Healthcare delivery is a highly complex process involving a broad range of healthcare services, typically performed by a number of geographically distributed and organizationally disparate healthcare providers requiring increased collaboration and coordination of their activities in order to provide shared and integrated care. Under an IT-enabled, patient-centric model, health systems can integrate care delivery across the continuum of services, from prevention to follow-up, and also coordinate care across all settings. In particular, much potential can be realized if cooperation among disparate healthcare organizations is expressed in terms of cross-organizational healthcare processes, where information support is provided by means of PHR systems. This paper assumes a process-oriented PHR system and presents a security framework that addresses the authorization and access control issues arisen in these systems. The proposed framework ensures provision of tight, just-in-time permissions so that authorized users get access to specific objects according to the current context. These permissions are subject to continuous adjustments triggered by the changing context. Thus, the risk of compromising information integrity during task executions is reduced.