Current location - Health Road Network - Medical equipment - Medical network security emergency plan

Medical network security emergency plan

Medical network security emergency plan

Introduction: Here is my carefully organized medical network security emergency plan, welcome to read!

Medical Network Security Emergency Response Plan

I. General

(a) the preparation of the purpose

In order to effectively prevent the risks arising from the operation of the hospital information system, to prevent and minimize the hazards and losses caused by the emergencies, the establishment and integrity of the hospital Computer information system emergency response mechanism, improve computer technology and hospital business emergency response and protection capabilities, to ensure that patients in special circumstances can be timely and effective treatment, to ensure that the computer information system is safe, sustainable and robust operation.

(2) the preparation of the basis

According to the "Zhejiang Province network and information security emergency response plan" and the national information security requirements and related information systems management laws, rules and regulations, and combined with the actual hospital, the preparation of this plan.

(C) working principles

unified leadership, hierarchical responsibility, close organization, cooperation, rapid response, strong protection

(D) the scope of application

applicable to the hospital's computer network and various types of application systems

the hospital's computer network and various types of application systems

strong> Second, the organization and responsibilities

According to the overall requirements of the computer information system emergency management, the establishment of the hospital computer information system emergency security leading group (referred to as the emergency leading group), is responsible for leading, organizing and coordinating the whole hospital computer information system emergencies emergency security

security work.

(a) Leading group members:

The head of the group is the dean.

Deputy head of the group by the relevant Vice President.

The members are composed of the information center, hospital office, medical department, nursing department, outpatient office, finance department, medical insurance office, general affairs department and other departments in charge.

The daily work of the emergency response team is undertaken by the hospital information center, and other relevant departments actively cooperate.

(2) Leading group responsibilities:

1. Develop the hospital's internal network and information security emergency response plan.

2. Do a good job of hospital network and information security emergency.

3. Coordination of network and information security emergency response work between the relevant departments within the hospital, and coordination of network and information security emergency response work with software, hardware vendors, line operators.

4. Organize the hospital's internal and external technical force to do emergency response work.

Third, the hospital information system failure reporting procedures

When the workstations found that the computer access to the database is slow, can not enter the corresponding program, can not save data, can not access the network, the application of non-continuous work, to immediately report to the Information Center. The staff of the Information Center must attach great importance to the problems raised by the workstations, make records, and give timely feedback to the workstations on the fault information after verification, and at the same time convene the relevant personnel to analyze the problem in a timely manner, if the cause of the fault is clear, and it can be restored immediately, the work should be resumed as soon as possible; if the cause of the fault is unknown, the situation is serious, and it cannot be eliminated in a short period of time, the fault should be reported to the emergency response leading group immediately, and in the case of the network can not run The first thing you need to do is to get a good understanding of how to use the Internet and how to use the Internet in a way that will help you get the most out of the Internet.

Fourth, the hospital information system failure classification

According to the reasons for the failure and the nature of the different classified into three categories and other failures: a failure: due to the failure of the server to work properly, fiber optic damage, loss of data on the main server, the backup hard disk damage, the server is unstable, the local network is not available, the price of the table directory was deleted or modified, the key terminal failure, the regularity of the work of the hospital, and the failure of the hospital information system failure. Modification, key terminal failure, regular overall, local software and hardware failure caused by network paralysis.

Type II failures: system failures due to single terminal software and hardware failures, loss of information on a single patient, accidental data processing errors, and violation of workflow in some departments.

Type III failure: due to the terminal operation of unskilled or improper use of the error.

Other failures: health insurance system failures caused by the health insurance line, health insurance terminal For the above failure classification level, the principles of treatment are as follows:

A class failure? By the director of the information section reported to the hospital emergency response team leadership, the hospital emergency leadership team to organize and coordinate the recovery work.

Class II failure? Reported by the system administrator to the director of the information center, the information center centralized solution.

Class III failure? Solved by the system administrator alone, and detailed registration of maintenance.

Other faults? By the Finance Section, the Office of Health Insurance, the Office of the clinic in accordance with the relevant provisions of the health insurance to coordinate the solution.

Fifth, the primary work of the overall network failure

1. When the information center once identified as the overall network failure, the first thing is to immediately report to the leadership of the emergency response team, and at the same time, the organization of the recovery work, and take into account the full consideration of the special circumstances such as holidays, patient flow, personnel out and hospitals have major activities on the failure of the recovery of the time impact.

2.

2. When the overall failure of the network is found, the departments according to the degree of fault recovery time will be transferred to manual operation, the specific time limit is clear as follows (such as patients or medical conditions need to be transferred to manual operation at any time):

(1) can not be restored within 30 minutes? Outpatient registration, hospitalization registration, outpatient doctors, pharmacy and other departments transferred to manual operation.

(2) Cannot be resumed within 6 hours? Inpatient physician workstations, nurse workstations, operating rooms, and medical examinations are transferred to manual operations.

(3) 24 hours or more can not be restored? All kinds of hospital operations to manual operation.

VI. Specific coordination arrangements for each department

1. All manual operations of the unified start time must be notified by the Information Technology Section, the relevant departments strictly in accordance with the notification of the time to coordinate the various tasks, not allowed to operate the computer before receiving new instructions.

2. outpatient registration, fee work coordination

(1) outpatient fee by the director of the outpatient clinic, the financial section is responsible for contact coordination, and information section to maintain contact, timely feedback and communication of the latest news.

(2) When the network system operation is interrupted for more than 30 minutes, to notify the cashier to transfer to the manual charging program.

(3) Outpatient cashiers should establish a manual invoice use register to make a detailed registration of invoice use.

(4) When the system returns to normal, the cashier is responsible for monitoring the stability of the network operation, such as instability, timely feedback to the information center.

(5) After the network is restored, the operator should promptly enter the interruption period . Patient information into the computer.

3. Coordination of the work of the Discharge Settlement Service

(1) The Chief of Finance is generally responsible for liaison and coordination.

(2) In principle, not in the hospitalization office, the bookkeeping office to make up the cost of recording, in order to prevent the emergence of confusion in the accounts.

(3) When the system stops running for more than 24 hours, for ordinary discharged patients, delay the discharge settlement time. Patients discharged in an emergency should be manually accounted for and handwritten invoices issued based on medical records and clinical nurse workstation records.

(4) When a discharged patient is in urgent need of settlement during a period when the network is out of operation, the nurse workstation of the department should track down whether there is still an ongoing checkup program and provide details of the cost to the Discharge Settlement Office before sending it for settlement.

4. Coordination of doctors' workstations

(1) Doctors' workstations are coordinated by the medical department.

(2) The electronic medical record system of prescriptions, doctor's orders, medical records, tests, examination request forms are always paper handwritten.

(3) Discharge with drugs by the doctor in charge of the financial situation, such as cost overruns in principle do not bring drugs.

(4) For patients who are about to be discharged or have a tendency to be discharged, the attending physician should be noted on the check request form.

(5) received information section notification of the resumption of operation time, as required to make up the recording of medical prescriptions; 5. Coordination of nurse workstations; (1) nurse workstations by the Ministry of Nursing to organize and coordinate; (2) network failure during the patient should be a detailed record of the implementation of all the costs of the situation; (3) fill out the details of the medication requisition form for each patient (including the name and residence; (4) received information section notification of the resumption of operation time, as required to make up the recording paper 6. medical examination work coordination; (1) medical workstation by the medical section of the organization and coordination; (2) network failure during the PACS, LIS and other information systems to transfer

(5) received a notice from the Information Technology Section to resume running time, according to the requirements to fill in the doctor's orders and other paper information.

5. Nurse workstation coordination

(1) Nurse workstations are organized and coordinated by the nursing department.

(2) Detailed documentation of all charges performed on the patient should be documented during network outages.

(3) Fill out each patient's drug requisition form in detail (including name, hospitalization number, fee type, drug name and dosage) in duplicate, one for the department to make up the doctor's orders, and the other to send to the pharmacy as a voucher for medication.

(4) Receive notification from the Information Section of the resumption of operation, and make up the paper information as required.

6. Coordination of medical checkups

(1) Medical workstations are organized and coordinated by the Medical Section.

(2) PACS, LIS and other information systems are transferred to manual mode during network failure.

(3) During the network outage should be retained in detail, organizing the bottom link of the check request form.

(4) After the network is restored according to the manual checklist registration, through the manual price recording to make up for the patient's fees (pay attention to contact and communication with the fee office, clinical departments).

(5) For patients who are about to be discharged or have a tendency to be discharged, the examination department should promptly notify the department or hospitalization service to communicate the cost situation.

7. Pharmacy work coordination

(1) Pharmacy workstations are organized and coordinated by the medical section.

(2) Strictly in accordance with the time and requirements notified by the Information Center.

(3) Prepare a paper drug price list for manual price delineation and update it in time.

(3) In case of network failure, the outpatient clinic will price and dispense medicines according to the doctor's manual prescription; the inpatient clinic will dispense medicines according to the medicine requisition list provided by the clinical departments.

(4) When the network is restored, the outpatient manual prescription is uniformly handed over to the fee office to make up for the record, and the inpatient clinical departments make up for the drug prescription to be issued and confirmed; at the same time, the content of the drug prescription and the requisition form with the issuance of drugs to be checked in detail, such as the content of the discrepancy found to be traced in detail.

(5) After the recovery of the network on the discharge of drugs and other paper prescriptions in a timely manner to confirm.

The workstations are required to restart their computers when they are notified of re-operation, and the engineering recovery of the overall network failure is carried out by the Information Center in strict accordance with the requirements of server data management.

VII. Emergency data recovery work regulations

1. When the server confirms the failure, the network administrator in accordance with the "Data Backup Recovery Program" to carry out system recovery.

2. Network administrators are designated by the director of the information section is responsible for the recovery. When personnel changes should be handover procedures.

3. When the network line does not work, the network administrator should immediately arrive to maintain, when the fiber is damaged should immediately use a spare fiber to restore, switch failure, you should use a spare switch.

4. The details of each recovery should be recorded in detail.

5. Usually should be regularly on the whole system backup data to simulate the recovery once to check the availability of data.

Eight, network server failure emergency procedures

Network server failure is due to hardware or software causes the hospital information management system to stop running, once the failure occurs, according to the following procedures.

1. The information section should set up a person to manage and monitor the network operation. Problems found in a timely manner at the same time to deal with the leadership of the department to report quickly. After troubleshooting, a fault report should be completed and reported at the technical seminar.

2. Encountered a large failure, the information center staff should be quickly assembled, collective attack. Specifically divided into three groups to do the following:

(1) Troubleshooting group: centralized system administrators continue to analyze the fault, find the cause, repair the system.

(2) technical liaison group: quickly get in touch with software and hardware vendors to take effective means to obtain technical support.

(3) Intra-hospital coordination group: notify all departments in the hospital of the failure, and go to key departments to assist in data preservation.

3. The hospital's various system-using departments to develop appropriate data protection measures for system failures, and the establishment of a data rescue team, found that the downtime, should be preserved breakpoints, to protect the original data, before and after the breakpoints of the form is stored separately.

4. During the downtime, the relevant departments should organize a data recording team on standby, once the system is restored, the day should immediately complete the entry of important data, the next day to complete all the data recording.

5. After the troubleshooting, the information center work technology group should be developed according to the program piece of work, to assist the important sections of the data recording work.

6. 2 days after the troubleshooting, the information section should organize a technical seminar to analyze the cause of the failure, develop preventive measures, complete the troubleshooting report to the leadership of the hospital

IX. Emergency security

(a) the usual protection of network and information security

2. Technical security: on the one hand, the network equipment security reinforcement, such as increasing firewalls, intrusion monitoring equipment, etc., the known system vulnerabilities in a timely manner to install patches, on the other hand, to carry out technical reserves, the internal regular training of personnel, while taking the way through the purchase of security services from professional network security companies to strengthen the ability to deal with emergencies and efficiency.

3. In the construction and planning of network engineering, network security considerations should be effectively strengthened, and the design should take into account the redundancy of equipment backup, information storage off-site backup, etc.

4.

(2) Emergency response drills

The emergency response team should regularly conduct emergency response drills to enhance the ability and awareness of emergency response.

Medical network security emergency plan related articles:

1. medical waste leakage emergency plan

2. power outage emergency plan

3. blood transfusion emergency plan

3.

4. Environmental Emergency Plan

5. Flood Emergency Plan

6. Security Emergency Plan

7. Fire Emergency Plan 2017

7. Plan

8. Sample Emergency Response Plan

9. Building Security Emergency Response Plan

10. Emergency Response Plan Concept

;

Related articles