Current research in health care lacks a systematic investigation to identify and classify various sources of threats to information privacy when sharing health data. Identifying and classifying such threats would enable the development of effective information security risk monitoring and management policies. In this research I put the first step towards identifying and classifying privacy threats from a selection of health data exchange scenarios. Specifically I investigate data sharing scenarios that occur within a health care organization, between a health organization and a research group, and between patients and online social networks. I first derive the privacy requirements from legislative laws for protecting patient privacy in the U.S., namely the Health Insurance Portability and Accountability Act (HIPAA). Using the derived requirements I develop methods to enforce them in the data sharing scenarios specified. I use risk modeling to quantify the privacy threat in each sharing scenario and I incorporate that risk intelligence to develop security solutions to counteract the vulnerabilities found. I found that sharing health data within a care entity is vulnerable to breaches by authorized users. I developed a risk-scoring model, that profiles authorized healthcare employees based on their tendency to commit privacy breaches. I also found that current access control models that handle health data lack the necessary conditions to enforce HIPAA rules and to involve patients in the management of data. In response I designed an access control framework that enforces HIPAA rules and preserves data privacy when it is shared among authorized users. The access control model makes use of automated object policies that allows patients to set their privacy preferences regarding how data is disclosed and shared. I identified a privacy vulnerability when genomic data is shared for secondary usage using a real case study. The vulnerability allows the re-identification of contributors to genomic studies by combining information from publicly available data with the geographical location of the study participants. Knowledge of location can be explicitly stated in published results or implicitly inferred from the collection point (i.e. requesting data from a known location). In response I proposed a security protocol to anonymously share medical sequencing data and demonstrated that the risk of re-identification can be reduced with the proposed technique while keeping the fidelity of the data intact. Finally I identified a privacy vulnerability when patients share data on health social networks, by exploiting the fact that they reuse their pseudonyms in other social networks that contain identifying information about them. A Bayesian model was used to estimate risk, and the method of re-identification was demonstrated empirically. I propose a set of heuristics to reduce the risk of this privacy vulnerability. [The dissertation citations contained here are published with the permission of ProQuest LLC. Further reproduction is prohibited without permission. Copies of dissertations may be obtained by Telephone (800) 1-800-521-0600. Web page: http://www.proquest.com/en-US/products/dissertations/individuals.shtml.]