Information security methods developed within the narrow frameworks of operating system design, specific database models, and military security methods all concentrate on representation of the objects of access control, rather than on the information needs of the subjects. This approach does not adequately support the needs of the varied users of medical information systems, who must have access to information in support of multiple organizational roles. A new conceptual approach to access control in medical settings based on user requirements is discussed.