Defines a methodology for defining, selecting and expressing a communication protection profile (CPP) specification, and provides a standard way to express healthcare user needs in relation to communication, and a standard method of successive refinement of policy statements that help to identify standardised security implementation specification that can be used to meet the security needs. Security aspects contained in the communication protection profile include confidentiality, integrity, availability and auditability.