The use of multi-agent systems (MAS) in health-care domains is increasing. Such agent-mediated medical systems can manage complex tasks and have the potential to adapt gracefully to unexpected events. However, in these kinds of systems the issues of privacy, security and trust are particularly sensitive in relation to matters such as agents' access to patient records, what is acceptable behaviour for an agent in a particular role and the development of trust both between (heterogeneous) agents and between users and agents. To address these issues we propose a formal normative framework, deriving from and developing the notion of an electronic institution. Such institutions provide a framework to define and police norms that guide, control and regulate the behaviour of the heterogeneous agents that participate in the institution. These norms define the acceptable actions that each agent may perform depending on the role or roles it is playing, and clearly specifies the data it may access and/or modify in playing those roles. In this paper, we present the formalization of Carrel, a virtual organization for the procurement of organs and tissues for transplantation purposes, as an electronic institution using the ISLANDER institution specification language as formalizing languages. We demonstrate aspects of the formalization of such an institution; example fragments in the language used for the textual specification, and how: such formalization can be used as a blueprint in the implementation of the final agent architecture, through techniques such as skeleton generation. (C) 2003 Elsevier Science B.V All rights reserved.