Electronic patient records (EPR) information systems maintain the patients’ medical information on the web servers, and remain available to the medical institutions, practitioners, and the academia. The transmission of data is being done over the public network, which increases the privacy and security risk. However, authentication mechanism tries to ensure secure and authorized communication over insecure public network. In recent years, several authentication protocols have been proposed, but most of them fail to satisfy desirable security attributes. In this paper, we discuss the failure of two authentication protocols for EPR information systems. To overcome the flows, we present improved scheme for the integrated EPR information systems. The correctness of proposed protocol is proved using BAN logic. Moreover, the protocol performs is comparable and security is efficient than the existing schemes.