Health care organizations are worried about information security because they generate important and valuable information in the field of health informatics. Therefore, the present study was conducted to investigate the health information management staff's viewpoint on non-technical security management factors. A descriptive cross-sectional study was conducted between Feb to Apr 2018 in 12 academic hospitals in Mashhad, north-eastern Iran. Data were collected through a paper-based questionnaire that was designed based on previous studies and published literature. From the views of staff, the information security management had the highest average (Mean = 3.63) while organizational culture had the lowest average (Mean = 3.32). The results of this study showed that security controls are essential for protecting critical information. Organizations must also consider appropriate security actions for protecting critical organizational information.