Pipeyard
Log inSign up

Epic FHIR MCP Connector

Epic EHR
healthcareStatus: Active4.8 ratingSecurity score: 9/10Context size: Medium

Connect AI agents to Epic EHR using FHIR R4 for patient demographics, clinical observations, medications, and appointments.

Back to catalogView API docsView on GitHub

Auth notes

SMART on FHIR OAuth 2.0 with JWT client assertions. Register app at fhir.epic.com — free for developers. Use Epic sandbox at fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4. Production access requires partnership with a health system that uses Epic. Store JWT private key securely — never expose in client-side code.

Rate limits

Rate limits set per health system deployment — not universal. Epic sandbox allows approximately 100 requests per minute. Production limits vary by health system. Implement exponential backoff on all 429 responses. Bulk FHIR $export operations are async and may take minutes to hours.

Edge cases

Each health system customizes their Epic deployment — FHIR resource availability varies between organizations. FHIR version support varies — some organizations still use STU3 not R4. Patient IDs are Epic-system-specific and not portable between health systems. HIPAA compliance is mandatory — never log PHI in plain text. Bulk export requires separate approval.

Sandbox testing

Run test calls against Epic EHR from Pipeyard. Try prompts below to see a simulated response; real MCP integration is coming in a future release.

Have a connector you'd like us to prioritize or a specific test flow you care about? Use the Requests page to submit new ideas.

Quick Start — curl example

curl
curl -X GET "https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/Patient?family=Smith&given=John" \
  -H "Authorization: Bearer {access_token}" \
  -H "Accept: application/fhir+json"

Credential Setup Guide

  1. 11. Go to fhir.epic.com and create a free developer account
  2. 22. Register your app and select the FHIR scopes you need (patient/*.read, etc)
  3. 33. For sandbox testing use the endpoint: https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4
  4. 44. Use SMART on FHIR OAuth 2.0 — direct users to Epic authorization endpoint
  5. 55. Exchange authorization code for tokens at https://fhir.epic.com/interconnect-fhir-oauth/oauth2/token
  6. 66. IMPORTANT: Production access requires partnership with a health system that uses Epic
  7. 77. All data handling must comply with HIPAA — never log patient data in plain text
  8. 88. Use Epic sandbox test patients — MyChart username: fhircamila, password: epicepic1

Example API Response

Sample data
curl
{
  "resourceType": "Patient",
  "id": "eJzlzMCmfKMkPV.UxoYvvEw3",
  "name": [
    {
      "use": "official",
      "family": "Smith",
      "given": [
        "John",
        "Michael"
      ]
    }
  ],
  "birthDate": "1985-04-12",
  "gender": "male",
  "address": [
    {
      "city": "San Francisco",
      "state": "CA",
      "postalCode": "94102"
    }
  ],
  "telecom": [
    {
      "system": "phone",
      "value": "415-555-0199",
      "use": "home"
    }
  ]
}