More proof is needed that electronic personal health records are safe and effective, some doctors have said.
Pilots are testing security measures
Ministers are pushing ahead with plans to put personal medical records on a national electronic database, which patients can themselves access online.
But Dr Claudia Pagliari, from Edinburgh University, and colleagues told the British Medical Journal that challenges still existed over the security.
The Department of Health says it is the most secure system of its type.
Patients at four primary care trusts are already testing the new system.
If these go well, the plan is to roll the system out nationally next summer - making it the world's first fully national system.
HealthSpace is a secure NHS web service for people who live in England. It is designed to let doctors and patients to access personal health records.
It is envisaged that the system will be used to select and book hospital appointments, store and chart health indicators such as blood pressure readings, generate e-mail reminders about calendar appointments and include a database of NHS contacts.
Other features under consideration include allowing patients to enter their needs or preferences, such as for wheelchair access or translators, and link with NHS Direct for an "online" consultation.
But Dr Pagliari, a senior lecturer in primary care, told the BMJ that challenges still existed over security and standardising different systems.
"Electronic personal health records may improve the quality, safety and efficiency of care and empower patients, but further research is required to demonstrate the benefits and risks.
"Evidence of the impact of electronic personal health records on clinical, safety, economic and psychosocial outcomes is urgently required."
For example, she said, some patients may not wish sensitive information, such as mental and sexual health data, recorded centrally.
She said that some might be distressed by what they read in their electronic records - such as a bad test result or diagnosis.
And then there is the risk of privacy invasions, says Dr Pagliari's team.
Dr Gillian Braunold of Connecting for Health, which is overseeing the introduction of the new NHS IT system, said: "I understand there are concerns around issues such as patient confidentiality and security, which is why we have made every effort to ensure the NHS Care Records Service is protected by the highest levels of international security and a range of access controls."
To access their records online, a patient would first need to enter their unique username and password.
Then they would be prompted to enter a series of digits, the random sequence required changing every time they wanted to log on.
Patients would find these digits by checking their own unique "bingo-style" grid card, already sent to them through the post.
Dr Braunold said this made it the most secure of any system that exists to date, including online banking. She said every precaution was being taken.
"It is absolutely right that we should take a cautious approach to implementation.
"We now have four Early Adopter sites across England that are creating electronic patient records and who will take part in a thorough and independent review as the systems roll out more widely."