How do MCP servers work?

A model context protocol (MCP) server is a program that exposes tools, resources, and prompts to AI models using the model context protocol. It gives an AI assistant a controlled way to interact with external systems, instead of relying only on the information available inside the chat. A host acts as an AI application that the user interacts with. Each host creates an MCP client for each server it wants to use. The client keeps the connection open, queries the server about what it can do, and relays allowed requests between the AI application and the server.

MCP servers are either local to a user’s machine or remote in the cloud. Local servers usually communicate via standard input/output streams, while remote servers communicate over HTTP. Wherever they run, they all serve the purpose of bridging AI models and external systems like email systems.

A Patient Education and Counseling systematic review of patient-provider email communication found that “benefits of e-mails in enhancing communication were recognized by both patients and providers,” but that “concerns about confidentiality and security were also expressed." The Paubox MCP Server solves that exact tension by connecting AI assistants to Paubox’s HIPAA compliant Email API and forms tools, allowing an assistant to send secure email or support intake workflows without ever exposing credentials to the AI model.

How MCP connects AI apps to external tools

The model context Protocol hides the complexity of integrating AI models with external systems. An MCP ecosystem comprises three participants:

• MCP Host is the AI app (like, say, Claude Desktop or Cursor) that hosts the conversation and one or more MCP clients.
• MCP Client is the component implemented by the host that maintains a dedicated connection to a single MCP server and processes requests and responses.
• MCP Server is a program that provides clients with context (tools, resources, and prompts).

The protocol is a handshake mechanism by which the user can discover what tools and resources the server has available. If the AI model decides it needs information or action from outside, like ‘end a secure appointment reminder,' it tells the client to call the appropriate tool. The server does the underlying operation, for example, calling a REST API, querying a database, or sending an email, and returns the result. With this design, the AI model never sees API keys or database credentials; those secrets remain on the server.

Standardization meets compliance

Shadow AI, in which employees use unsanctioned AI tools without oversight, is spreading quickly in healthcare. Paubox’s 2025 study on shadow AI found that 95% of organizations reported staff using AI tools in email, 62% observed employees experimenting with tools like ChatGPT without approval, and 16% admitted compliance teams were never consulted.

MCP offers a way to bring these experiments under control, as instead of letting staff plug random AI tools directly into sensitive workflows, organizations can provide approved MCP servers that integrate with secure back‑end systems and maintain compliance. Because the protocol cleanly separates clients (inside the AI host) from servers (which hold credentials and perform operations), compliance officers can audit and control the servers without limiting innovation in the host applications.

What the Paubox MCP Server does

Paubox’s MCP server wraps the capabilities of the Paubox Email API and Forms API into a set of five tools. send_secure_email sends a single HIPAA compliant email through the Paubox Email API. According to the documentation, the sender must be on a verified Paubox domain, the API requires from, to, subject, and message parameters, and the server automatically generates an HTML version of the email. The response returns a sourceTrackingId that you can use to check delivery status.

How Paubox supports AI-assisted healthcare email

In a Journal of Medical Internet Research systematic review, it was concluded that email communication positively influences patients’ satisfaction and adherence but stressed that confidentiality and security were key concerns. By integrating secure email into AI workflows via MCP, healthcare organizations can capture these benefits while addressing the security issues.

Paubox’s aforementioned research shows that AI is already transforming email workflows, and not always safely. The shadow AI report noted that 75% of employees assumed built-in AI tools were automatically HIPAA compliant. Without proper controls, the trend could lead to accidental disclosures of PHI.

MCP servers offer a structured way to introduce AI into healthcare communication. Rather than letting staff use whatever tool they find, organizations can approve specific MCP servers like Paubox that enforce encryption, track messages, and integrate seamlessly with existing AI hosts.

FAQs

What makes an MCP server different from a regular API?

An API exposes endpoints for software‑to‑software communication. An MCP server wraps endpoints into tools that are easy for language models to call, exposes them via a standard discovery protocol and maintains stateful connections through an MCP client.

Can an AI assistant send PHI over email using MCP?

Yes, as long as it uses a HIPAA compliant service like Paubox.

What happens if a patient replies to an AI‑generated email?

Paubox’s Email API delivers replies back to the clinic’s inbox.