination for large searches
  • No explicit guidance on retry behavior for transient failures
  • Operational debugging requires using the MCP Inspector; stdio-based debugging may be nontrivial

Alternatives

Direct FHIR REST API integration (FHIR client libraries) Using an existing production MCP server for healthcare/FHIR if available Building a custom MCP server wrapper around the FHIR REST API with OpenAPI-aligned tooling

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for mcp-fhir.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-30.

8642
Packages Evaluated
17761
Need Evaluation
586
Need Re-evaluation
Community Powered