Abstract – Value of information privacy has changed over time. Hence a weak personal data protection legal system will increase the threats and damages to individuals, especially in case of sensitive data like health information. Considering increasing amount of incidents, there is not any report or study showing how far Health companies protect both personal information of Malaysian citizens. The objective of this study was to assess the level of compliance with Malaysian Personal Data Protection Act 2010 by hospitals, clinics, and pharmacies. The authors used qualitative method using document analysis. The authors evaluated privacy policies of samples in line with requirements of the Act, especially Notice and Choice Principle and rights of individuals. Findings of the study showed serious non-compliance. Some companies are completely unaware of the Act. Considering sensitivity of health information and its value, the authors suggested amending alternatives to be applied for these privacy statements. The authors suggested specific inspections and issuance of guidelines and orders by data protection commissioner.