1. Overview
IntakeBella provides a Model Context Protocol (MCP) server that enables authorized AI assistants and tools to interact with pharmacy intake data through a standardized interface. This policy governs MCP server access and data handling.
2. What is MCP?
The Model Context Protocol is an open standard that allows AI tools to securely access structured data. IntakeBella's MCP server provides read and write access to intake records, patient information, and workflow data through authenticated, scoped connections.
3. Authentication & Authorization
- MCP connections require a valid API key with MCP scope enabled
- Each connection is scoped to a single customer's data
- Read and write permissions are separately configurable
- All MCP operations are logged in the audit trail
4. Data Access Scope
The MCP server provides access to:
- Intake records and status information
- Patient demographic data (with PHI handling requirements)
- Workflow status and task assignments
- Document metadata (not document content directly)
- Prior authorization status and tracking
5. PHI & HIPAA Compliance
- All MCP data transmission is encrypted via TLS 1.2+
- PHI accessed via MCP is subject to HIPAA minimum necessary requirements
- AI tools connecting via MCP must have a signed BAA in place
- MCP sessions are time-limited and automatically expire
- PHI must not be cached or stored by connecting AI tools beyond the session
6. Acceptable Use
MCP access may not be used to:
- Train AI models on patient data
- Bulk export or replicate patient databases
- Access data outside the authenticated customer scope
- Automate actions without appropriate human oversight for clinical decisions
7. Contact
For MCP access or questions, contact us at api@intakebella.com.