医院网络安全等级保护综合管理平台设计探讨  被引量：3

作　　者：陈明[1] 林志刚[1] 林传捷[1] Chen Ming;Lin Zhigang;Lin Chuanjie(Department of Information Center,The First Affiliated Hospital of Fujian Medical University/National Regional Medical Center,Binhai Campus,The First Affiliated Hospital of Fujian Medical University,Fuzhou 350005,Fujian Province,China)

机构地区：[1]福建医科大学附属第一医院信息中心、福建医科大学附属第一医院滨海院区国家区域医疗中心,福州350005

出　　处：《中国医疗管理科学》2023年第3期42-48,共7页Chinese Journal Of Medical Management Sciences

基　　金：福建医科大学附属第一医院软科学研究计划课题(2020FY-R-05)。

摘　　要：对医院网络安全等级保护工作存在的问题和现有的解决方案进行分析,根据国家等级保护基本要求、安全设计技术要求以及医疗行业的特点,提出医院网络安全等级保护综合管理平台的流程设计和业务架构,以某省属三级甲等医院为例,开发了基于等级保护2.0标准体系的综合管理平台。平台克服了医院无法实施标准化等级保护管理、无法掌握信息系统安全状态、难以高效完成检查任务等问题,实现了对医院信息系统定级、备案、自评、建设整改、测评和监督检查的全流程管理,使医院等级保护管理趋于规范化和标准化。以该平台为基础的安全管理实践有效提升了医院网络安全管理效率和质量,可为其他医疗机构等级保护工作支撑系统的建设提供参考。Problems and solutions for the current hospital network security protection were analyzed.We proposed the flow process and business structure of integrated management platforms for network security protection in hospitals based on the basic requirements and technical standards in national graded network protection guidelines and the features of health care industry.Accordingly,we developed an integrated management platform for network security protection in a tertiary hospital based on the Grade Protection 2.0.In the past,the hospital was not able to perform standardized management on graded network protection,learn the security status of the information system,or carry out inspection and tests in an efficient manner.With the availability of the new system,the hospital now can carry out whole-course management on the grading,filing,self-inspection,rectification,evaluation,and supervision/inspection of hospital information systems,thus achieving the standardization of graded hospital network protection.The security management practice based on this platform has effectively increased the efficiency and quality of hospital security management and may provide a reference for the construction of supporting systems for graded network protection in other medical institutions.

关 键 词：医院网络安全 等级保护2.0 综合管理平台 安全管理 

分 类 号：R197.3[医药卫生—卫生事业管理] TP309[医药卫生—公共卫生与预防医学]