Yes, it must be done. The medical industry has always been the focus of grade protection evaluation. As early as 2011, the hospital's hierarchical protection work had already been carried out. By 2018, the state also included Internet hospital platforms into the scope of information system level protection. At present, the relevant regulations on the hierarchical protection of information systems in the medical industry issued by the National Health Commission (National Health Commission) are:
① "Guiding Opinions on Hierarchical Protection of Information Security in the Health Industry"
②"2016 Tertiary General Hospital Evaluation Standards and Evaluation Methods (Full Version)"
③"National Health and Medical Big Data Standards, Safety and Service Management Measures (Trial)"
④"Internet Hospital Management Measures (Trial)"
⑤"Internet Diagnosis and Treatment Management Measures (Trial)"
If it is an Internet hospital, it must also pass the third-level certification.