Medical personnel is the front-liner in receiving the electronic Protected Health Information (ePHI). Thus, they become a crucial factor in preserving the security of ePHI in HIS. Previous studies exhibit numerous negligence issues from medical personnel resulting in data leakage. Therefore, this study is conducted to analyze the security awareness level, and which aspects and profile groups need more emphasis on understanding the security standard. The assessment uses the HIPAA Security Rule as a reference and is divided into administrative and physical aspects. The results illustrated an inadequate understanding of the medical personnel with score of 2,588 from the target <2. It was further identified that unsatisfactory aspects must be addressed, i.e., Cyberthreat types, Device and Media Use. The study also assesses the work experience groups and perceived that the medical personnel with more than 15 years of experience and less than two years of experience have insufficient awareness of Security standards. It is also derived that private hospital has higher awareness level compared to public hospitals. It was concluded that different group requires different aspects priority on the security awareness training module.