The paper, by taking Beijing Tongren Hospital, Capital Medical University as an example, introduces the project implementation process of building hospital information security system on the basis of level-3 rank protection standard, including investigation and survey, preparation of proposal and work schedule, implementation, measurement and project evaluation of level-3 rank protection. It also elaborates on technical highlights of the project and the next steps in the process, points out that the project can facilitate the improvement of overall information security management of the hospital.