国家级妇幼卫生监测数据网络直报系统信息安全现状分析

Analysis on Information Security of Web-Based Data Reporting System of National Maternal and Child Health Surveillance

通过调查妇幼卫生监测数据网络直报系统的相关资金投入、设备建设和信息安全措施,探讨中国妇幼卫生监测数据网络直报系统的信息安全现状。方法选择2009年1月至2011年12月参与全国妇幼卫生监测数据网络直报工作的546家各级妇幼保健监测机构作为研究对象。采用自填式问卷调查参与直报工作的保健机构信息系统的资金投入、设备建设和采用的信息安全措施情况,分析不同行政级别(省、地市和区县)和地区(东部、中部、西部)间的差异。结果本研究回收有效问卷为503份。2009-2011年间,监测机构信息化资金总额为1.97亿元,直接用于监测的经费仅占16.17%。机构平均投入和单位平均监测专用资金方面,东部地区均高于中部和西部地区,省级机构高于地市级和区县级机构。资金来源为本单位自筹的机构分别占41.16%,来源为上级拨款的机构占7.83%,来源为监测项目的机构分别占29.29%。资金的主要用途为购买计算机硬件和网络设备。无监测专用计算机、服务器、硬件防火墙和不间断电源系统(UPS)设备的监测机构分别占14.51%,26.84%,77.14%和42.94%;无局域网、单机病毒防护措施的机构占9.85%和9.09%。结论现有妇幼卫生监测机构信息安全发展不平衡,中部和西部地区滞后于东部地区,县级机构滞后于地市级和省级机构。妇幼卫生监测机构应增加计算机硬件投入和加强网络设备建设,以满足卫生行业信息化发展的需求。

Objective To investigate the fund input,equipments and information security measures for the web-based data reporting system of National Maternal and Child Health Surveillance in health institutions.Methods From January 2009to December 2011,a total of 546 maternal and child health monitoring agencies which involved in web-based data reporting system of National Maternal and Child Health Surveillance in health institutions were included in the study.Self-filling questionnaire was used to collect data of 503maternal and child health service institutions involved in national maternal and child health surveillance,particularly on total amount,resources and use of funds,equipments and information security measures taken for web-based data reporting system.Institutions were grouped by administrative level（province,prefecture/city and district/county）and by geographic areas（east,middle and west）.The disparities in above mentioned aspects among groups were then evaluated.Results During the period of 2009-2011,a total of 197million Yuan was invested into the information systems of these institutions,only 16.17% was used for maternal and child health surveillance.Of these institutions,funds raised by themselves,appropriated by supervising authorities and derived from special funds for surveillance accounted for 41.16%,7.83% and 29.29% respectively.There were 14.51%,26.84%,77.14% and 42.94% of institutions without dedicated computer,server,fire wall and UPS equipments.Of them,9.85% and 9.09% had no antivirus measures for local network and desktop computer.Conclusions Current fund input is insufficient for surveillance units to construct hardware and take protective measures to meet requirements of information security.It is necessary to raise investment through various sources of finance to perfect surveillance system and its information security management system.