We discuss a reference model for security measures to preserve integrity of information. Unlike traditional approaches which focus on an defensive approach to preserving integrity, we also present offensive measures to stimulate integrity of information, by providing feedback from usage. The reference model is used to analyze the security measures proposed in the design of the Dutch national Electronic Patient Dossier (EPD), in particular the projected application for medication records. We conclude that much of the defensive measures were covered, but that some offensive measures are lacking, in particular measures related to trust. This may have harmed adoption.