Security issues during development and implementation of hospital information systems are briefly reviewed. Attention is paid to current issues as to: availability, integrity, authentication and access rights. In particular are discussed:

• some remaining risks as to integrity

• the tension between in-house acceptance of HIS access rules and standardisation needed when implementing a transmural Electronic Health Record (EHR),

• access rights needed for medical audit, law suits and evaluation with their far- reaching consequences.

The need for harmonisation of access rights is underlined and a further study of the requirements for systems from the perspective of medical audit, evaluation and juridical procedures is advocated.