With the development and the massive utilization, the security of hospital information systems are increasingly regarded as a vital issue. The paper depictes how to enhance the security ability from two aspects: system and application level, including hardware equipment security, antivirus technology,client computer system recovery, data storage safety, database authority control, data encryption and three-level security management measure, etc.