In today's interconnected high-tech world, healthcare organizations are especially concerned with managing and securing health-related information. Threats exist from different sources, and breaches have undesirable impact on the healthcare organization. In order to enhance the organization's security, a precise and clear information security policy must be introduced and enforced. This is an important area of concern that should be addressed properly to successfully manage health organizations‟ security. This is a research-in-progress that examines the need for the adoption of standardized policies and regulations when it comes to dealing with the issue of information security in healthcare organizations. As an outcome of this research we hope to develop a simplified framework that can assist healthcare organizations in the implementation and management of an effective information security policy (ISP). The intended framework is expected to be of great benefit to the smaller healthcare organizations that may be lacking the necessary information security expertise. A study will be conducted on the status of information security within Saudi Arabian healthcare organizations in an effort to strengthen the recommendations of the proposed framework.