Health Care Establishments (HCE) are today highly dependent upon Information and Communications Technologies (ICT). This increasing reliance upon ICT has stressed the need to foster security in Healthcare Information Systems (HIS). Security policies may have a significant contribution to this effort, but they could become the cause of portability and interoperability problems. Moreover, policies that fail to take into account all the aspects of HIS security, the legal and regulatory requirements, and the existence of several stakeholders may lead to ineffective or inefficient security measures. Policies of a special category, named Generic Security Policies (GSP), should be developed to provide policy-level harmonisation and guidance to policy-makers within HCE. Six such policies are comparatively reviewed herein.