What kind of security certification does medical information service need?

Author: with the wide application of Internet, big data and cloud computing in medical informatization, Chen Peng's information security has attracted more and more attention It is no exaggeration to say that security has become the foundation of medical informatization How to prove that the services provided are safe and reliable, which is a problem for medical information enterprises The arterial network (micro signal: vcpeat) has also made an inventory of the important authentication of the current information security part, hoping to have some reference What is information security certification and how important is it? Information security management system (ISMS) is a part of the whole enterprise management system It is a series of management activities based on risk assessment, such as establishment, implementation, operation, monitoring, review, maintenance and continuous improvement of information security It can be used in the management and construction of enterprise information security, and ensure all aspects of enterprise information security through the management system It is very complex for enterprises to pass the certification preparation of information security management system, which usually makes enterprises feel "peeling off" However, the relevant certification of information security management system is more beneficial than harmful for enterprises Generally speaking, the relevant certification of information security management system can bring four benefits to enterprises: internally, it can significantly improve the information security management ability of enterprises, enhance employees' awareness of information security management, and effectively prevent and control information security risks; for customers, it is a third-party objective certification recognized by the state, which enables customers to identify enterprises that have passed the certification The products and services provided by the industry are reliable and reassuring; for the cooperator, it is the proof that the enterprise is in line with the international information security standards, and can directly recognize each other's information security management level when cooperating with the enterprises passing the similar certification; for the industry, it is the benchmark in the information security industry, which can not only show the enterprise's information security management level, but also improve the enterprise's brand image and behavior Industry competitiveness " It's just like a new comer who has passed the information security certification, and is finally recognized as a martial arts expert through the hard work of close training Information security is becoming more and more important What is its development process? In recent years, China has gradually strengthened the formulation of information security standards and formulated many policies and regulations Under this background, the National Medical Security Bureau has accelerated the informatization and standardization of medical insurance in recent years In 2019, the National Medical Security Bureau proposed to "continuously promote the standardization and informatization construction" as the annual key work, highlighting the importance of "personal health and disease data" security in the current, and "ensure data security" has been raised to an unprecedented height When it comes to information security, the first thing to look at is ISO27001 This is the main standard of ISO27000 series certification, similar to ISO9001 in ISO9000 series It is no exaggeration to say that ISO27001 is the most authoritative and strict system certification standard in the field of information security, which is widely accepted and applied in the world The organization has passed ISO27001 certification, which means that the organization has established a set of scientific and effective management system for information security management, which can provide users with reliable information services In addition, iso27017 and iso27018 are the most common international standards for cloud services In recent years, medical informatization has not only become an important direction of the development of medical industry, but also the focus of national network security and informatization construction in the 13th five year plan In this segment industry, there are no lack of old giants, such as Neusoft group, Weining technology, etc., and no lack of cross-border rookies, such as Ping An medical insurance technology under Ping An group It is reported that as a rising star, Ping An medical insurance technology has officially obtained iso27017 and iso27018 international security system certification issued by SGS (SGS Standard Technical Service Co., Ltd.) as early as the end of last year "In combination with the ISO27001 international information security management system standard certification obtained in the first half of this year, we (Ping An medical insurance technology) have integrated the key three guarantees in the field of information security, and the level of development and operation and maintenance has reached the internationally recognized level." Ping An medical insurance technology is very confident in its information security level Arterial network believes that the above certification enables Ping An medical insurance technology to meet the company's business bidding and daily information security management, and at the same time, it can be more recognized by foreign investment institutions, which is worth learning for the majority of information enterprises Starting from development, operation and maintenance follow closely, intellectual property rights escort, information security can not become a "castle in the air" no doubt, all security is built on the basis of development Without a solid and mature software development system, the so-called security can only be a mirage like a castle in the air For example, CMMI (Capability Maturity Model Integration), or software capability maturity integration model, is an international authoritative standard used to measure the maturity of software R & D capability and project management level of an enterprise, and is recognized as the passport for software enterprises to enter the international market In October last year, Ping An medical insurance technology obtained its highest level of CMMI5 qualification, becoming the first subsidiary of Ping An Group to obtain CMMI5 qualification At the same time, the company also passed the three-level certification of software security development in the early stage, introduced the modular agile framework safe4.0, and successfully passed the three-level certification of ITSS operation and maintenance, almost including all certification standards in related fields; in terms of intellectual property rights, Ping An medical insurance technology has applied for nearly one thousand patents and nearly one hundred software copyrights, ensuring the information security management body at the legal level Is the legal rights and interests of the covered it system The passing of these important certifications, the agile transformation of the R & D process and the guarantee of intellectual property rights mark that it has reached the international leading level in the process organization ability, technology R & D ability, project management ability, scheme delivery ability, etc of software R & D Leading industry, information security helps Ping'an medical insurance technology to achieve continuous success precisely because the foundation of information security is solid, which can reduce the risk of any information leakage and system security risks to the minimum, so Ping'an medical insurance technology can be recognized by government ministries and more customers in the market Arterial network learned that last year alone, the strength of Ping An medical insurance technology was recognized by medical insurance bureaus at all levels In May 2019, Ping An medical insurance science and technology won the bid for the construction project procurement project of the macro decision big data application subsystem and operation monitoring subsystem of the medical insurance information platform of the State Medical Insurance Bureau, providing professional and systematic support for the scientific decision-making and fine management of the State Medical Insurance Bureau, and assisting the State Medical Insurance Bureau in building "decision planning policy implementation operation monitoring analysis feedback" ”Management loop Subsequently, we won the bidding for the medical insurance supervision service project of Qingdao Medical Security Bureau and the information platform project of intelligent supervision system of Shandong Medical Security Bureau, etc., which were reported frequently "By the end of 2019, our market has covered nearly 30 provinces and more than 200 cities across the country, providing services for 800 million people." The person in charge of Ping An medical insurance technology said At the same time, the achievements of Ping An medical insurance technology have also been recognized by professional media At the end of last year's arterial network "top 100 medical companies in 2019" forum, Ping An medical insurance technology won the title of "top 100 medical companies in China in 2018" and "top 100 medical companies in China in 2019" again, and won the honorary title of "annual innovation enterprise" In the last few years, there are many important policies and standards in the field of medical informatization and internet medical treatment Although these innovations bring great convenience, no matter in hospital information construction, Internet hospital or telemedicine, the problems of system security and data security cannot be avoided With the advent of the cloud era, it is particularly important for medical institutions to ensure the security of information systems and data We believe that capable enterprises should continue to pursue the most advanced IT technologies, such as artificial intelligence, blockchain, cloud, etc., which represent advanced productivity At the same time, enterprises should also adhere to the relevant certification of high standards, and pay attention to the actual implementation of information security management Only in this way, can the enterprise really empower the medical information construction industry Jeni turtle