In the past years, the public pays more and more attention to patient safety issues. In Taiwan, the Taiwan patient safety reporting system (TPR) developed by Taiwan Joint Commission on Hospital Accreditation (TJCHA) had begun to collect medical advert events from hospitals for years. However, the absence of a secure management system of medical adverse events in hospital has caused the threat to the safety of privacy of staffs and patients. Therefore, we design an information system for a hospital to manage the medical event security. In this thesis, we study on the security issues of medical events management and we propose two designs to meet the security requirement of a such system: role-based access control (RBAC) and de-identification. In the investigation of medical events, the hospitals will place importance on Root Cause Analysis (RCA) tasks. Quality management team in hospital performs root cause analysis when a serious adverse event is happened, this adverse event may let a patient die or unrecoverable harm, and related person may be accused. These RCA reports are the highest class confidentiality, all the original detail information about related person, issue, and position cannot be known by other people. To restrict RCA information accessing, we need to consider higher security conception. It is not enough that just setting the admission for users or encrypting information in database, We propose an idea of information security that the RCA platform will replace all key words automatically. The data cannot be copied manually, and cannot be saved as a portable data file. These functions ensure the security of RCA information database .