Ubiquitous 24/7 health monitoring systems based on wireless medical sensors are going to play a key role for pervasive e-health applications. These systems allow care givers to early detect and act on signs of patients' clinical deterioration improving quality of care in a reliable unobtrusive and cost effective way. Ensuring the privacy and security of the exchanged information is challenging in pervasive e-health environments due to the resource constraints of tiny wireless medical sensors and operational requirements such as user mobility, strict latency needs, or the multitude of parties involved in the system. This paper describes a comprehensive and practical security framework for these pervasive health monitoring systems. We distinguish three layers addressing the specific security needs at the patient area network, medical sensor network, and back-end levels. Thereby our architecture accommodates the healthcare institution-centric approach predominant today while making provisions for the more patient-centric vision of pervasive e-health environments. The tailored security mechanisms for each individual layer as well as their interworking are presented and evaluated in detail. The analysis shows that our proposed security framework allows the deployment of wireless medical sensor networks in a very efficient way. Copyright © 2010 John Wiley & Sons, Ltd.