The paper analyzes the risks of hospital information system in terms of system planning, development and use, computer lab management, network management, system resources, information security, etc. with the practice of West China Hospital, Sichuan University, explores the corresponding internal control principles of public hospitals from the perspective of risk prevention and control, elaborates on the internal control activities of hospital information system, to improve the abilities of hospital information management and help the development of hospitals.