Article 28 of the Measures for the Management of Network Security in Medical and Health Institutions: All medical and health institutions should attach great importance to the management of network security, put it on the important agenda, strengthen overall leadership and planning and design, implement major issues such as personnel, capital investment and safety protection measures according to laws and regulations, and ensure the simultaneous planning, construction and use of safety protection measures in the construction of information systems.
Twenty-ninth medical and health institutions should strengthen network security business exchanges, strictly implement the network security continuing education system, and encourage management posts and technical posts to hold certificates. By organizing academic exchanges and competitions, we can discover and select network security talents, establish a talent pool, establish and improve the mechanism of talent discovery, training, selection and use, and provide talent protection for doing a good job in network security.
Thirtieth medical and health institutions should ensure the development of network security level assessment, risk assessment, offensive and defensive drills and competitions, safety construction rectification, safety protection platform construction, password protection system construction, operation and maintenance, education and training. The network security budget of new information projects shall not be less than 5% of the total project budget.
Thirty-first medical and health institutions should further improve the network security assessment system, clarify the assessment indicators, and organize the assessment. Encourage qualified medical and health institutions to link assessment with performance.