Electronic medical records are clearly in the future and should provide benefits to all parties. Trust in the information is dependent upon the security of the system and the history of security associated with distributed electronic record systems should initiate many questions for such a critical system. The current methodology of broad regulatory guidance and letting industry “do its best” has failed in the financial sector with identity theft becoming a significant crime. Allowing the same outcome to occur in electronic medical records will both limit the efficiencies and imperil lives. The solution is to enjoin security from the ground up in a tight knit method similar to national security systems, and to do that across the myriad of players will require regulation. This paper explores the basis for the regulation of technical solutions and proposes a form in which they can be employed.