In Norway, organizational changes in hospitals and a stronger focus on patient safety have changed the way of organizing and managing paper based patient records. Hospital-wide patient records tend to replace department based records. Since not only clinicians, but also other non-medical staff have access to the paper records, they also have easy access to all the information which is available on a specific patient; such a system has obvious 'side effects' on privacy and security. Computer based patient records (CPRs) can provide the solution to this apparent paradox if the complex aspects of security, privacy, effectiveness, and user friendliness are focused on jointly from the outset in designing such systems. Clinical experiences in Norway show that it is possible to design patient record systems that provide a very useful tool for clinicians and other health care personnel (HCP) while fully complying with comprehensive security and privacy requirements.