In an effort to improve care and reduce costs in healthcare, many countries and institutions have begun to implement electronic medical record systems. However, the development of electronic medical records has brought along concerns of privacy and security. In the current system, Taiwan’s electronic medical records exchange system authorizes access based on admission time and medical record types; the authorizes access that does not accurately reflect the complex nature of healthcare. Additionally, in the current EEC exchanged platform there no mechanisms in place for the complete protection of sensitive information, nor a mechanism which can authorize access every healthcare professional. This study uses the IHE BPPC profile from the perspective of Role-based Access Control and Confidentiality Code to design a privacy polices matrix and improve the flexibility of privacy protection, in order to create a secure electronic exchange infrastructure. Although the addition of confidentiality codes in Taiwan’s electronic medical records will increase the workload for physicians and other healthcare workers, it can ensure privacy protection control for exchanging sensitive information; resulting in an enhanced level of patient privacy.