Security of software applications is crucial to the emerging needs of software technologies today. The underlying security architecture of the software systems is one of the key aspects to ensure confidentiality and integrity. Software applications and security architecture must be well defined and well separated. Realization of such a separation is Policy Enforcement Point (PEP) and Policy Decision Point (PDP), which supports policy flexibility. OpenMRS system is not capable of running flexible security policies as the RBAC security policy is distributed and hardwired in the software system. To introduce the support for flexible security policies a reference monitoring system is required. This work uses the idea of Flask security architecture, which is originally designed and implemented for the operating system by National Security Agency (NSA). This has been the first time the idea of Flask security architecture is implemented in an open source software OpenMRS. As a result, this provides a platform to experiment different security models on a software system without changing the underlying security architecture.