This research hopes to understand how different medical institutions differ in the safety management of information systems. It will explore the differences of information security between public and private hospitals, and the differences of information personnel in different units in the way of information security. So that the relevant staff to understand the improvement of information system, compared with other types of units how to deal with the same information security issues, as a reference for the development of information security policy. Through a questionnaire survey of the various medical institutions, this research based on ISO 27001 can determine the information security management system needs. It can be used as other related applications and explore a direction that can be followed in the various units of information system security to achieve a more perfect goal, Let information systems be able to perform effectively.