A growing capacity of information technologies in collection, storage and transmission of information has added a great deal of concerns since electronic records can be accessed by numerous consumers at various locations. Thus, the basic question is "what kind of Model is suitable for guaranteeing the confidentiality of EHR information in Iran?" The present study is a descriptive investigation made in Iran in 2007. Based on the collected data the preliminary model was designed and it was assessed through questionnaires and Delphi Technique and finally the noted model was designed and proposed. The findings showed the experts emphasize patient's consent for collecting, using and releasing information in electronic health records. A comprehensive model is presented in six pivots. data ownership, inclusion of information accessibility laws in all organizations, responsibility for inaccessibility to information, and the conditions for movement of data abroad, have been confirmed as new dimensions added based on this study in the model.