In recent years, in addition to face various competition, medical institutions have to adapt the National Health Insurance system change. Hospitals need to face great challenges and impacts in management. In order to improve the quality of medical services and simplify the medical processes, medical institutions must be strengthened through information technology to enhance the competitiveness of the organization. The implementation of electronic medical records is the government's policy, and it is also the goal of medical institutions to promote information technology. In addition to use information technology to construct information security mechanisms, medical institutions must to explore how to increase management performance by way of information security management. The purpose of this study is to explore that a hospital deploying Information Security Management System how to construct key performance indicators based on Balanced Scorecard concept. According to the results of literature review, this study collect the information security indicators which affect hospital's management performance. This study used expert interviews method to interview eight experts of information security management and performance management. The Knowledge areas of these experts include medical information, academia, and information security management. According to the results of expert interviews, we obtain 54 information security indicators which are categorized to four dimensions of Balanced Scorecard. And then, we used questionnaire survey to collect data from hospital staff, and used factor analysis to obtain nine policy themes from 50 key performance indicators based on Balanced Scorecard concept. After that we used multiple regression analysis to find out pathways and construct information security strategy map. The findings of this study would provide an important reference for medical institutions in their future practices of the implementation of information security performance indicators.