The proliferation of the use of automated Health Information Systems in the everyday practice of health professionals has brought a number of issues related to the security of health information to a critical point. The preservation of security of health-related information can only be achieved through a concerted approach, comprising legal, organisational, technical and educational actions. These classes of actions constitute a complete “security framework”, a key aspect of which is the set of rules, laws and regulations that govern the usage of information within a Health Care Establishment. This set is commonly referred to as “Security Policy”. In this paper, the SEISMED High Level Security Policy for Health Care Establishments is presented.