Legal Protection of Patient Privacy Rights in the Use of Electronic Medical Records in Indonesian Hospitals

Febriyani Masdar; Rukyyah Assam

doi:10.37899/mjdpp.v3i1.337

Authors

Febriyani Masdar Faculty of Law, Universitas YARSI, Central Jakarta, Indonesia
Rukyyah Assam Faculty of Law, Universitas YARSI, Central Jakarta, Indonesia

DOI:

https://doi.org/10.37899/mjdpp.v3i1.337

Keywords:

Patient Privacy Rights, Electronic Medical Records, Health Law Personal Data Protection, Hospital Regulation

Abstract

The rapid integration of electronic medical records (EMRs) in Indonesian hospitals has improved health care services, but it has also brought up important concerns about privacy protection. This research seeks to assess the effectiveness of legal protection for patient privacy in EMRs by exploring the impact of regulatory awareness, institutional compliance, data governance, and technological measures. This study adopts a quantitative approach based on survey responses from health professionals and administrative personnel responsible for EMRs. Descriptive, reliability, and validity tests, correlation and multiple regression were applied to the data. The results show that all variables have a significant impact on the effectiveness of privacy protection, with data governance practices as the key variable, followed by institutional compliance and technological safeguards but a relatively insignificant effect of regulatory awareness. These findings suggest that the efficacy of legal protection depends on how regulatory principles are institutionalised and technologically implemented. The research suggests a disconnect between the normative and actual legal frameworks, pointing to the importance of holistic governance strategies that incorporate legal, institutional and technological considerations. The results add to the understanding of how to improve data protection in digital health care settings and offer policy insights on how to enhance patient privacy protection in the context of EMRs.

References

Aghaunor, C. T., Eshua, P., Obah, T., & Aromokeye, O. (2025). Data security strategies to avoid data breaches in modern information systems. World Journal of Advanced Research and Reviews, 25(01), 827-849. https://doi.org/10.30574/wjarr.2023.20.3.2515

Al Tamimi, S. (2025, August). Towards Beyond Technology: Reviewing Human Error (HE) as the Primary Reason of Cyber Security Breaches. In 2025 International Conference on Artificial Intelligence, Computer, Data Sciences and Applications (ACDSA) (pp. 1-6). IEEE. https://doi.org/10.1109/ACDSA65407.2025.11166279

Alexiadis, P., Shortall, T., Guerrero, A., & Nikolinakos, N. (2023). Coherence versus Fragmentation: Institutional Challenges to EU Digital Markets Regulation. Bus. L. Int'l, 24, 233.

Alhalalmeh, A., & Al-Tarawneh, A. (2025). The interplay between social norms and legal regulation: exploring the impact on individual behavior and society. In From Machine Learning to Artificial Intelligence: The Modern Machine Intelligence Approach for Financial and Economic Inclusion (pp. 1451-1462). Cham: Springer Nature Switzerland. https://doi.org/10.1007/978-3-031-74220-0_50

Anioke, S. C., & Atima, M. E. (2023). Public health governance models using process optimization and performance metrics for regulatory oversight. International Journal of Advanced Multidisciplinary Research and Studies, 3(6), 2534-2548. https://doi.org/10.62225/2583049X.2023.3.6.5491

Baines, R., Stevens, S., Austin, D., Anil, K., Bradwell, H., Cooper, L., ... & Leigh, S. (2024). Patient and public willingness to share personal health data for third-party or secondary uses: systematic review. Journal of medical Internet research, 26, e50421. https://doi.org/10.2196/50421

Boiral, O., Brotherton, M. C., & Talbot, D. (2024). What you see is what you get? Building confidence in ESG disclosures for sustainable finance through external assurance. Business Ethics, the Environment & Responsibility, 33(4), 617-632. https://doi.org/10.1111/beer.12630

Cumyn, A., Ménard, J. F., Barton, A., Dault, R., Lévesque, F., & Ethier, J. F. (2023). Patients’ and members of the public’s wishes regarding transparency in the context of secondary use of health data: scoping review. Journal of Medical Internet Research, 25(1), e45002. https://doi.org/10.2196/45002

Ddamba, A., Nsubuga, B., Kamabare, M., Abaho, E., Alinda, K., Arinaitwe, D., ... & Akello, H. (2025). Factors influencing the availability and use of electronic medical records systems in public health facilities in Uganda: a cross-sectional assessment. BMC Medical Informatics and Decision Making, 25(1), 372. https://doi.org/10.1186/s12911-025-03190-6

Di Fede, O., La Mantia, G., Cimino, M. G., & Campisi, G. (2023). Protection of patient data in digital Oral and general health care: A scoping review with respect to the current regulations. Oral, 3(2), 155-165. https://doi.org/10.3390/oral3020014

Duzha, A., Alexakis, E., Kyriazis, D., Sahi, L. F., & Kandi, M. A. (2023, August). From Data Governance by design to Data Governance as a Service: A transformative human-centric data governance framework. In Proceedings of the 2023 7th International Conference on Cloud and Big Data Computing (pp. 10-20). https://doi.org/10.1145/3616131.3616145

Evans, R., Hajli, N., & Nisar, T. M. (2023). Privacy‐Enhancing factors and consumer concerns: The moderating effects of the general data protection regulation. British Journal of Management, 34(4), 2075-2092. https://doi.org/10.1111/1467-8551.12685

Geber, S., Nguyen, M. H., & Büchi, M. (2024). Conflicting norms—how norms of disconnection and availability correlate with digital media use across generations. Social Science Computer Review, 42(3), 719-740. https://doi.org/10.1177/08944393231215457

Gulyamov, S., & Raimberdiyev, S. (2023). Personal data protection as a tool to fight cyber corruption. International Journal of Law and Policy, 1(7), 1-35. https://doi.org/10.59022/ijlp.119

He, Z. (2022). When data protection norms meet digital health technology: China's regulatory approaches to health data protection. Computer Law & Security Review, 47, 105758. https://doi.org/10.1016/j.clsr.2022.105758

Khadzhiradieva, S., Bezverkhniuk, B., Nazarenko, O., Bazyka, S., & Dotsenko, T. (2024). Personal data protection: Between human rights protection and national security. Social and Legal Studios, 3(7), 245-256. https://doi.org/10.32518/sals3.2024.245

Khatiwada, P., Yang, B., Lin, J. C., & Blobel, B. (2024). Patient-generated health data (PGHD): understanding, requirements, challenges, and existing techniques for data security and privacy. Journal of personalized medicine, 14(3), 282. https://doi.org/10.3390/jpm14030282

Labadie, C., & Legner, C. (2023). Building data management capabilities to address data protection regulations: Learnings from EU-GDPR. Journal of Information Technology, 38(1), 16-44. https://doi.org/10.1177/02683962221141456

Le Thi, T. (2025). Sustainable Clinical Legal Education: Models of Cooperation with Legal Organizations and Community Engagement. Journal of Legal and Political Education, 2(1), 37-59. https://doi.org/10.47305/jlpe.2025.1750

Marikyan, D., Papagiannidis, S., Rana, O. F., & Ranjan, R. (2024). General data protection regulation: a study on attitude and emotional empowerment. Behaviour & Information Technology, 43(14), 3561-3577. https://doi.org/10.1080/0144929X.2023.2285341

Mennella, C., Maniscalco, U., De Pietro, G., & Esposito, M. (2024). Ethical and regulatory challenges of AI technologies in healthcare: A narrative review. Heliyon, 10(4). https://doi.org/10.1016/j.heliyon.2024.e26297

Ogbodo, D. C., Awan, I. U., Cullen, A., & Zahrah, F. (2025). From regulation to reality: a framework to bridge the gap in digital health data protection. Electronics, 14(13), 2629. https://doi.org/10.3390/electronics14132629

Okyere Boadu, R., Wireko Adu, V., Okyere Boadu, K. A., Ibrahim, B., Akey, P., Amishadas Mensah, A., ... & Kumasenu Mensah, N. (2025). Examine frameworks policies and strategies for effective information governance in healthcare organizations. Plos one, 20(7), e0327496. https://doi.org/10.1371/journal.pone.0327496

Pimenta Rodrigues, G. A., Marques Serrano, A. L., Lopes Espiñeira Lemos, A. N., Canedo, E. D., Mendonça, F. L. L. D., de Oliveira Albuquerque, R., ... & García Villalba, L. J. (2024). Understanding data breach from a global perspective: Incident visualization and data protection law review. Data, 9(2), 27. https://doi.org/10.3390/data9020027

Pina, E., Ramos, J., Jorge, H., Váz, P., Silva, J., Wanzeller, C., ... & Martins, P. (2024). Data privacy and ethical considerations in database management. Journal of Cybersecurity and Privacy, 4(3), 494-517. https://doi.org/10.3390/jcp4030024

Renuka, O., RadhaKrishnan, N., Priya, B. S., Jhansy, A., & Ezekiel, S. (2025). Data privacy and protection: Legal and ethical challenges. Emerging threats and countermeasures in cybersecurity, 433-465. https://doi.org/10.1002/9781394230600.ch19

Saladdin, I. R., & Handayani, P. W. (2025). Information Technology Governance Implementation Challenges in Healthcare Facilities: A Systematic Literature Review. Sage Open, 15(4), 21582440251369322. https://doi.org/10.1177/21582440251369322

Saroha, S., & Patel, A. (2025). Balancing surgical innovation and risk: A narrative review of emerging technologies, regulation, and global access. Cureus, 17(7). https://doi.org/10.7759/cureus.87957

Savoska, S., Ristevski, B., Petreska, A., & Trajkovik, V. (2025). eHealth Data Security and Privacy. In Handbook on Smart Health (pp. 335-362). 1 Oliver's Yard, 55 City Road, London, EC1Y 1SP: SAGE Publications. https://doi.org/10.3233/shti251440

Sharma, P. (2025). Healthcare Data Governance Ecosystems: Balancing Privacy, Innovation, and Compliance in Real-World Evidence Platforms. IPHO-Journal of Advance Research in Science And Engineering, 3(12), 08-16. https://doi.org/10.5281/zenodo.17853218

Smith-Mitchell, T. (2025). The role of hospital information systems (HIS), electronic patient or medical records (EPR/EMR), electronic health records (EHR), and telehealth in enhancing healthcare services. Scientia. Technology, Science and Society, 2(8), 28-36. https://doi.org/10.59324/stss.2025.2(8).03

Srivastav, A. K., Das, P., & Srivastava, A. K. (2024). Data Management, Security, and Ethical Considerations. In Biotech and IoT: An Introduction Using Cloud-Driven Labs (pp. 133-149). Berkeley, CA: Apress. https://doi.org/10.1007/979-8-8688-0527-1

Suhag, D. (2024). Regulatory and ethical considerations. In Handbook of Biomaterials for Medical Applications, Volume 2: Applications (pp. 355-372). Singapore: Springer Nature Singapore. https://doi.org/10.1007/978-981-97-5906-4_11

Utami, E. W., Shaleh, C., Setyowati, E., Hermawan, H., Amir, H. T., Irtanto, I., & Prasetyo, A. (2025). Digitization of hospital administration and public service reform: integration of technology and humanistic values. Frontiers in Public Health, 13, 1743085. https://doi.org/10.3389/fpubh.2025.1743085

Väyrynen, K., Lanamäki, A., Laari‐Salmela, S., Iivari, N., & Kinnula, M. (2025). Unpacking the Regulatory Ambiguity Mechanism: Implications for Industry‐Level Digital Transformation. Information Systems Journal, 35(6), 1528-1564. https://doi.org/10.1111/isj.12595

Zandesh, Z. (2024). Privacy, security, and legal issues in the health cloud: structured review for taxonomy development. JMIR Formative Research, 8, e38372. https://doi.org/10.2196/38372

Zangana, H. M., Omar, M., & Al-Karaki, J. N. (2025). Regulatory Frameworks in Science, Technology, and Medical Innovation. In Navigating Law and Policy in STM Enterprises: Ethical Governance, Regulation, and Innovation Strategy (pp. 1-34). IGI Global Scientific Publishing. https://doi.org/10.4018/979-8-3373-4862-9.ch001