HIPAA-conscious by architecture

AI on patient data.
Nothing leaves the Mac.

Cloud AI assistants make you send PHI to a third party. LMCP connects a local AI client to your Mail, Calendar, Files and Notes 100% on-device — no cloud API keys, and nothing sent to our servers.

100% local · no cloud API keys · 233 tools in one install · macOS 13+

0
Bytes of PHI sent to us
0
Cloud API keys required
233
Local tools, one install
100%
On-device (local AI path)

Why AI + PHI is a compliance headache

Every mainstream way to use AI on clinical or admin data moves that data off your machine — and every hop is another vendor, another BAA, another thing to audit.

Cloud AI assistants send whatever you paste — including PHI — to a third-party provider, which usually requires a signed BAA and expands your breach-exposure surface.

Browser extensions & SaaS connectors route your mailbox and files through their servers. Another vendor, another BAA, another audit.

Copy-paste workflows move PHI into a chat window by hand — untracked, ungoverned, and easy to get wrong.

The local-first path

Keep the AI and the data on the same Mac. There is no third-party cloud in the loop, so there is no cloud breach surface to govern.

1

Runs entirely on the Mac

LMCP is a local MCP server. It reads your Mail, Calendar, Files, Notes, and Contacts on the machine itself — nothing is uploaded to LMCP.

2

Pair it with a local AI client

Point Claude Desktop (or any desktop MCP client / local model) at LMCP. The AI and your data stay on the same machine — no third-party cloud in the loop.

3

The connector receives nothing

LMCP has no cloud API keys and stores no patient data. There is nothing for us to breach, and no BAA to sign with us for the local path.

A straight answer on compliance

LMCP is architecture, not a compliance certificate. No connector can make you HIPAA compliant by itself — that depends on your whole environment, policies, and agreements. What LMCP guarantees is that the connector is 100% local and never receives your data. Pair it with a local AI client and PHI never leaves your Mac. Use a web AI (ChatGPT, Claude.ai) and the data goes to that provider under their terms — LMCP is only the pipe.

Questions from compliance teams

Does LMCP make my workflow HIPAA compliant?

No tool can make you HIPAA compliant on its own — compliance depends on your full environment, policies, and BSAs. What LMCP does is keep the connector 100% local: when you pair it with a local AI client, PHI never leaves your Mac and no third party (including us) receives it, which removes an entire category of cloud exposure from the equation.

What if I use a web AI (ChatGPT, Claude.ai) instead of a desktop client?

Then the data you ask about is sent to that AI provider, and their terms (and any BAA they offer) apply — LMCP is just the pipe. For HIPAA-conscious use, pair LMCP with a local desktop AI client or a local model so nothing leaves the device.

Do you sign a BAA?

For the local path there is nothing to cover — LMCP never receives your data. If your workflow involves a cloud AI provider, the BAA is with that provider, not with us.

Where does the data actually go?

On the local path: nowhere. The MCP server reads app data on your Mac and hands it to the AI client running on the same Mac. LMCP’s own servers only ever see license and anonymous telemetry — never your mail, files, or patient data.

Keep PHI where it belongs.

Free for individual practitioners. Install on your Mac in two minutes and pair it with a local AI client — nothing leaves the device.

✓ 100% local✓ No cloud API keys✓ No PHI sent to LMCP✓ macOS 13+