The migration to Electronic Health Records (EHR) has raised issues with respect to security and privacy. One such issue that has become a concern for the healthcare providers, insurance companies and pharmacies is Patient Health Information (PHI) leak. Borrowing from Document Control Domain (DCD) literature, in this paper, we develop a methodology for detection and mitigation of PHI leaks by employing Activity Theory to elucidate the complex activities in the transitive workflow.