Existing federal and state legislation provides for strong security and privacy requirements for health information While these strong requirements exist there is limited research on the actual responsibilities of and skills required by the information security professionals responsible for protecting patient healthcare information. In this research a qualitative study is performed to compare the expectations of responsibilities and skills for healthcare information security and privacy officers to the perception of the actual responsibilities and skills required by current security and privacy officers. While the perceived actual responsibilities correspond to the anticipated responsibilities the required skills are significantly different with an emphasis on soft people skills over technical capabilities.