Even though security requirements in health care are traditionally high, most computerized health care applications lack sophisticated security measures or focus only on single security objectives. This paper describes special security problems that arise when processing health care data using public networks such as the Internet. It proposes a structured approach using a context-dependent access control mechanism over the Internet as well as other security mechanisms to counter the threats against the major security objectives: confidentiality, integrity, availability, and accountability. The feasibility of the proposed security measures is shown through a prototype, which has been developed in a research project focussed on security in health care.