In this paper, we propose a model of capabilities that identify the reliability degree of Cybersecurity and Privacy elements applied to the Health Sector. The increasing interactions between technology and the health sector have brought a new set of risks to be confronted, such as data breaches and cyberattacks. However, in order to improve, a greater understanding of their current situation is needed. The proposal identifies the capability level for the organizations to know their maturity level comprehensively. This was achieved by selecting existing models, frameworks, and regulations, increasing their complexity, integrating their privacy and cybersecurity capabilities, and health data management. In this way, the proposal is supported by a tool prepared for outcome estimation and diagnosis. The model structure is organized into categories and subcategories, and the assessment is made according to the level of compliance with controls, for which five levels of maturity were defined: 1. Basic, 2. In Progress, 3. Defined, 4. Differentiated, 5. Continuous Improvement. The model was validated and proven in a private hospital in Lima, Peru. The preliminary results are related to the model application in the selected process. As a result, we found that the private hospital obtained a level of maturity of 2-In Progress. Based on this, we made some recommendations to improve the capacities of the assessed health provider. A comparison was made between the proposed model's results and the ones obtained through its root components. Said results were similar, thus proving that a coherent and comprehensive integration was achieved.