The objective of this study is to answer the research question, 'Do existing privacy and confidentiality measures ensure information security of health information?' To answer this question, we have addressed: (i) What is privacy and information security in the context of health information? (ii) Why is privacy important for health information? (iii) What are the existing policies and technologies in place for health information? and (iv) case studies of information security of health information. From this study we have found that there are contrasting requirements regarding information security of health information and these should be addressed properly.