With the emergence of networked computing and the Internet, this paper addresses the changed medical privacy environment, in which medical data protection now has to be reassessed. It is mainly based on the Korea situation as a country without an omnibus medical data protection law. It touches also on data security, as medical data privacy cannot be effectively protected without strict regimes for data security. The contemporary state of the medical records in Korea stood to gain from the growth of informatics and the spread of trans-institutions data flows. It is in this context that there appears to be a need to review the recent medical records protection acts which are already showing signs of this age both the public sector and private sector. Some recommendations will be adopted to establish baseline principles and goals and to provide guidance on the future work of the medical data privacy act. One of these, the protection of privacy on electronic medical records, recognizes the ubiquitous nature of digital computer and network technologies today. Medical information should be acquired, disclosed and used only in ways that respect an individual's privacy. It should not be improperly altered or destroyed. And medical information should be accurate, timely, complete and relevant to the purpose for which it is provided and used. And it upholds and protects medical data security. For example a right to encrypt personal information effectively, a right to fair treatment in key public infrastructures so that no person is unfairly excluded in a way that would prejudice that person's ability to protect their privacy, a right to human checking of adverse automated decisions and a right to understand such decisions, a right, going beyond the aspiration of the 'openness principle', of disclosure of the collections to which others will have access and which might affect the projection of the profile of the individual concerned.