摘要
目的提升医院网络安全防护能力,应对互联网时代医院信息系统面临新的网络安全风险与挑战。方法以网络安全相关标准制度为依据,以初步实践为基础,从网络安全组织机构划分、信息系统分级保护、网络安全建设、网络安全运行4个方面提出医院网络安全防护策略建议。结果围绕以上4个方面策略,开展网络安全防护实践,使北京协和医院网络安全管理的防护能力明显提升,规范性加强,网络安全工作步入良性循环。结论制定网络安全策略是新时代医院网络安全防护的核心要素和工作重点。同时,网络安全工作是一个长期的过程,应综合考虑成本、方便性、可实施性等多种因素,持续推进。
Objective To improve the cyber-security protection capacity of hospital and cope with the new cyber-security risks and challenges of hospital information system in the Internet era.Methods On the basis of cyber-security related acts,standards and preliminary practice,some advice about hospital cybersecurity protection policy is proposed from four aspects:the cyber security organization division,information system classified protection,cyber-security construction,and cyber-security operation.Results The standardization of cyber-security management in Peking Union Medical College Hospital was significantly improved,and the cyber-security work stepped into a virtuous circle.Conclusion Formulating the cybersecurity policy is the core element of cyber-security protection in hospital in the new era.The cyber-security work is a long-term process,which should be continuously promoted by considering the cost,convenience,feasibility and other factors.
作者
孟晓阳
王辰超
朱卫国
MENG Xiaoyang;WANG Chenchao;ZHU Weiguo(Peking Union Medical College Hospital,Beijing 100730,China)
出处
《中国卫生信息管理杂志》
2020年第3期290-295,共6页
Chinese Journal of Health Informatics and Management
基金
中国医学科学院医学与健康科技创新工程《医学大数据信息采集和分析评估》(项目编号:2016-I2M-2-004)。
关键词
医院信息系统
网络安全策略
安全管理
hospital information system
cyber security policy
security management
