While electronic health records have the potential to vastly improve a patient’s health care, their introduction also raises new and complex issues around security and privacy. There are significant challenges in preserving what patients’ believe to be their privacy and confidentiality, in the context of the accessibility and interoperability of electronic records. Based on a number of expert interviews the paper outlines the institutional measures for security that have been put in place, and highlights the lack of discussion around individual patient privacy requirements. Whilst institutional measures such as legislation, technology and standardised systems have been established, the interpersonal nature of privacy and confidentiality from the patient’s perspective has yet to be addressed.