Current technologies provide the ability to healthcare practitioners and citizens, to share and analyse healthcare information, thus improving the patient care quality. Nevertheless, European Union (EU) citizens have very limited control over their own health data, despite that several countries are using national or regional Electronic Health Records (EHRs) for realizing virtual or centralized national repositories of citizens’ health records. Health Information Exchange (HIE) can greatly improve the completeness of patients’ records. However, most of the current researches deal with exchanging health information among healthcare organizations, without giving the ability to the citizens on accessing, managing or exchanging healthcare data with healthcare organizations and thus being able to handle their own data, mainly due to lack of standardization and security protocols. Towards this challenge, in this paper a secure Device-to-Device (D2D) protocol is specified that can be used by software applications, aiming on facilitating the exchange of health data among citizens and healthcare professionals, on top of Bluetooth technologies.