In this article, data collected from onsite assessments of federal healthcare research programs were reviewed and analyzed. 103 research programs were evaluated for adherence to federal and organizational information security requirements and the data clustered into three primary compliance groupings, technological, procedural, and behavioral. Frequency and cross-tabulation statistics were conducted and chi-square statistics used to test for associations.