Sensitive data from health research surveys need to be protected from loss, damage or unwanted release, especially when data include personally identifying information, protected health information or other private material. Researchers and practitioners must ensure privacy and confidentiality in the architecture of data systems and in access to the data. Internal and external risks may be deliberate or accidental, involving unintended loss, modification or exposure. To prevent risk while allowing access requires balancing concerns against providing an environment that does not impede work. The authors’ purpose in this paper is to draw attention to basic data security needs for health survey data from the perspective of both the health researcher/practitioner and infrastructure/programming staff to ensure that data are securely and adequately protected. We describe risk classifications and how they affect system architecture, drawing on recent experience with systems for storage of and access to electronic health survey data.