Objective. To review, from a legal perspective, the potential for using the Internet for inter-institutional transfer of patient medical records. Methods. Basic issues and recent legislation that relate to protection of both medical data, and those transferring that data over public network systems is reviewed. Results. Many laws already in existence can be applied to Internet transmission, but questions of jurisdiction remain. Providing signatures on requests for information, which are in essence contracts, is a problem. Signatures must both prove the identity of the participants and provide for non-repudiation of the agreement. Cryptographic digital signatures appear secure and effective, but their use is difficult to implement. Simpler methods are fraught with risks, yet are more easily accomplished. The patient's rights of privacy must be balanced against the need for access by government, physician, or healthcare institutions to confidential information. In general, information holders must put forth reasonable efforts to keep information confidential. The development of acknowledged standards will provide guidance. Multiple laws provide some deterrence and hence some reassurance to healthcare institutions, for example, by criminalizing acts of electronic interception of patient records in transit. Conclusion. Some believe the expense of secure transfer of medical records by electronic means is a major obstacle; this is false: such transfers are now technologically quite easy. The greatest obstacle to electronic transfer of medical records at this point is the development of workable standards for signing agreements and protecting transmissions, but the perceived advantages will likely drive the necessary developments.