// SCAN REPORT

Medplum MCP Server

37 tools. 17 can modify or destroy data without limits.

17 write tools that can modify data. Rate limits recommended.

Last updated:

17 can modify or destroy data
20 read-only
37 tools total

Community server · catalogue entry verified 11/06/2026

How to control Medplum MCP Server ↓

TOOL MAP

What Medplum MCP Server exposes to your agents

Read (20) Write / Execute (17) Destructive / Financial (0)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
High Risk

The most dangerous Medplum MCP Server tools

Write · High createCondition This tool creates new healthcare data (medical conditions/diagnoses) in a FHIR database. Write · Medium createEncounter This tool creates new healthcare data (encounter records) but does not delete or overwrite existing data irreversibly, nor does it execute arbitrary code or move financial assets. Write · Medium createEpisodeOfCare This tool creates new data in a FHIR-compliant healthcare system but does not delete, destroy, or move money. Write · High createMedication The tool creates medication resources in a healthcare FHIR database.

17 of Medplum MCP Server's 37 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Medplum MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and Medplum MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Rate limit write operations
{
  "createCondition": {
    "limits": [
      {
        "counter": "createcondition_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "generalFhirSearch": {
    "limits": [
      {
        "counter": "generalfhirsearch_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Medplum MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON MEDPLUM →

Free to start. No card required.

FULL CATALOGUE

All 37 Medplum MCP Server tools

WRITE 17 tools
Write createCondition Creates a new condition or diagnosis for a patient. Requires a patient ID and a condition code. Write createEncounter Creates a new encounter (patient visit). Requires patient ID and status. Write createEpisodeOfCare Creates a new episode of care for a patient. Requires patient ID and status. Write createMedication Creates a new medication resource. Requires medication code or identifier. Write createMedicationRequest Creates a new medication request (prescription). Requires patient ID, medication reference, and prescriber. Write createObservation Creates a new observation (lab result, vital sign, etc.). Requires patient ID and code. Write createOrganization Creates a new organization (e.g., hospital, clinic). Requires organization name. Write createPatient Creates a new patient resource. Requires first name, last name, and birth date. Write createPractitioner Creates a new medical practitioner. Requires given name and family name. Write updateCondition Updates an existing condition. Requires the condition ID and at least one field to update. Write updateEncounter Updates an existing encounter. Requires the encounter ID and the fields to update. Write updateEpisodeOfCare Updates an existing episode of care. Requires the episode ID and fields to update. Write updateMedicationRequest Updates an existing medication request. Requires the medication request ID and fields to update. Write updateObservation Updates an existing observation. Requires the observation ID and the fields to update. Write updateOrganization Updates an existing organization. Requires the organization ID and the fields to update. Write updatePatient Updates an existing patient Write updatePractitioner Updates an existing practitioner
READ 20 tools
Read generalFhirSearch Performs a generic FHIR search operation on any resource type with custom query parameters. Read getConditionById Retrieves a condition resource by its unique ID. Read getEncounterById Retrieves an encounter by its unique ID. Read getEpisodeOfCareById Retrieves an episode of care by its unique ID. Read getMedicationById Retrieves a medication by its unique ID. Read getMedicationRequestById Retrieves a medication request by its unique ID. Read getObservationById Retrieves an observation by its unique ID. Read getOrganizationById Retrieves an organization by its unique ID. Read getPatientById Retrieves a patient resource by their unique ID. Read getPractitionerById Retrieves a practitioner resource by their unique ID. Read searchConditions Searches for conditions based on patient and other criteria. Requires a patient ID. Read searchEncounters Searches for encounters based on criteria like patient ID or status. Read searchEpisodesOfCare Searches for episodes of care based on criteria like patient ID or status. Read searchMedicationRequests Searches for medication requests based on criteria like patient ID or medication. Read searchMedications Searches for medications based on criteria like code or name. Read searchObservations Searches for observations based on criteria like patient ID or code. Read searchOrganizations Searches for organizations based on criteria like name or address. Provide at least one criterion. Read searchPatients Searches for patients based on criteria like name or birth date. Read searchPractitioners Searches for practitioners based on various criteria like name, specialty, or identifier. Read searchPractitionersByName Searches for medical practitioners based on their given name, family name, or a general name string.
FAQ

Questions about Medplum MCP Server

How do I prevent bulk modifications through Medplum MCP Server? +

The Medplum MCP Server server has 17 write tools including createCondition, createEncounter, createEpisodeOfCare. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Medplum MCP Server.

How many tools does the Medplum MCP Server MCP server expose? +

37 tools across 2 categories: Read, Write. 20 are read-only. 17 can modify, create, or delete data.

How do I enforce a policy on Medplum MCP Server? +

Register the Medplum MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Medplum MCP Server tool call.

Deterministic rules across all 37 Medplum MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON MEDPLUM →

Free to start. No card required.

37 Medplum MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.