Security assessment and analysis of healthcare software applications can offer an in-depth understanding of role-based access options, logging capabilities, and vulnerabilities at the network, application, database, and operating system level for each application. An assessment can become more complicated as cloud capabilities become leveraged. Healthcare information is governed by a higher standard set forth by the U.S. Department of Health & Human Services through the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA policies are to be strictly enforced from the creation, transmission, and storage of data as well as during the release and capture to the cloud provider. Vendor and software evaluation can be viewed strictly based on cost, rather than the dependability and security that a higher price can potentially offer. Through reviewing security standards based on NIST and SANS, with a crosswalk to HIPAA guidelines, an open standard assessment guide for cloud-based software could be created. An open assessment guide could offer healthcare providers and agencies a guided process to assess potential vulnerabilities that could have long-term liabilities.