The paper elaborates on the multiple aspects that shall be focused on in the security practice of Hospital Information System(HIS), including environment of the plant room, security of the network and the server, anti-disaster backup, terminal management, virus protection and the information system security management regulations, and puts forward suggestions on the specific measures.