Healthcare processes are driven by sensitive information. Access control technologies aimed at protecting health information tend to focus on patient records. However, it is also important to control access to live data streams, such as those from sensor devices - especially as healthcare becomes increasingly pervasive. As opposed to bespoke, scenario-specific access control regimes, the middleware enforcement of access policy enables application- and device-independent information governance. This paper illustrates how a data control middleware can regulate sensor data flows, controlling the information disclosed in accordance with circumstance.