HIPAA for MCP servers: securing tool access without losing the audit trail (on Postgres)

Many think that simply running an MCP server behind a cloud firewall automatically satisfies HIPAA because the infrastructure is “secure by default.” In reality, HIPAA audits demand concrete evidence of who accessed protected health information, when, and under what controls.

Why the current approach falls short of HIPAA

Today, most teams launch MCP servers that query PostgreSQL directly with a shared service account. The credential lives in a configuration file or an environment variable, and every developer can connect with the same password. A gate does not route any request, so the system cannot record the exact SQL statement, mask patient identifiers, or require an approval before a risky query runs. When a breach occurs, the logs only show a generic connection event. They do not prove that the individual who issued the query was authorized, nor do they demonstrate that protected data was protected at the moment of access.

What a minimal fix looks like, and what it still misses

Introducing non‑human identities, such as short‑lived OIDC tokens, and assigning least‑privilege roles to those tokens is a necessary first step. The token tells the PostgreSQL instance who the caller is, and the role limits the tables that can be read. However, the request still travels straight from the MCP server to the database. No component sits on that path to capture the full query, no inline masking protects PHI in the response, and no workflow can pause a dangerous operation for a compliance officer’s sign‑off. Without a data‑path gateway, the organization cannot produce the audit artifacts that HIPAA auditors require.

How hoop.dev creates an audit‑ready data path

hoop.dev acts as a Layer 7 gateway that sits between the MCP server and PostgreSQL. Every connection is proxied through the gateway, which inspects the wire‑protocol traffic before it reaches the database. Because hoop.dev is the only point where traffic flows, it can enforce the controls that HIPAA expects.

When a developer’s OIDC token is presented, hoop.dev validates the token, extracts group membership, and decides whether to grant a just‑in‑time session. If the request is allowed, hoop.dev records the full SQL statement, the identity that issued it, and the exact timestamp. hoop.dev keeps the session data available for later query, providing the evidence needed for compliance.

In addition to logging, hoop.dev can mask protected fields in query results. For example, a column containing Social Security Numbers is replaced with a placeholder before the data leaves the gateway, ensuring that downstream tools never see raw PHI unless explicitly permitted. If a query matches a risk pattern – such as a DELETE without a WHERE clause – hoop.dev blocks the command and routes it to a human approver, creating a documented approval trail.

Continue reading? Get the full guide.

Audit Trail Requirements + Single Sign-On (SSO): Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Key enforcement outcomes for HIPAA

Session recording: hoop.dev captures every command and response, producing a replayable audit trail that shows exactly what data was accessed.
Inline data masking: Sensitive columns are redacted in real time, preventing accidental exposure while still allowing the MCP server to function.
Just‑in‑time access: Users receive short‑lived credentials that expire after the session, limiting the blast radius of any compromised token.
Approval workflows: High‑risk statements trigger a manual review, and the approval decision is logged alongside the query.
Identity‑aware proxy: The gateway enforces that only identities with the proper group membership can reach the PostgreSQL endpoint.

hoop.dev produces each of these outcomes because it sits in the data path. Removing hoop.dev would eliminate the audit records, the masking, and the approval steps, leaving the organization unable to demonstrate compliance.

Putting it together for a HIPAA‑ready MCP deployment

Start with the getting‑started guide to deploy the hoop.dev gateway alongside your PostgreSQL cluster. Register the MCP server as a connection and configure the gateway to hold the database credentials, so the server never sees the password. Bind the gateway to your OIDC provider so that each user presents a short‑lived token. Define masking policies for PHI columns and risk patterns for commands that require approval. Once the gateway is in place, every interaction with PostgreSQL passes through hoop.dev, automatically generating the evidence needed for a HIPAA audit.

Because hoop.dev is open source and MIT‑licensed, you retain full control over the audit data and can integrate it with your existing security information and event management (SIEM) pipelines. The learn section contains deeper explanations of masking rules, session replay, and policy authoring.

FAQ

Does hoop.dev make my MCP server HIPAA compliant?

No. hoop.dev does not claim certification. It generates the audit artifacts, masking, and access controls that auditors look for when evaluating HIPAA compliance. Your overall compliance posture still depends on broader policies and processes.

Can I use hoop.dev with existing PostgreSQL credentials?

Yes. The gateway stores the credentials securely and presents them to PostgreSQL on behalf of the MCP server. The gateway keeps the password hidden from the server, which reduces credential sprawl.

What happens to data that is masked by hoop.dev?

hoop.dev replaces masked values before the response leaves the gateway. The original data remains in PostgreSQL and can be accessed only by identities that have explicit permission to view the unmasked column.

Explore the open‑source code on GitHub to see how the gateway is built and to contribute improvements.