Multi-policy supporting is a security mechanism which can control security system's action based on more than one policy. This mechanism can enhance the security of system greatly. The exiting typical access control1 models, such as MAC, DAC, RBAC, are not multi-policy supporting. This paper provides a multi-policy supporting access control model (MPSAC). Because of the complexity of applying multiple policies in MPSAC, we not only define the model's session and policy, but also illustrate session's logic relationship, policy conflict, policy decision rules and the implementation method. Different from the exiting access models, a comprehensive description mechanism in MPSAC is proposed to depict the session's property, and a systemic description and management method are proposed for policy. In order to enforce the policy effectively and improve the model's flexibility, a new framework for MPSAC is provided, which separates application logic, security control logic and security policy from each other. The application of MPSAC is provided in a hospital information system.