Thanks for the reply - always good to get a debate going :) Some misunderstandings.. "..they don't give a rats ass about confidentiality" - actually, many people feel very strongly about it. After all, they have Health Records too. The fact is that it is not a management priority and therefore time isn't allocted to making it happen, so its pretty awful. With a centrally managed system, it will become a priority. "..to have access to all 61 million UK medical records?" - no, they have access to the records based on their role and based on having a 'legitimate relationship' with the patient. It is a myth that everyone can see everything. Even having those safeguards in place, there is an audit function which maps screens and keystrokes, so anyone even attempting to see something they possibly shouldn't will be open to audit and accountability. "...always log out when unattended" - People have their own log-in cards. These are treated as secure items, so staff put these into their machines when they are using them, and take them out when they leave their desks. It is a disciplinary offence to lose them. If they leave them at home they cannot work on the system. No temporary cards are issued, and certainly no temporary staff are given them. If anyone is caught having left their card in their PC while not at their desk, they have to account for their actions to the security manager. "..post-it note on the side of their monitor" - Obviously this is a no-no, but having a post-it with their password on it on their monitor will not let anyone have access to their role because they need the card as well in order to log in. "...quick search on their family / friends" - again - role based access, legitimate relationships and keystroke / screen audits. .."Be immune to bribery and coercion" - I think we wouldn't have developed the wheel in the first place if we didn't do things because there are evil people out there. The potential for people to do nasty things has multiplied since the age of computers, so lets burn all the computers! hmmm. .".I do shop online": Can you honestly say that the arguments for not having online health records you mention above mitigate the risks of shopping online? e.g. smaller systems - Barclays would beg to differ!