In the last few years, the protection of computerised medical records, and of other personal health information, has become the subject of both technical research and political dispute in a number of countries. In Britain, the issue arose initially as an argument between the British Me dical Association and the Department of Health over whether encryption should be used in a new medical network. In Germany, the focus was the issue to all patients of a smartcard to hold insurance details and facilitate payment; while in the USA, the debate has been whether federal law should preempt state re gulation of computerised medical records, and if so, what technical and legal protection should be afforded the patient. Whatever the origin and evolution of this debate in specific countries, it has become clear that policy and technical matters are closely intertwined. What does 'computer security' mean in the medical context? What are we trying to do? What are the threats that we are trying to forestall? What costs might reasonably be incurred? To what extent is the existing technology - largely developed to meet military and banking requirements - of use? And perhaps hardest of all, what is the right balance between technical and legal controls? As the debate spread, it became clear that there was little serious contact between the people who could state the requirements - clinical professionals, medical ethicists and patients - and the people who could explore how to meet"