Healthcare services and organizations rely on Electronic Health Records (EHRs) to manage, store, and transmit patient data records. Consequently, EHRs play a crucial role in providing high-quality services and maintaining the privacy and security of patients' sensitive data. However, designing such complex systems with security and privacy concerns is anything but simple. This study aims to propose a software reference architecture (SRA) tailored for Electronic Health Records (EHRs) with security and privacy considerations, intending to enhance the development of these systems. To achieve this goal, we analyze the classification of reference architectures (RAs), taking into account the primary security and privacy requirements of EHRs along with well-established architectural design methods. We propose a layered architecture for SRA with privacy and security considerations. Subsequently, we derive the following five architecture views for SRA: the feature diagram, the context diagram, the decomposition view, the layered view, and the deployment view. Each view showcases the SRA software architecture from a different perspective.Moreover, we conducted an evaluation of the proposed SRA through its application in a case study. Specifically, we applied the proposed SRA and derived the application architecture from a study focused on Brazilian EHRs. Our analysis highlights the potential issues arising from the absence of an SRA tailored for EHRs, particularly regarding privacy and security concerns surrounding patient data. Through this case study, we demonstrate the practical applicability of our proposed SRA in enhancing EHR systems.