史敬华

    [摘要] 信息系统存在的安全问题是影响医疗信息系统发挥其效益的隐患，是影响医疗行业完成其治病救人使命的严重隐患。因此，各国普遍把医疗信息系统的安全保护列为关键信息基础设施保护(CIIP)。原卫生部2011年85号文件要求：重要卫生信息系统安全保护等级原则上不低于第三级。本文介绍了我国信息安全等级保护基本概念和等级划分，以及我国医疗行业信息安全等级保护的安全监管技术现状。在此基础上，分析了我国医疗行业信息安全等级保护在安全监管技术上未来需要进行优化调整的方向，为适应未来信息化发展，提出了进一步做好信息安全等级保护安全监管工作的建议。

    [关键词] 医疗;信息安全;等级保护;监管

    [中图分类号] R39? ? ? ? ? [文献标识码] A? ? ? ? ? [文章编号] 1673-7210(2019)02(b)-0177-04

    [Abstract] Whether the medical information system is safe or not is a hidden trouble which affects the efficiency and benefit of the system， and it is serious hidden danger which affects the medical profession to complete its mission of curing and saving people. Therefore， countries arounds the world generally regard the security protection of medical information system as the critical information infrastructure protection (CIIP). Document No.85 of the origina Ministry of Health of China in 2011 requires that the level of security protection of important health information systems is not lower than the third in principle. The paper introduces the basic concept and classification of classified protection of information system security in our country ......