Internet access to medical data has greatly facilitated information sharing. As health care institutions become more willing or more pressured to share some of their protected information, tools are being developed to facilitate the information transfer while protecting the privacy of the data. To this end, under the TIHI project, we have designed a {\em security mediator}, a software entity that screens both incoming queries and outgoing results for compliance with a medical institution's policies pertaining to data privacy. The system is under the control of a {\em security officer}, who enters simple rules into the system that implement the policies of the institution. In this paper, we describe the WWW implementation of the security mediator dual interface. The customer interface allows outsiders to request and receive filtered medical information from a hospital database. The security officer interface permits rule editing and resolution of cases not covered by the rule-set.