Healthcare providers often face the challenge of integrating diverse and geographically disparate IT systems to respond to changing requirements and to exploit the capabilities of modern technologies. Hence, systems evolution, through modification and extension of the existing IT infrastructure, becomes a necessity. This paper assumes a healthcare systems evolution towards a service-oriented architecture (SOA) and places emphasis on the development of an appropriate authorization model and mechanism that ensures authorized access to integrated patient information through web service invocations.