Electronic personal health records (PHRs) are beginning to receive widespread attention as a tool for consumers. Such systems may be used by individuals to input their own personal data and to access information from a variety of sources (e.g. family physicians), thus improving their understanding of the state of their health and how to manage their own healthcare better. The main source of information for PHRs is normally the patient’s physician, supplemented by patient input and other sources of information such as prescriptions and lab test results, as well as institutional inputs from hospitals and other facilities. The architecture of such a system must be such that patients can access all the useful information that is relevant to their medical history in a form that is understandable to them, while at the same time protecting against unauthorized access. This paper addresses design and architectural issues of PHR systems, and focuses on privacy and security issues which must be addressed carefully if PHRs are to become generally acceptable to consumers.