This research adopts a grounded theory approach to examine the drivers, safeguards and operational outcomes of organizational information privacy responses in the healthcare context. Semi-structured interviews with key healthcare stakeholders were conducted. The findings are sobering. First, privacy safeguards are driven by legal compliance, competitive advantages, available resources and best practices. However, organizations have to balance conflicting risks associated with these drivers. Second, this study identifies the operational and behavioral outcomes which results in major balance issues. Third, the adoption of a privacy impact assessment (PIA) allows the integration of a risk management approach to effectively assess the different types of privacy risks. The findings provide evidence for: (1) a gap between privacy responses and their outcomes on healthcare practice and delivery; (2) the importance of the privacy impact assessment as a risk management tool; and (3) the challenging context of the healthcare environment of how privacy responses are unfolding.