This thesis is focus on the Personal Health Records (PHRs) stored in the cloud computing systems which as a hub can integrate any kinds of medical records and personal health information from user himself/herself or different sectors. The users can access theirs or family’s health data through the webside. Although the PHRs systems can bring users the benefit of management and accessing the medical records and personal health records, it is also leads privacy threat to personal medical information. Because of service provider managing users medical information, users cannot control and decide the way of data using immediately. Especially, the PHRs system stored a lot medical information to become a Big Data. Service provider may do what they want to process or use the information in the PHRs systems. The new medical services, PHRs, do bring the challenges to the protection of personal medical information. Under the current legal system, due to the lack of a proper regulation to regulate the using of medical information, and it is necessarily needed. Therefore, this thesis proposed to enact a PHR law to regulate the processing, using and disclosure of medical information. The key to enact the regulation to protect personal information is that “ When using the identifiable medical information should be regulated strictly; when using the de-identified medical information should depends on it is an reversible anonymisation or irreversible anonymisation with different regulations.” In sum, this thesis expects to balance between the using of medical information and the protection of personal medical information according to the above. The PHRs law would also be an accurate model to PHRs service provider to provide service legally. Due to limited time, space and my capability, the PHRs law will focus on the protection and constraining of personal medical information in PHRs systems.