Legal analysis: information security technology, especially the progress of management technology above the network layer, for the hospital's information security management provides increasingly powerful technical means. However, in the actual management process, the development of security management technical measures should be adapted to local conditions, comprehensive consideration: the security risks faced by the hospital information system, the information system security expectations, the information system hardware and software situation, the degree of maturity of the technology of the technical measures, the cost of technical measures to implement the inputs and the maintainability of technical measures and other aspects of the factors [
Legal basis: "the Chinese people's **** and the State Data Security Law"
One is online medical data: test reports, diagnostic results, past medical history and other healthcare data are at risk of being illegally accessed, stolen and tampered with, and maliciously uploaded due to vulnerability attacks, virus infections, etc.
Two is data accessed by medical associations: personnel from medical associations as well as third-party service organizations may be exposed to leakage of important information such as doctor-patient privacy in the process of accessing and browsing sensitive data.
Third, clinical research data: clinical research data involves demographic information, examination information, test information, drug orders, diagnostic information, cases and patient reports, and the consequences of leakage during transmission are very serious;
Fourth, health insurance data: health insurance data involves docking with third-party organizations, and in system docking, data transmission, data use, data storage, data destruction and other aspects of security risks;
fifth, medical equipment maintenance data: medical device manufacturers in the remote medical equipment maintenance, data will face unauthorized access, insecure links, privacy data leakage, maintenance records are not properly preserved and other security risks;
sixth, the big data center health data: classification and grading The lack of mechanism leads to data security risks such as illegal login, unauthorized access, abnormal access, impersonation query, batch theft, and explicit leakage;
seven is wearable health device data: wearable device data in the collection, storage, and use phases are subject to varying degrees of security risks;
eight is medical and health APP data: the mobile application involves a number of online healthcare services
There are hidden risks of leaking personal health status data, payment data, health resource data, and public **** health information.