Security is a vital part of daily life to healthcare organizations that need to ensure the informationrnis adequately secured. The existing infrastructure lacks the structural security and privacyrnelements needed to support the evolving IT infrastructure, emerging legislative regulations, andrnever increasing threats. The problem, then, is how we can maintain the availability of the rightrninformation at the right time and at the same time maintain the security and privacy of patientrninformation.rnThis research took a broad approach into existing information security and privacy of healthcarerndomain with practical focus on Black Lion Hospital and Korean Hospital. The main theme ofrnthis thesis is that such major paradigm shifts or using/adopting new technologies demand arnrethinking of the security and privacy aspects and solutions. The desire is to engage all parties,rnincluding the clinicians and patients, and understand what is acceptable and desirable before therncoming generation of healthcare systems is deployed. There will certainly be tension betweenrnsecurity and usability, between patient privacy and the clinician convenience. The point here is,rntherefore, to hit the balance between the two and come up with a system that satisfies both. Thus,rnto overcome the limitations and enable the complete protection of sensitive information thisrnstudy reviews existing information security and privacy of health information system and thernavailable open source software that can be enhanced with such service and used to improve thernHIS.rnWe proposed and implemented a prototype that enhances information security and privacy ofrnHIS using OpenMRS. The prototypeâ€™s main security and privacy features includesrnconfidentiality on the server side that is ensured by a carefully placed access control mechanism,rnencryption that protects the confidentiality during transfer of the data and at storage,rnanonymization of patient medical record and the use of log files. The proposed prototype meetsrnall of our objectives. Finally, the prototype is tested using OpenMRS demo data and evaluated byrnhealth professionals in Black Lion Hospital and Korean Hospital. The result is encouraging andrnfull deployment can be thought of.rnKeywords: Information Security, Privacy, Health Information System, ElectronicrnMedical Record, OpenMRS