Abstract
Much debate has surrounded the development of computer networks in the National Health Service (NHS), particularly in connection with perceived threats to the confidentiality of patient records. Cryptography has been proposed as a means of protecting such information although significant costs are involved, not simply because modifications have to be made to existing computer equipment and software, but because of new administrative overheads. There is a danger that the complexities of implementation, and the costs which derive from them, will be under-estimated. Lessons should be applied from previous IT projects in the NHS, in which initial vagueness in definitions of scope and cost were identified as one of a number of factors likely to contribute to project failure.