| Hospital Information construction is an efficient way to improve its medical service. The most important of which is the construction and management on hospital information system(HIS).Nowadays, HIS system and other software, networks, databases,servers have more cross-function,and the connotation and extension of HIS has been greatly expanded, which indeed improved its usage. However, the development of technology also brings risks and uncertainties to HIS.Hospital information system develops very fast in China, which also brings more risks, and it becomes a big challenge to HIS.It needs a high safety environment in hospital, such as charging, medical information, patients'private matters, security of management information. However, non-standardized operation often exists in hospital. The fundamental reason is that there is no scientific and rigorous authentication strategy. Which increase the possibility to reveal the secret illness of patients, and attack risk of HIS.There are a lot of researches related with information system security, but researches with hospital information system are seldom. Nowadays, there is no security policy design methods, steps and implementation details about hospital information. The previous researchers placed emphasis on research from one side of information security management, or technical details.And some international standards, such as the implementation of information security management system standard ISO1779 (9), are difficulty to follow.To solve this problem, based on academic researches, this paper focused on HIS security maintenance practice and practical needs, and proposed a set of complete HIS security policy design and implementation. This method is composed of information assets identification, information safety objectives and safety requirements analysis, information security policy design, information security management design, information security audit strategy and design sessions.The safety strategy give out by this paper is effective and easy to use.In the chapter of information asset identification, this paper analysis the contribution of information asset, and designs a practical and reasonable coding and identifying method.In the chapter of information safety objectives and safety requirements analysis, this paper identifies the electronic business in HIS,and analysis the safety requirement in hospital.In the chapter of designing information safety strategy, this paper gives a complete and proper method based on the result of information asset identification. The strategy include physical safety strategy, access control strategy, authority strategy, final computer defense strategy, and net communication defense strategy. |
PDF Full Text Request