RM-ODP has been widely accepted and used in the field of system and software model engineering and of enterprise computing within different environments. One of these specific domains is healthcare, in which the international standard Health Information Services Architecture (HISA) is applied under the directives of RM-ODP. HISA presents a flexible architecture identifying common use cases, actors, information, and services and easing its extension with specific services, systems and information. The HISA standard follows system specification through the RM-ODP viewpoints but it does not consider other features of the reference model, such as the Enterprise language or the UML4ODP specification.In this paper, we introduce the rationale and specification of the three technology-independent viewpoints of an HISA-based architecture conforming to RM-ODP and UML4ODP. Moreover, we evaluate how easy it is to extend this architecture to introduce specific services and elements. As proof of concept we explore security and privacy issues (i.e., requirements, actors, information objects, etc.) and enrich the architecture with suitable objects and services, mainly from access control standardization efforts. In addition, a detailed discussion about the divergences between RM-ODP and HISA is presented.The main contribution of our work is to develop (guided by RM-ODP, HISA, and other standards) a methodology and tools allowing healthcare service developers and designers to build solutions conforming to standards and leveraging the benefits of distribution and interoperability. These tools consist of the specification of three technology-independent viewpoints according to the guidelines of HISA, RM-ODP and UML4ODP for the healthcare domain, and they will be freely available. In parallel, these viewpoints are extended with access control issues, and the adequacy of the HISA extension mechanism is evaluated.