The problems encountered in achieving data security within computer-supported information systems increased with the development of modern computer systems. The threats are manifold and have to be met by an appropriate set of hardware precautions, organizational procedures and software measures which are the topic of this paper. Design principles and software construction rules are treated first, since the security power of a system is considerably determined by its proper design. A number of software techniques presented may support security mechanisms ranging from user identification and authentication to access control, auditing and threat monitoring. Encryption is a powerful tool for protecting data during physical storage and transmission as well.Since an increasing number of health information systems with information-integrating functions are database-supported, the main issues and terms of database systems and their specific security aspects are summarized in the appendix.