The increasing use of and reliance upon information technology within modern healthcare establishments underlines a need for adequate security controls to protect the confidentiality, integrity and availability of systems and data. Whilst the consideration of security is now generally accepted as part of the design and implementation of new systems, many systems are already in operation in which these needs have not been adequately addressed. This paper presents a summary of the recommendations arising from the AIM SEISMED (Secure Environment for Information Systems in MEDicine) project relating to the addition and enhancement of security in existing healthcare systems. The paper is based upon material originally presented at the SEISMED Workshop “Security and Legal Aspects of Advanced Health Telematics”, Brussels, 11 July 1994. The content has been revised in light of the workshop discussion and the further development of the guidelines since that time.