Analysis of Patient Data Security and Privacy in Electronic Medical Record Systems in Hospital X

Authors

  • Sali Setiatin Politeknik Piksi Ganesha, Bandung, Indonesia
  • Ervien Agus Jakaria Politeknik Piksi Ganesha, Bandung, Indonesia
  • Nadia Rizki Pratami Politeknik Piksi Ganesha, Bandung, Indonesia

DOI:

https://doi.org/10.38035/ijphs.v3i3.1275

Keywords:

Electronic Medical Record, information security, data privacy, systems

Abstract

The development of digital technology has had a significant impact on the world of healthcare, especially in terms of patient data management, which is now turning to Electronic Medical Records (RME). RME is expected to be a mainstay solution to improve efficiency, accuracy, and ease of access to patient data between various health facilities. In Indonesia, the One Health Data initiative from the Ministry of Health plays a crucial role in this data integration process. However, the digitization of health information also raises new problems, especially related to the protection of sensitive patient personal data. This study aims to review the extent to which security and privacy aspects have been implemented in the RME system, particularly in Hospital X. This research uses a qualitative approach through observation, in- depth interviews, and document studies. The results of the study revealed that although the RME system is equipped with a simple authentication system using usernames and passwords, the security practices implemented are still less than optimal. There is still a lack of weak password use, a reluctance to change passwords periodically, and the absence of a special Standard Operating Procedure (SOP) that regulates the security and confidentiality of patient data. In addition, user awareness of the importance of protecting data is also still relatively low. These findings show that the successful implementation of RME does not only depend on the availability of technology, but also requires strengthening administrative policies and increasing understanding of cybersecurity among medical personnel. Therefore, a comprehensive strategy is needed to ensure the protection of patient data on an ongoing basis.

References

Asgiani, P., Suryawati, C., & Agushybana, F. (2022). A literature review: Security aspects in the implementation of electronic medical records in hospitals. Media Ilmu Kesehatan, 10(2), 161–166.

Efri, T. A., Sabran, & Nurjanah, L. (2024). Analisis aspek keamanan data pasien dalam implementasi rekam medis elektronik di Rumah Sakit X. Rammik: Jurnal Rekam Medik dan Manajemen Informasi Kesehatan, 3(2), 18–30.

Fauzi, M. R., Fauzia, R. M., & Setiatin, S. (2021). Kerahasiaan dan Keamanan Rekam Medis di Rumah Sakit Hermina Arca Manik. Politeknik Piksi Ganesha, Bandung, Cendekia: Jurnal Ilmiah Indonesia, 9(1), 1161–1169.

International Organization for Standardization. (2013). ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements. Geneva: ISO.

Kementerian Kesehatan Republik Indonesia. (2017). Peraturan Menteri Kesehatan Republik Indonesia Nomor 11 Tahun 2017 tentang Keselamatan Pasien Rumah Sakit. Jakarta: Kemenkes RI.

Kementerian Kesehatan Republik Indonesia. (2022). Peraturan Menteri Kesehatan Republik Indonesia Nomor 24 Tahun 2022 tentang Rekam Medis Elektronik. Jakarta: Kemenkes RI.

Mandey, A. W. (2025). Legal analysis of patient privacy violation in electronic medical records and its implications for health data protection in Indonesia. Jurnal Multidisiplin Sahombu, 5(2), 589–594.

Maulani, A. N., Ridwan, A. N., Hidayati, M., & Susanto, A. (2021). Analisis Pengimplementasian Pendistribusian Berkas Rekam Medis Pasien Rawat Jalan Di Rumah Sakit X Bandung. Jurnal Ilmiah Perekam dan Informasi Kesehatan Imelda (JIPIKI), 6(2), 174–182.

Putri, S., & Gunawan, E. (2022). Pelaksanaan Retensi Pada Masa Peralihan Rekam Medis Manual Ke Rekam Medis Elektronik (RME) Di Klinik Utama Cahaya Qalbu. Media Bina Ilmiah, 16(11), 7687–7696.

Republik Indonesia. (2008). Undang-Undang Nomor 11 Tahun 2008 tentang Informasi dan Transaksi Elektronik (ITE). Jakarta: Kementerian Komunikasi dan Informatika.

Republik Indonesia. (2022). Undang-Undang Nomor 27 Tahun 2022 tentang Perlindungan Data Pribadi. Jakarta: Kementerian Komunikasi dan Informatika.

Santhi, N. N. P. P. (2025). Patient data privacy challenges in electronic health systems: A juridical analysis of medical information protection in Indonesia. West Science Law and Human Rights, 3(1), 1–8.

Wijayanti, D., Ujianto, E. I. H., & Rianto, R. (2024). Uncovering security vulnerabilities in electronic medical record systems: A comprehensive review of threats and recommendations for enhancement. JITEKI (Jurnal Ilmiah Teknik Elektro dan Komputer Indonesia), 10(1).

Yunengsih, Y. (2025). Analisis Dampak Keamanan Data Pasien Pada Sistem Rekam Medis Elektronik Di Rumah Sakit X. Journal of Medical Record Student (JMeRS), 3(1), 83–88.

Downloads

Published

2025-09-25

Issue

Vol. 3 No. 3 (2025): International Journal of Psychology and Health Science (July - September 2025)

Section

Articles

License

Copyright (c) 2025 Sali Setiatin, Ervien Agus Jakaria, Nadia Rizki Pratami

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors who publish their manuscripts in this journal agree to the following conditions:

  1. The copyright on each article belongs to the author(s).
  2. The author acknowledges that the International Journal of  Psycology and  Healt Science (IJPHS) has the right to be the first to publish with a Creative Commons Attribution 4.0 International license (Attribution 4.0 International (CC BY 4.0).
  3. Authors can submit articles separately, arrange for the non-exclusive distribution of manuscripts that have been published in this journal into other versions (e.g., sent to the author's institutional repository, publication into books, etc.), by acknowledging that the manuscript has been published for the first time in the IJPHS.