Skip to main content

Medplum Agent: Secure Bridge for Legacy Healthcare Systems

Healthcare organizations need to integrate HL7, DICOM, and other legacy protocols that operate within closed networks—but maintaining site-to-site VPNs is complex and costly, and legacy integration engines may not be flexible and cloud-first in architecture. The Medplum Agent eliminates these issues while preserving security and compliance.

How It Works

The Medplum Agent is a lightweight, open-source service that runs in your local network and converts legacy protocols into secure, encrypted websockets. Your transformation logic runs in Medplum's cloud using modern TypeScript/JavaScript Bots, while the Agent handles the protocol translation locally. The Medplum platform also supports remote monitoring and upgrade features.

Supported protocols:

  • HL7v2
  • DICOM
  • ASTM (coming soon)

Runs on: Any currently supported operating system version (Windows, Linux, macOS)

Open Source and Secure

"Is it secure even though it's open source?"

Yes. All code contributed to Medplum—whether from employees, customers, or community members—is:

  • Automatically scanned for security vulnerabilities
  • Manually reviewed by Medplum maintainers before release
  • Subject to weekly dependency upgrades and proactive security maintenance

The Agent maintains:

  • End-to-end encryption using TLS/SSL protocols (HTTPS to WSS)
  • HIPAA and SOC2 Type 2 compliance
  • Modern security practices through continuous updates

Our Apache 2 license means no vendor lock-in and full transparency into how your infrastructure operates.

Roles and Responsibilities

Understanding who manages what is critical for healthcare organizations:

Medplum Team

Develops and releases the Medplum platform and Agent

Service Provider

Consumes the Medplum platform and has administrative control over Agent remote monitoring and upgrade operations

IT/Security (on-prem) Team

Responsible for Agent installation in your local network, security policies, and update approval workflows

The Service Provider maintains administrative control over remote operations, such as automatic upgrades and configuration updates. For specific details on auto-update configuration and security controls in your environment, coordinate with your Service Provider.

Updates and Versioning

The Medplum Agent follows our general Medplum versioning policy. The Agent does not require server maintenance or database migrations—minor versions can be deployed directly without intermediate steps.

Agent updates can be managed through remote upgrade features, with control maintained by your Service Provider. Healthcare organizations can coordinate with their Service Provider on update approval workflows and timing based on their specific security policies and operational requirements.

Performance

Benchmarked HL7 throughput using Original and Enhanced Acknowledgement Modes:

ModeCross-NetworkSame Machine
Original7 msg/sec174 msg/sec
Enhanced (Fast ACK)~9,000 msg/sec~10,000 msg/sec

Cross-network simulates real-world latency to cloud; same machine simulates private network scenarios. Note that throughput is significantly influenced by network latency in cross-network scenarios.

Modern Alternative to Mirth Connect

Following NextGen's announcement regarding Mirth Connect, healthcare organizations are evaluating alternatives. Medplum offers:

  • Cloud-native architecture with local protocol support
  • Modern TypeScript/JavaScript
  • Continuous updates with proactive security maintenance
  • Apache 2 licensed open source
  • FHIR-native with legacy format support

Read our full comparison for Mirth users →

Get Started

Questions? Join our Discord community or contact our team.