Health Information System is fundamental in provision of dependable information in support of delivery of healthcare services. The adoption of Electronic Health Records (EHR) provides improved patient care and a more efficient practice management. However the use of EHR raises concerns over protection of patient’s information in terms of security of patient’s information. This study established security control requirements for electronic health records to ensure the Electronic Health Records is secure from any threat that will compromise the safety of patient’s information at the Moi Teaching and Referral Hospital. The investigation embraced an arbitrary testing system to choose an example of 97 out of 133 health records members of staff and and questionnaires designed for data collection. The information gathered from the research instrument was coded and examined utilizing Statistical Package for Social Sciences (SPSS) adaptation 22.0.

Keywords : Electronic Health Records, Information Security, Security Controls.