Juridical Review of Legal Protection Against Patient Medical Record Data Leaks in Hospitals

Authors

  • Septiana Megaria Department of Law, Faculty of Law, Universitas Islam Nusantara, Bandung, Indonesia
  • Yana Chaeru Taufik Ismail Department of Law, Faculty of Law, Universitas Islam Nusantara, Bandung, Indonesia

DOI:

https://doi.org/10.54518/rh.6.3.2026.1153

Keywords:

Data Breach, Hospital, Legal Protection, Medical Privacy, Patient Data

Abstract

The rapid growth of information technology in the healthcare sector has increased the risk of patient data breaches, making legal protection increasingly important in Indonesia, where weaknesses in hospital data security systems remain evident. This study analyzes legal protections for patient data and evaluates the effectiveness of their implementation. A normative juridical literature review method was used, involving systematic analysis of books, scientific articles, research reports, and relevant legal documents. The findings show that patient data protection is normatively regulated under Law Number 44 of 2009 on Hospitals, Law Number 17 of 2023 on Health, and Law Number 27 of 2022 on Personal Data Protection. These laws emphasize hospitals’ obligations to maintain patient confidentiality and restrict data access and use based on explicit consent. However, in practice, a significant gap remains between legal provisions and implementation. Weak data security infrastructure, limited awareness among healthcare personnel, and suboptimal law enforcement contribute to ongoing vulnerabilities. In conclusion, although the legal framework for patient data protection is well established, its effectiveness is still constrained by implementation challenges. Strengthening supervision, improving enforcement, and enhancing human resource capacity are essential to ensure more effective protection of patient data in Indonesia.

Downloads

Download data is not yet available.

References

Alifia, J., Benny, D., & Maman, S. (2024). Tanggung jawab notaris dalam perlindungan data pribadi klien berdasarkan UU No. 27 Tahun 2022 tentang perlindungan data pribadi. Jurnal Ilmu Hukum, Humaniora dan Politik, 5(1), 653–662. https://doi.org/10.38035/jihhp.v5i1.3204.

Alsubaei, F. S. (2020). Security assessment framework for the Internet of medical things solutions. Memphis: The University of Memphis.

Ayaad, O., Alloubani, A., Alhajaa, E. A., Farhan, M., Abuseif, S., Al Hroub, A., & Akhu-Zaheya, L. (2019). The role of electronic medical records in improving the quality of health care services: Comparative study. International Journal of Medical Informatics, 127(9), 63–67. https://doi.org/10.1016/j.ijmedinf.2019.04.014.

Barbieri, C., Neri, L., Stuard, S., Mari, F., & Martín-Guerrero, J. D. (2023). From electronic health records to clinical management systems: How the digital transformation can support healthcare services. Clinical Kidney Journal, 16(11), 1878–1884. https://doi.org/10.1093/ckj/sfad168.

Binns, R. (2017). Data protection impact assessments: A meta-regulatory approach. International Data Privacy Law, 7(1), 22–35. https://doi.org/10.1093/idpl/ipw027.

Bintarawati, F. (2024). The influence of the personal data protection law (UU PDP) on law enforcement in the digital era. Anayasa: Journal of Legal Studies, 1(2), 135–143. https://doi.org/10.61397/ays.v1i2.92.

Dove, E. S. (Ed.). (2024). Confidentiality, privacy, and data protection in biomedicine: International concepts and issues. Oxfordshire: Taylor & Francis.

Efendi, J., Ibrahim, J., & Rijadi, P. (2016). Metode penelitian hukum: Normatif dan empiris. Jakarta: Prenada Media Group.

Hidayat, N., Subekti, S., Astutik, S., & Widodo, E. (2025). Penegakan hukum terhadap penyalahgunaan data pribadi pengguna e-commerce menurut Undang-Undang Nomor 27 Tahun 2022 tentang perlindungan data pribadi. Journal of Innovation Research and Knowledge, 5(2), 1221–1230.

Ikawati, F. R., & Haris, M. S. (2024). Challenges in implementing digital medical records in Indonesian hospitals: Perspectives on technology, regulation, and data security. In Proceedings of the International Conference of Innovation Science, Technology, Education, Children and Health (Vol. 4, No. 2, pp. 1–25). Malang: Institute Technology of Science and Health Dr. Soepraoen Hospital.

Jaime, F. J., Muñoz, A., Rodríguez-Gómez, F., & Jerez-Calero, A. (2023). Strengthening privacy and data security in biomedical microelectromechanical systems by IoT communication security and protection in smart healthcare. Sensors, 23(21), 8944-8960. https://doi.org/10.3390/s23218944.

Judijanto, L., Solapari, N., & Putra, I. (2024). An analysis of the gap between data protection regulations and privacy rights implementation in Indonesia. The Eastasouth Journal of Law and Human Rights, 3(1), 20–29. https://doi.org/10.58812/eslhr.v3i01.351.

Kharisma, D. B., & Diakanza, A. (2024). Patient personal data protection: comparing the health-care regulations in Indonesia, Singapore and the European Union. International Journal of Human Rights in Healthcare, 17(2), 157-169. https://doi.org/10.1108/IJHRH-04-2022-0035.

Lakoro, D. D. K., & Jamaludin, A. (2025). Legal responsibility of health professionals in protecting patient data. Research Horizon, 5(3), 869–878. https://doi.org/10.54518/rh.5.3.2025.657.

McClelland, R., & Harper, C. M. (2022). Information privacy in healthcare the vital role of informed consent. European Journal of Health Law, 30(4), 469–480. https://doi.org/10.1163/15718093-bja10097.

Nasir, A. F., & Pranoto, E. (2025). Analisis hukum terhadap pelaksanaan perlindungan data pribadi pasien dalam sistem rekam medis elektronik. Fiat Iustitia: Jurnal Hukum, 1(1), 94–104. https://ejournal.ust.ac.id/index.php/FIAT/article/view/5490.

Nugraha, L. A., Zamroni, M., & Romadhon, A. H. (2026). Perlindungan data pribadi pasien atas penggunaan data rekam medis. Al-Zayn: Jurnal Ilmu Sosial & Hukum, 4(2), 2901–2919. https://doi.org/10.61104/alz.v4i2.4726.

Ogbodo, D. C., Awan, I. U., Cullen, A., & Zahrah, F. (2025). From regulation to reality: A framework to bridge the gap in digital health data protection. Electronics, 14(13), 2629-2640. https://doi.org/10.3390/electronics14132629.

Prajany, J. J., Silitonga, L., & Sapsudin, A. (2025). Regulation of ethical aspects of electronic medical records in Indonesia’s positive law and implementation in hospitals. Research Horizon, 5(4), 1477–1488. https://doi.org/10.54518/rh.5.4.2025.706.

Putra, N. I. K. U., Kuswardhani, T., & Purwani, S. P. M. (2024). Analysis of patient rights protection through medical record confidentiality and information disclosure system in Indonesian hospitals. Journal La Sociale, 5(2), 539–549.

Rahmawati, N. A. (2022). Kebijakan-kebijakan pemerintah di masa pandemi dalam perspektif hukum kesehatan. Jurnal Hukum, Politik dan Ilmu Sosial, 1(1), 43–57. https://doi.org/10.55606/jhpis.v1i1.1708.

Satwiko, B. S. (2021). Privacy and data protection: Indonesian legal framework. Corporate and Trade Law Review, 1(2), 106–108.

Sidiq, M. A. (2025). Perlindungan hukum terhadap rumah sakit atas kebocoran data rekam medik elektronik yang dilakukan oleh peretas. Akademik: Jurnal Mahasiswa Humanis, 5(2), 605–620. https://doi.org/10.37481/jmh.v5i2.1336.

Supriyanto, Rahardjo, T. M. S., Sumiyati, Noerdjaja, H., Pambudi, G. E., & Prabowo, M. S. (2025). Consumer protection legal frameworks in Indonesia: The challenges of e-commerce and data privacy. Research Horizon, 5(2), 119- 128. https://doi.org/10.54518/rh.5.2.2025.491.

Syailendra, M. R., Lie, G., & Sudiro, A. (2024). Personal data protection law in Indonesia: Challenges and opportunities. Indonesia Law Review, 14(4), 175–190.

Takaryanto, D., & Lany, A. (2025). Legal protection of personal data in the exchange of electronic medical record in healthcare services. Research Horizon, 5(6), 2817–2830. https://doi.org/10.54518/rh.5.6.2025.897.

Temirkanova, D., Nakisheva, M., Akimzhanov, Y., Karzhassova, G., & Khanov, T. (2025). International legal regulation of access to health information and the right to privacy. Jurídicas CUC, 21(1), 173–187. https://doi.org/10.17981/juridcuc.21.1.2025.09.

Varkey, B. (2021). Principles of clinical ethics and their application to practice. Medical Principles and Practice, 30(1), 17–28.https://doi.org/10.1159/000509119.

Vemou, K., & Karyda, M. (2020). Evaluating privacy impact assessment methods: Guidelines and best practice. Information & Computer Security, 28(1), 35–53. https://doi.org/10.1108/ICS-04-2019-0047.

Wulandari, F. P., & Ilmih, A. A. (2024). Perlindungan data pribadi dalam kejahatan transnasional lintas-negara. Aladalah: Jurnal Politik, Sosial, Hukum dan Humaniora, 2(4), 8–15. https://doi.org/10.59246/aladalah.v2i4.925.

Downloads

Published

2026-06-26

How to Cite

Megaria, S., & Ismail, Y. C. T. (2026). Juridical Review of Legal Protection Against Patient Medical Record Data Leaks in Hospitals. Research Horizon, 6(3), 1225–1236. https://doi.org/10.54518/rh.6.3.2026.1153

Issue

Vol. 6 No. 3 (2026): Research Horizon - Juni 2026

Section

Articles

Categories

License

Copyright (c) 2026 Septiana Megaria, Yana Chaeru Taufik Ismail

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Similar Articles

<< < 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 > >> 

You may also start an advanced similarity search for this article.