A national study of US healthcare cybersecurity and privacy. This work should benefit all doctoral students interested in seeing what a final doctoral dissertation should look like. Students preparing to submit their proposals for IRB review will find Chapters 1, 2 and 3 and the appendices helpful in preparing their IRB application packet. Students using survey research methods will find the discussions on determining sample size and selecting non-random samples of elusive populations helpful. Chapter 2 of this book is an example of what a good literature review in any doctoral dissertation needs to look like. It is also one of the most helpful discussions on the HIPAA security and privacy law and the surrounding recent literature. This work also contains examples of good free and open source tools for conducting surveys as well and statistical analysis. Research shows that during the past 5 years 80-90% of security breaches in healthcare has been due to people inside the organization. Security culture and information security governance is the key to addressing this problem. Cited in the reference materials for the HealthCare Information Security and Privacy Practitioner (HCISPP) certification by ISC2, this work shares the results of a national study of security compliance in US healthcare organizations conducted in 2013. The study identifies weaknesses in NIST 800-66 and provides solutions. Drawing upon the author's experience in implementing enterprise information security and privacy, the work provides an analysis of important scholarly literature surrounding human factors and insider threats with a particular emphasis on healthcare in the United States of America. The work is expected to benefit anyone implementing or studying enterprise information security and privacy.