A Medical Record Database in your Pocket: How Torch Built a Serverless MCP for Your Health Data

The Model Context Protocol (MCP), introduced by Anthropic in November 2024, is revolutionizing how AI assistants access external data and tools. Most MCP implementations connect AI models to cloud-based databases and APIs, but we've built something entirely different: an MCP server that serves your data directly from your mobile device and allows you to talk to your medical records with LLMs like Claude without having to expose your medical records on a central server.

Why give an LLM access to health data at all?

Your medical records are a goldmine of insights trapped in PDFs and clinical jargon. Every doctor visit generates pages of notes, lab results, and recommendations—but making sense of it all is nearly impossible without medical training.

Here's what changes when an AI can read your records:

Before your next appointment: "What questions should I ask my cardiologist based on my recent test results?" Instead of walking in blind, you're prepared with specific, relevant questions based on your actual medical history.

When prescribed new medication: "Do any of my current medications interact with this?" The AI can instantly cross-reference your medication history, flag potential interactions, and remind you of side effects you've experienced with similar drugs.

For chronic condition management: "What treatments have actually improved my symptoms?" By analyzing years of records, AI can identify patterns you and your doctor might miss—like that your migraines decreased when you started taking magnesium, or that your joint pain correlates with specific weather patterns.

The key insight: AI doesn't replace your doctor. It makes you a better-informed patient who can have more productive medical conversations.

The Privacy Problem (and Our Solution)

Traditional approaches to AI-powered health insights require uploading your sensitive medical data to cloud servers. Every health AI startup wants you to trust them with your most personal information.

We built something different: your phone becomes the server.

When you ask Claude about your health data through Torch, here's what happens:

1. Claude never sees your raw data until you ask a question

2. Your medical records stay encrypted on your device

3. Only the specific information needed to answer your question is transmitted

4. The connection lasts only for your conversation

This isn't just privacy theater—it's a fundamental architectural difference. There's no central database to breach, no company holding millions of health records, no persistent cloud copies of your data.

How We Built It

The Mobile MCP Server

At the heart of our system is a JSON-RPC server running inside our React Native app. This server implements the Model Context Protocol, exposing tools that allow Claude to navigate and understand your health data.

The primary tool is open_link, which works like a secure browser for your medical information:

• /summary - Returns a comprehensive medical summary

• /medications - Lists current and past medications

• /conditions - Shows diagnosed conditions and treatment history

• /labs - Provides lab results with trends over time

Each response is structured to give Claude rich context while maintaining clear boundaries around data access.

The Authentication Dance

Connecting your phone to Claude requires a secure handshake:

1. Initiate from Claude: You start the connection from Claude's interface

2. Generate PIN: Our OAuth system creates a unique 6-digit PIN

3. Confirm on Phone: Enter the PIN in the Torch app

4. Establish WebSocket: A secure tunnel opens between Claude and your device

The PIN expires in 5 minutes, and the entire session is time-limited. When you're done, the connection closes, and Claude loses access.

Cloudflare as the Middleman

Since Claude can't connect directly to your phone, we use Cloudflare Workers with Durable Objects as a smart proxy:

• Durable Objects maintain the WebSocket connection state

• Each device gets its own isolated object ensuring data separation

• The proxy never stores or logs your health data

• Requests route through with minimal latency (typically <100ms)

This architecture means even Torch (the company) never sees your health data—we just provide the pipes.

Technical Challenges We Solved

This is just the beginning. We're working on:

• Richer tools: Beyond open_link, we're adding tools for data visualization, medication reminders, and appointment scheduling

• Multi-device support: Access your family's health data (with permission) from any authenticated device

• Ecosystem expansion: While we built this for Torch, the protocol is open—any health app could implement mobile MCP

Technical Challenges We Solved

The Model Context Protocol represents a fundamental shift in how AI assistants interact with personal data. By moving the server to your pocket, we're demonstrating that powerful AI experiences don't require sacrificing privacy.

Your medical records contain some of your most sensitive information. They also contain insights that could improve your health outcomes. For the first time, you don't have to choose between privacy and intelligence.

The future of personal AI isn't about uploading everything to the cloud—it's about bringing AI to your data, on your terms, under your control.

Ready to talk to your medical records? Download Torch and connect Claude through our MCP integration. Your health insights await—privately.