Legal Protection of Personal Data in the Exchange of Electronic Medical Record in Healthcare Services
DOI:
https://doi.org/10.54518/rh.5.6.2025.897Keywords:
Electronic Medical Records, Data Confidentiality, Health Law, Personal Data ProtectionAbstract
Digital transformation in Indonesia’s health sector has fundamentally changed the way patient information is collected, stored, and managed through Electronic Medical Records (EMR). This study aims to (1) map the active legal basis governing the confidentiality of EMRs in Indonesia; (2) identify normative and practical gaps in its implementation; (3) propose auditable technical and governance standards for healthcare facilities and system providers; and (4) outline procedural and judicial mechanisms for resolving health data breach disputes. Using a normative legal approach, this study analyzes the constitutional, legislative, and regulatory legal framework, such as Law Number 17 of 2023 concerning Health, Law Number 27 of 2022 concerning Personal Data Protection, Law Number 1 of 2024 concerning Electronic Information and Transactions, Government Regulation Number 71 of 2019, and Minister of Health Regulation Number 24 of 2022. The results of the study show overlapping authorities, weak institutional coordination, and the absence of procedural standards related to the verification of RME in court. The study’s findings reveal that EMR confidentiality protection in Indonesia is weak not due to a lack of legal regulations, but due to inadequate technical readiness and governance for its implementation.
Downloads
References
Akhmad, T. R., Pranadita, N., & Machmud, S. (2024). Legal protection of patients from leakage of electronic medical records data is reviewed from Law Number 27 of 2022 Concerning Personal Data Protection and Law Number 17 of 2023 Concerning Health. International Journal of Asia Pasific Collaboration, 2(3), 45–56.
Alhomidan, Z. S., Albaqami, N. M., Alshehri, A. A., Aldubaib, A. A., Alsuwailem, A. B., & Al Ghadam, K. F. (2025). Confidentiality in the era of electronic health records: Ethical challenges and solutions. International Journal of Community Medicine and Public Health, 12(4), 670–682.
Amir, N. (2019). Legal protection of patient data confidentiality electronic medical records. SOEPRA Jurnal Hukum Kesehatan, 5(2), 198–208.
Anwar, T. M., Tambun, J. G., & Jaeni, A. (2025). Juridical analysis of the misuse of electronic medical records in the perspective of the electronic information and transaction law. Pranata Hukum, 20(1), 26–36.
Basani, C. S. (2023). Legal protection of patient’s electronic medical record: Indonesian legal perspective. Dialogia Iuridica, 15(1), 94–112.
Califano, L. (2018). The electronic health record (EHR): Legal framework and issues about personal data protection. Pharmaceuticals Policy and Law, 19(3–4), 141–159.
Day, S. A. S., & Subekti, R. (2024). Pertanggungjawaban penyedia sistem rekam medis elektronik dari partner system terhadap kebocoran data. Demokrasi: Jurnal Riset Ilmu Hukum, Sosial dan Politik, 1(3), 92–101.
Enaizan, O., Zaidan, A. A., Alwi, N. M., Zaidan, B. B., Alsalem, M. A., Albahri, O. S., & Albahri, A. S. (2020). Electronic medical record systems: Decision support examination framework for individual, security and privacy concerns using multi-perspective analysis. Health and Technology, 10(3), 795–822.
Ettaloui, N., Arezki, S., & Gadi, T. (2023). An overview of blockchain-based electronic health records and compliance with GDPR and HIPAA. Data and Metadata, 2(1), 166-178.
Hutabarat, D. T. H., Zebua, R., Sitorus, R. A., Subakti, F. A., Ramadhani, H., Mangunsong, J., ... & Sahdan, P. (2022). The urgency of legal protection against the implementation of electronic information technology-based medical records in regulation of the minister of health of the republic of Indonesia number 269 of 2008. Journal of Humanities Social Sciences and Business, 1(4), 59–68.
Jakarta State Administrative Court. (2020). State administrative court decision (Decision No. 140/G/TF/2020/PTUN.JKT).
Kemalasari, N. P. Y., & Putra, I. P. H. S. (2023). Protection of medical record data as a form of legal protection of health data through the Personal Data Protection Act. Journal of Digital Law and Policy, 2(3), 111–118.
Khozaimi, A., Putro, S. S., & Yaqin, A. (2021). Improve the performance and security of medical records using fingerprint and advance encryption standart. In Proceedings of International Conference on Health Informatics, Medical, Biological Engineering, and Pharmaceutical (pp. 285–290). Setúbal: Scitepress.
Komalasari, R., & Mustafa, C. (2023). Electronic evidence in the healthy justice system: Reimagined. Jurnal Hukum dan Peradilan, 12(3), 547–580.
Larasati, T., Fardiansyah, A. I., Saketi, D., & Dewiarti, A. N. (2024). The ethical and legal aspects of health policy on electronic medical records in Indonesia. Cepalo, 8(2), 103–112.
Manurung, K. H., & Harefa, B. (2024). The validity of electronic evidence and its relation to personal data protection. Jurnal Daulat Hukum, 7(4), 455–472.
Mendelson, D. (2017). Legal protections for personal health information in the age of Big Data—A proposal for regulatory framework. Ethics, Medicine and Public Health, 3(1), 37–55.
Mulyadi, D., Danil, E., Chandrawila, W., & Warman, K. (2020). Medical negligence dispute settlement in Indonesia. Indian Journal of Forensic Medicine & Toxicology, 14(4), 7890–7897.
Neame, R. L. (2014). Privacy protection in personal health information and shared care records. Journal of Innovation in Health Informatics, 21(2), 84–91.
Negara, T. A. S. (2023). Normative legal research in Indonesia: Its origins and approaches. Audito Comparative Law Journal (ACLJ), 4(1), 1–9.
Novianti, & Bakhtiar, H. S. (2024). Implementation of electronic medical record system in Indonesia viewed from the perspective of legal certainty. International Journal of Engineering Business and Social Science, 2(4), 1114–1122.
Rizki, P. R., Arawinda, S. H., & Widhanarti, H. (2024). Juridical analysis on infringement against patients’ electronic medical records at telemedicine services based on Indonesian regulation. International Journal of Multidisciplinary Research and Analysis, 7(12), 42–61.
Santoso, A. P. A., Soraes, D., Gegen, G., & Astuti, O. A. S. (2024). Ethics and law of using blockchain technology for electronic health records in Indonesia. In Proceeding of International Conference on Science, Health, and Technology (pp. 97–104).
Shingari, N., & Mago, B. (2024). The importance of data encryption in ensuring the confidentiality and security of financial records of medical health. 2024 IEEE International Conference on Interdisciplinary Approaches in Technology and Management for Social Innovation (IATMSI) (Vol. 2, pp. 1–6). New York: IEEE.
Simon, M., & Looten, V. (2020). Description of data breaches notifications in France and lessons learned for the healthcare stakeholders. In Integrated citizen centered digital health and social care (pp. 192–196). Amsterdam: IOS Press.
Sukesti, I., Sutrisno, E., & Indraswari, S. P. (2024). Legal study of electronic medical records for the protection of patient rights. Hermeneutika: Jurnal Ilmu Hukum, 8(2), 223–233.
Sundari, E., & Retnowati, A. (2023). The limits access of medical records in Indonesia and a broader propose to support patients in malpractice claims. Journal of Law and Sustainable Development, 11(12), 26-36.
Szalados, J. E. (2021). Medical records and confidentiality: Evolving liability issues inherent in the electronic health record, HIPAA, and cybersecurity. In The medical-legal aspects of acute care medicine: A resource for clinicians, administrators, and risk managers (pp. 315–342). Springer International Publishing.
Tangerang District Court. (2021). Civil case decision (Decision No. 1324/Pdt.G/2021/PN Tng).
Van der Haak, M., Wolff, A. C., Brandner, R., Drings, P., Wannenmacher, M., & Wetter, T. (2003). Data security and protection in cross-institutional electronic patient records. International Journal of Medical Informatics, 70(2–3), 117–130.
Yanto, O., Putri, K. A. R., & Prananingrum, D. H. (2025). Rekam medis elektronik berbasis cloud computing: Pertanggungjawaban hukum akibat kebocoran data pasien. Widya Yuridika: Jurnal Hukum, 8(1), 20–32.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Author(s)
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
