The rapid growth in mobile technology makes the delivery of healthcare data and services on mobile phones a reality. However, the healthcare data is very sensitive and has to be protected against unauthorized access. While most of the development work on security of mobile healthcare today focuses on the data encryption and secure authentication in remote servers, protection of data on the mobile device itself has gained very little attention. This paper analyses the requirements and the architecture for a secure mobile capsule, specially designed to protect the data that is already on the device. The capsule is a downloadable software agent with additional functionalities to enable secure external communication with healthcare service providers, network operators and other relevant communication parties.