A HIPAA‑aligned audit trail that captures every MCP server request and response lets your organization prove that protected health information is accessed only by authorized tools and never leaves the control of your compliance team.
The Health Insurance Portability and Accountability Act requires that any system handling PHI maintain detailed logs of who accessed what data, when, and for what purpose. Those logs must be searchable, retained for the period defined by the regulation, and protected against tampering. In addition, HIPAA mandates that any transmission of PHI be protected, that access be granted on a least‑privilege basis, and that any automated tool that touches PHI be subject to the same audit and approval workflow as a human user.
Where organizations fall short today
Most teams that run MCP servers against BigQuery treat the server as a simple back‑end endpoint. A single service account key is baked into the deployment, and every downstream job uses that credential without additional checks. The result is a flat line of activity: the server talks to BigQuery, data flows, and the only record is the generic cloud‑provider log that shows an API call from the service account. That log does not reveal which internal tool issued the request, which user triggered the job, or whether the response contained PHI that should have been redacted.
Because the credential is static, any compromise gives an attacker unrestricted read/write access to the entire dataset. The lack of per‑request approval means a rogue automation script can exfiltrate PHI in minutes, and because the gateway does not sit in the data path, there is no place to enforce masking or block dangerous queries before they reach BigQuery.
How hoop.dev creates the required evidence
hoop.dev is positioned as a Layer 7 gateway that sits between the MCP server and the BigQuery endpoint. Every request passes through the gateway, which inspects the wire‑protocol, applies policy, and records the full session. Because the gateway holds the credential, the MCP server never sees the underlying secret, eliminating the risk of credential leakage.
When a request arrives, hoop.dev validates the caller’s OIDC token, extracts group membership, and decides whether the operation is allowed. If the request matches a rule that requires human review, such as a query that touches a PHI‑marked table, hoop.dev routes the request to an approval workflow before it reaches BigQuery. Approved requests are forwarded, while denied ones are blocked and logged.
For every response, hoop.dev can mask fields that contain PHI in real time, ensuring that downstream logs or downstream consumers never see raw identifiers. The full interaction, request, approval decision, masked response, and timestamps, is written to an audit log that can be configured for the retention period and integrity controls required by HIPAA.
Key enforcement outcomes
- hoop.dev records each MCP session, providing a complete, searchable audit trail for HIPAA auditors.
- hoop.dev masks sensitive columns in BigQuery responses, preventing PHI from leaking into downstream systems.
- hoop.dev enforces just‑in‑time approval for high‑risk queries, ensuring that only authorized personnel can run them.
- hoop.dev blocks commands that violate policy before they are executed, reducing the blast radius of a compromised service account.
- hoop.dev never exposes the underlying credential to the MCP server, eliminating credential‑theft vectors.
Getting started
Begin by deploying the gateway in the same network segment as your MCP servers. The official getting‑started guide walks you through a Docker‑Compose launch, OIDC configuration, and the registration of a BigQuery connection. Once the connection is registered, define policies that require approval for any query that accesses tables flagged as PHI. The learn section contains detailed examples of masking rules and approval workflow configuration.
All of the code is open source and available on GitHub. Contributions that add new compliance checks or improve audit‑log integration are welcomed.
FAQ
Does hoop.dev replace the need for cloud‑provider logs?
No. hoop.dev complements existing logs by adding per‑request, per‑user visibility and real‑time masking. Together they give a fuller picture for HIPAA evidence.
Can I use hoop.dev with existing service‑account keys?
Yes. The gateway stores the key securely and presents it only to BigQuery. Your MCP servers continue to use their existing authentication method, but they no longer need direct access to the key.
How long are the audit records retained?
Retention is configurable in the gateway’s policy store. You can align it with HIPAA’s required retention period, and the records remain protected for the duration.
