Business processes (BP) are an important resource in enterprise performance and in maintaining competitiveness. In the last few years, languages used for BP representation have been improved and new notations have appeared. The importance of security in BP is widely accepted. However, the perspective of the business analyst in relation to security has hardly been dealt with. In this paper, we present an extension of the UML 2.0 Activity Diagram which allows us to specify security requirements in BP. We have used UML profile extensibility mechanisms composed of stereotypes, constraints and tagged values. We have also used the OCL to specify the constraints. We apply our proposal in a typical business process related to a patient admission in health-care institution.