摘要
本文针对我国医疗机构面临的网络及数据安全现状,围绕门急诊、住院、检查检验、互联网诊疗4个典型临床业务场景,分析安全风险、保护对象以及密码应用需求;对照《信息安全技术信息系统密码应用基本要求》(GB/T 39786-2021)给出了用户身份真实性和医患行为不可否认、重要数据传输安全、重要数据存储安全等方面的密码应用设计;同时针对医疗机构密码应用实施过程中存在的系统上云、数据加密应用、利旧等问题提出了对应的实施建议,对未来多院区、医共体、医联体等多种复杂业务场景的密码应用情况进行了思考,以期推动密码技术在医疗信息化进程中的深入应用与广泛普及,构建一个更加安全、可信的医疗信息环境。
In view of the current situation of network and data security faced by medical institutions in China,this paper analyzes the security risks,protection objects and cryptographic application requirements around the four typical clinical business scenarios of outpatient and emergency,hospitalization,inspection,and Internet diagnosis and treatment,and simultaneously gives the cryptographic application design in terms of the authenticity of user identity and the undeniable behavior of doctors and patients,the security of important data transmission and the security of important data storage according to the Information security technology—Baseline for information system cryptography applicationy(GB/T 39786-2021).At the same time,in view of the problems existing in the implementation of cryptography application in medical institutions,such as system cloudification,data encryption and utilization,and reuse,corresponding implementation suggestions are put forward,and the application of cryptography in various complex business scenarios such as multi-hospital,medical community,and medical alliance in the future is considered,in order to promote the in-depth application and widespread popularization of cryptography technology in the process of medical informatization,and build a more secure and credible medical information environment.
作者
何祺
胡建平
郝惠英
HE Qi;HU Jianping;HAO Huiying(Center for Health Statistics and Information,National Health Commission,Beijing 100810,China)
出处
《中国卫生信息管理杂志》
2024年第4期477-484,共8页
Chinese Journal of Health Informatics and Management
关键词
医疗机构
网络及数据安全
临床业务场景
密码应用
medical institutions
network and data security
clinical business scenarios
cryptographic application
