According to the "Computer Information System Security Protection Regulations of the People's Republic of China" and the "Information Security Level Protection Management Measures", the dedicated networks of provincial and municipal medical insurance centers are the focus of network security prevention. According to the public security department , the information security management department and the Human Resources and Social Security Bureau require that a private network must be dedicated and physically isolated from all types of external networks, including the Internet. In this regard, all provinces, municipalities and autonomous regions have strict requirements. Take the regulations of Xianning City, Shaanxi Province as an example:
Designated medical institutions and designated retail pharmacies (hereinafter referred to as the "two designated" institutions) are an important part of the medical insurance work. , its computers, IC cards, and terminal equipment are cutting-edge equipment. In order to ensure the security of medical insurance network information, the following provisions are made.
Article 1: "Two fixed" institutions should be equipped with special computers and equipment, and have designated personnel responsible for management.
Article 2 It is strictly prohibited to connect medical insurance network computers to the Internet. If you need to temporarily access the Internet, you must be guided by technical personnel or authorized personnel from the information management agency of the county, city (district) human resources and social security bureau, and only on the premise of ensuring the security of the entire network system can you access the Internet; after the transaction is processed After that, it must be disconnected immediately.
Article 3 Computers connected to the medical insurance network are not allowed to have built-in computer games, and are not allowed to use external storage devices (including U disks, mobile hard disks, CDs, etc.) and software at will; if necessary, they must be disinfected It can only be used after it is confirmed to be safe.
Article 4 Computers, IC cards, and terminal equipment connected to the medical insurance network must go through network access registration procedures.
Article 5: "Two fixed" institutions must strictly follow the operating procedures to use computers, medical insurance settlement software, IC cards and other related equipment connected to the medical insurance network, and it is strictly prohibited to change the system date and system-related attribute settings without permission.
Article 6 "Two Determined" institutions shall accurately and timely enter medical treatment and drug purchase information into the system and upload it completely every day, and shall not falsely report, conceal, forge or tamper with, and download center information in a timely manner.
Article 7. If there are hardware problems or operating system problems during the use of the system, please contact the hardware provider to solve them; if software problems occur, they should be reported to the information management agency of the Human Resources and Social Security Bureau at the same level in a timely manner. It will be handled by the chemical management agency.
Article 8 "Two Certain" institutions must purchase and use genuine anti-virus software and firewall software.
Article 9 “Two Certainties” agencies must regularly check the notices and information published on the Municipal Human Resources and Social Security Bureau portal website to promote medical insurance-related policies and businesses.
Article 10: After the "two fixed" institutions terminate the medical insurance service agreement, they should immediately stop using the medical insurance network facilities and cooperate with the human and social information management agencies at the same level to clean up the relevant software and data of the medical insurance information system. and recycling of PSAM cards.
Article 11 When the "two fixed" institutions are changed or transferred, they must apply to the human resources and social security information management agency at the same level for approval; after approval, the human resources and social security bureau information management agency at the same level will be notified. Medical insurance information facilities are undergoing changes.
Article 12 The medical insurance network system shall not be extended by itself and credit card settlement shall be made; medical insurance network facilities shall not be moved, reconnected, dismantled or relocated without authorization; theft or damage to medical insurance network facilities shall be reported to the same department in a timely manner Level human and social information management organization.
Article 13 "Two fixed" institutional medical insurance system managers and operators are strictly prohibited from using third-party software and tools to modify or delete the central database and local database.
Article 14 "Two fixed" institutions must keep the administrator and operator accounts and passwords well, and are strictly prohibited from lending or transferring them.
Article 15 Technical personnel of the information management agency of the county, city (district) human resources and social security bureau will regularly or irregularly inspect the "two fixed" institutions, and the "two fixed" institutions must cooperate. If any security issues that may pose a threat to the "Financial Insurance Project" medical insurance network are discovered during the inspection, direct network disconnection measures can be taken to suspend the network access of the "two certain" institutions.
Article 16 If you violate this system and cause economic losses, in addition to being borne by yourself, you must also be notified on the portal website of the Bureau of Human Resources and Social Security; if the circumstances are serious, your qualifications for accessing the medical insurance network will be revoked; If the circumstances are particularly serious and result in data loss, data tampering, information leakage or network failure in the data center of the Municipal Human Resources and Social Security Bureau, in addition to being disqualified from accessing the medical insurance network, they will be handed over to judicial authorities for processing and legal liability will be pursued.
Article 17 This system shall come into effect on the date of issuance. The Municipal Human Resources and Social Security Bureau is responsible for interpretation.
Extended reading: How to buy insurance, which one is better, and step-by-step instructions to avoid these "pitfalls" of insurance