Regardless of who we are, where we are, and when we get sick, we expect the healthcare sectors to take care of us. And we expect it to treat us with respect. Not the least, this concerns treating our personal information with care. However, the reality is that most healthcare institutions work separately, and that the flow of patient information therefore is less than optimal. This paper aims to investigate how current standards map against the concept of information security, and how process-orientation can be used in conjunction with standards to create secure information flows in healthcare. It does so by describing information security and process-orientation, and investigates how standards for information security apply in a process-oriented, distributed healthcare sector. The result shows that a dual focus is needed,on document and process standardisation, and that healthcare is facing great challenges in order to make this work.