Health information has some unique characteristics. Although it has a lot of personal sensitive information, it should be provided as research data for the development of biomedical science. And, another important characteristic is that the information subject and the information producer are not the same. However, some security scholars have made some errors in applying the security module to the medical information system without considering these characteristics. In this paper, we first analyse the errors. We divide the medical practices performed in the hospital into each process starting from the time the patient visits and registers, and we list the types of medical information used at that stage. Then, we analysed the information subject and information producer for the medical information, set the appropriate encryption key, and designed an encrypted communication protocol for the entire electronic medical record (EMR) data flow. This is a secure and efficient scheme as a hybrid encryption technique that combines a symmetric and an asymmetric encryption technique.