The problem of assuring secure and confidential access and transfer of medical records in healthcare facilities can be partitioned into (a) secure storage and access of electronic records within a facility and (b) secure transfer of electronic records between facilities. To address the first issue, we propose a new tag-based data model for representation of electronic medical records along with patients’ policy statements. This model helps to categorize the patient information as well as express patients’ consent for a variety of domains, such as individual practitioner and facility. To address the second issue, this paper proposes a way of establishing a trust relationship between two interacting parties based on emerging trusted computing technologies, and describes its application and implementation in an electronic healthcare system. Our proposed solutions have been demonstrated by developing a prototype system utilizing trusted computing components.