The growing adoption of Cloud computing in various government and business domain makes it of importance for users to understand how their information is protected and accounted for in Cloud contracts especially in data sensitive domains such as healthcare. Prior studies have highlighted that contract terms for Cloud computing are evolving based on user’s information privacy protective responses and liability is the most negotiated term. There is extant research on individual privacy but very few studies have addressed organizational privacy. This research inductively develops a framework using a multiple case study approach that addresses the following descriptive question- what dimensions constitute an organization’s major privacy concerns when exchanging data in the Cloud. The findings from this research will have implications for managers while incorporating penalty clauses in Cloud contracts and informs government in forming privacy regulations suitable for the healthcare sector.