The primary care-based electronic health record (EHR) and the electronic patient record (EPR) are key features of the UK National Health Service (NHS) Information Strategy. We propose a model for EHR/EPR confidentiality - that is, for restricting access to their contents to authorized users, assuming secure transmission of data. We summarize a UML model for EHR/EPR confidentiality which is consistent with the NHS Healthcare Model. A prototype implementation of the model based on OODB and Internet techniques is described. The work is intended as a contribution to the development of confidentiality systems for the EHR and EPR, and also of computerized tools for Caldicott Guardians to specify and implement privacy policies and procedures.