Background: With the rapid improvement of the healthcare technologies, security and privacy of the most sensitive data, health data is at risk. Protecting patient privacy has many components, even though the data are in electronic format. Although patient privacy is thoroughly discussed in the literature, there is no study presenting all components of patient privacy protection. Methods: In this study, a complete evaluation framework is presented, as an evaluation tool, an inventory is developed, reliability and validity of the inventory is examined. Study is conducted in three phases: Conceptual framework development, inventory development and an evaluation case study. In the evaluation, fuzzy conjoint analysis is employed to handle the subjectivity and am-biguity. As the result of the evaluation, the institution is given a patient privacy protection ma-turity grade, between 1 and 5, where 1 is the worst and 5 is the best grade. Results: In the case study, XXX’s biggest hospital, employing 800 nurses, is evaluated. Half of the nurses, 400, have partici-pated in the study. Literature tells healthcare institutions do not invest enough to protect patient privacy, and the study results support this finding. Institution’s maturity grade resulted as level 2, which is bad. Conclusion: The study measures he privacy maturity with many evaluation com-ponents. Result of the evaluation explains to the patients and the public if their data is safe or not. With this maturity grade, patients have an idea about which institution to choose, public can conclude the institutions’ reliability in terms of patient privacy.