Towards improved security criteria for certification of electronic health record systems.