Electronic Personal Health Records (PHRs) are patient-centred health and/or medical records in electronic form. As healthcare authorities move in the direction of empowering consumers to take more responsibility for their own health through self management and education, implementing PHRs in a cost efficient and effective manner is becoming an important issue. Incorporating Health Information Technology (HIT) procurement best practices into a personal health record (PHR) project can be a valuable risk-reducing exercise. Unfortunately, a set of best practices does not yet exist. This paper investigates three important HIT procurement principles including: contract terms (software licensing and service level agreements), vendor relations (influencers, integrators, certification, request for proposals, the vendor evaluation matrix), and privacy. While neither prescriptive nor exhaustive, these three principles, when properly considered and applied may contribute to a best practices model of PHR procurement, significantly reducing the risks inherent in the procurement process.