A survey on ＂Hospital Response to the Personal Information Protection Act＂ conducted by Taiwan Hospital Association shows that only 4.73% of the surveyed hospitals have implemented measures to comply with the Act. Those which have not complied with the Act were mainly constrained by unfamiliarity with the law (72.78%) and lack of awareness of personal information protection among employees (70.41%). In line with the government's promotion of e-government services, Bureau of National Health Insurance has implemented numerous measures, including use of Health Insurance IC Card, electronic medical history exchange, training of seed hospital specialists in charge of information security, and certification of ISO 27001:2005. As of Feb 8, 2013, 93 hospitals islandwide have passed the certification. Based on ISMS:ISO 27001:2005, this study first obtained key criteria in ISO 27001 (133 items in total) and ISO 27799:2008 established to specifically regulate health informatics. this study applie d P-D-C-A cycle and PLSE Model introduced by Dr. I-Long Lin to build key tasks of personal information protection for nursing institutions.