Over the last two decades, many attempts have been made to computerize the management of patient records using advanced computing and networking facilities across healthcare providers such as hospitals, clinics, and clearing agencies. In addition to this transition from a disparate and paper-based infrastructure to a consolidated and digital medium-based one, we have been confronted with privacy and security requirements since the advent of the Health Insurance Portability and Accountability Act (HIPPA). The problem we seek to address in this paper is to provide authentication of individual identity in the context of accessing critical information in Web-based e-health systems including secure transmission of data across the Internet. These problems have technical solutions that are well known, but the solutions in general are strongly biased toward a single individual interacting with a single application. In this paper, we propose a scalable token-based authentication architecture and demonstrate how we can implement this architecture using commercial-off-the-set technologies. Our approach focuses on vendor-neutral specifications. The proof-of-concept prototype has been implemented so that the pilot testing may be conducted at various sites.