Security of Telemedicine applications is not often given adequate importance by the developers and healthcare administrators primarily to reduce cost. Though some security safeguards are employed by these applications to comply with existing medical data security and privacy regulations, these are not adequate in today's context. Moreover, in a web-based application environment not only the data but also the application itself is vulnerable to attackers. Keeping these concerns in mind, we present the design of a web-based, four-tier Telemedicine System named iMedik which is accessible over desktops as well as handheld devices. We have illustrated how the proposed system differs from existing three-tier web applications. The compliance status of the application with HIPAA Security Guidelines has also been noted. The security measures described in our approach look into the four-tier architecture from an attacker's viewpoint and present a simple road map for developing secure e-health application with anywhere, anytime availability.