The expanding availability of health information
in an electronic format is strategic for industry-wide efforts
to improve the quality and reduce the cnst of health care.
The implementation of electronic medical record systems has been hindered by inadequate security provisions. This paper describes the use of frust negotiation as a framework for providing authentication and access control services in healthcare information systems. nust negotiation enables two parties with no pre-existing relationship to establish the trust necessary to perform sensitive transactions via the mutual disclosure of attributes contained within digital credentials. An extension of this system, surrogate irusf negoikiion is introduced as a way to meet the security requirements of healthcare delivery systems based on mobile computing devices and wireless communication technologies. These innovative technologies have enormous potential to improve the current state of security in healthcare information systems.