Clinical Information Systems (CIS) are complex environments that integrate information technologies, humans, and patient data. Given the sensitivity of patient data, federal regulations require health care providers to define privacy and security policies and to deploy enforcement technologies. The introduction of model-based design techniques, combined with the development of high-level modeling abstractions and analysis methods, provide a mechanism to investigate these concerns by conceptually simplifying CIS without sacrificing expressive power. This work introduces the Model-based Design Environment for Clinical Information Systems (MODECIS), which is a graphical design environment that assists CIS architects in formalizing systems and services. MODECIS leverages Service-Oriented Architectures to create realistic system models as abstractions. MODECIS enables the analysis of legacy architectures and the design and simulation of future CIS. We present the feasibility of MODECIS by modeling operations, such as user authentication, of MyHealth@Vanderbilt, a real world patient portal in use at Vanderbilt University Medical Center.