本文以居民电子健康档案信息安全的技术因子、管理因子、法律法规三个因素构成的信息安全防御水平为自变量,以信息安全风险为因变量构建研究模型。基于对相关人员的问卷调查为样本数据,对信息安全控制因素及信息安全风险之间的关系进行了实证研究。研究证实信息安全的三个防御因子可以有效地提高信息安全风险应对能力。 In this paper, the information security level of information technology composed of technical factors, management factors and laws and regulations of residents’ electronic health records is taken as the independent variable, and the information security risk is taken as the dependent variable to build a research model. Based on the questionnaire survey of relevant personnel as sample data, this paper conducts an empirical research on the relationship between information security control factors and information security risks. The research proves that the three defense factors of information security can effectively improve the information security risk coping ability.