Legal Protection of Patient Privacy Rights in the Use of Electronic Medical Records in Indonesian Hospitals

Febriyani Masdar; Rukyyah Assam

doi:10.37899/mjdpp.v3i1.337

Authors

Febriyani Masdar Faculty of Law, Universitas YARSI, Central Jakarta, Indonesia
Rukyyah Assam Faculty of Law, Universitas YARSI, Central Jakarta, Indonesia

DOI:

https://doi.org/10.37899/mjdpp.v3i1.337

Keywords:

Patient Privacy Rights, Electronic Medical Records, Health Law Personal Data Protection, Hospital Regulation

Abstract

The rapid adoption of electronic medical records in Indonesian hospitals has transformed healthcare delivery while simultaneously raising significant concerns regarding the protection of patient privacy rights. This study aims to analyze the adequacy of the legal framework governing patient privacy in the context of electronic medical records and to assess whether existing regulations provide effective and enforceable protection. The study employs normative legal research through statutory, conceptual, and analytical approaches to examine health law and personal data protection regulations relevant to digital medical records. The findings indicate that Indonesian law formally recognizes patient privacy as a fundamental legal and ethical principle. Nevertheless, regulatory provisions remain largely general and were originally designed for paper based medical records, resulting in limited applicability to digital systems. The lack of harmonization between health law and personal data protection law generates legal uncertainty, particularly regarding consent, data security standards, and the allocation of liability among healthcare institutions and technology providers. The study also finds that enforcement mechanisms tend to be reactive and institution centered, offering limited access to effective remedies for patients.

References

Alhasan, T. K. (2025). Managing legal risks in health information exchanges: A comprehensive approach to privacy, consent, and liability. Journal of Healthcare Risk Management, 44(4), 12-24. https://doi.org/10.1002/jhrm.70002

Alodhialah, A. M. (2025). Exploring the influence of organizational culture on evidence-based practice adoption among nurses in tertiary hospitals: a qualitative study. BMC nursing, 24(1), 1029. https://doi.org/10.1186/s12912-025-03647-z

AlSalamah, S. (2025). VCAC: A Blockchain-Based Virtual Care Access Control Model for Transforming Legacy Healthcare Information Systems and EMRs into Secure, Interoperable Patient-Centered Virtual Hospital Systems. Information, 16(11), 972. https://doi.org/10.3390/info16110972

Asha, N. B., Biswas, T. R., Yasmin, F., Shawn, A. A., & Rahman, S. (2024). Navigating security risks in large-scale data handling: a big data and MIS perspective. Letters in High Energy Physics, 12, 5347-5361.

Ayo-Farai, O., Ogundairo, O., Maduka, C. P., Okongwu, C. C., Babarinde, A. O., & Sodamade, O. T. (2023). Telemedicine in health care: a review of progress and challenges in Africa. Matrix Science Pharma, 7(4), 124-132. https://doi.org/10.4103/mtsp.mtsp_24_23

Batbaatar, E., Dorjdagva, J., Luvsannyam, A., Savino, M. M., & Amenta, P. (2017). Determinants of patient satisfaction A systematic review. Perspectives in Public Health, 137(2), 89–101. https://doi.org/10.1177/1757913916634136

Chowdhury, J., & Ravi, R. P. (2022). Healthcare accessibility in developing countries: A global healthcare challenge. J Clin Biomed Res, 4(152), 2-5. https://doi.org/10.47363/JCBR/2022(4)152

Davis, F. D. (1989). Perceived usefulness perceived ease of use and user acceptance of information technology. MIS Quarterly, 13(3), 319–340. https://doi.org/10.2307/249008

Dove, E. S. (2023). Confidentiality, public interest, and the human right to science: when can confidential information be used for the benefit of the wider community?. Journal of Law and the Biosciences, 10(1), lsad013. https://doi.org/10.1093/jlb/lsad013

Galvin, M., Heverin, M., Mac Domhnaill, É., Mcfarlane, R., Meldrum, D., Murray, D., ... & Hardiman, O. (2025). Challenges and solutions to complex data governance issues in cross-national, cross-sectoral, multidisciplinary real world health research: a descriptive overview. Amyotrophic Lateral Sclerosis and Frontotemporal Degeneration, 26(sup1), 1-7. https://doi.org/10.1080/21678421.2024.2428927

Hair, J. F., Hult, G. T. M., Ringle, C. M., & Sarstedt, M. (2019). A primer on partial least squares structural equation modeling (PLS SEM) (2nd ed.). Sage Publications.

Hallinger, P. (2019). Mapping knowledge production and dissemination in educational leadership and management 1960–2018. Educational Management Administration and Leadership, 47(3), 1–25. https://doi.org/10.1177/1741143218822778

Isibor, E. (2024). Regulation of healthcare data security: Legal obligations in a digital age. Available at SSRN 4957244.

Mubarak, F. (2026). Digital health literacy and the ethics of information access: a systematic review of global trends, equity challenges and policy responses. Journal of Information, Communication and Ethics in Society, 1-30. https://doi.org/10.1108/JICES-08-2025-0212

Ngesa, J. (2024). Tackling security and privacy challenges in the realm of big data analytics. World Journal of Advanced Research and Reviews, 21(2), 552-576. https://doi.org/10.30574/wjarr.2024.21.2.0429

Nguyen, T. H., Pham, Q. T., & Huynh, P. T. (2023). Factors influencing trust and security perceptions in mobile payment adoption. Journal of Information Security and Applications, 69, 103278. https://doi.org/10.1016/j.jisa.2022.103278

Norris, L. P. (2022). The Promise and Perils of Private Enforcement. Virginia Law Review, 108(7), 1483-1545.

Omotunde, H., & Ahmed, M. (2023). A comprehensive review of security measures in database systems: Assessing authentication, access control, and beyond. Mesopotamian Journal of CyberSecurity, 2023, 115-133. https://doi.org/10.58496/MJCSC/2023/016

Panahi, O. (2025). Secure IoT for healthcare. European Journal of Innovative Studies and Sustainability, 1(1), 17-23. https://doi.org/10.59324/ejiss.2025.1(1).%D1%85%D1%85

Partama, T. A., & Putra, M. D. (2025, November). NORMATIVE ANALYSIS OF PROFESSIONAL ETHICS AND LEGAL ACCOUNTABILITY OF HEALTH WORKERS IN THE IMPLEMENTATION OF INFORMED CONSENT. In INTERNATIONAL SEMINAR (Vol. 7, pp. 102-112). https://doi.org/10.36563/49sfwm12

Purwanta, C. S., & Setiawan, S. T. (2024). Behavioral intention toward digital payment adoption in emerging economies. Journal of Asian Business and Economic Studies, 31(1), 45–60. https://doi.org/10.1108/JABES-08-2023-0124

Razi, Q., Piyush, R., Chakrabarti, A., Singh, A., Hassija, V., & Chalapathi, G. S. S. (2025). Enhancing data privacy: A comprehensive survey of privacy-enabling technologies. IEEE Access. https://doi.org/10.1109/ACCESS.2025.3546618

Renuka, O., RadhaKrishnan, N., Priya, B. S., Jhansy, A., & Ezekiel, S. (2025). Data privacy and protection: Legal and ethical challenges. Emerging threats and countermeasures in cybersecurity, 433-465. https://doi.org/10.1002/9781394230600.ch19

Republik Indonesia. (2009). Undang Undang Republik Indonesia Nomor 36 Tahun 2009 tentang Kesehatan. Lembaran Negara Republik Indonesia Tahun 2009 Nomor 144.

Republik Indonesia. (2022). Undang Undang Republik Indonesia Nomor 27 Tahun 2022 tentang Perlindungan Data Pribadi. Lembaran Negara Republik Indonesia Tahun 2022 Nomor 196.

Santos, J., Cardoso, L., & Figueiredo, V. (2022). Trust security and user intention in mobile payment systems. Information Technology and People, 35(5), 1507–1529. https://doi.org/10.1108/ITP-09-2020-0653

Soelasih, Y., & Sumani. (2022). Trust and perceived usefulness in mobile wallet usage among urban consumers. Journal of Financial Services Marketing, 27(2), 128–141. https://doi.org/10.1057/s41264-021-00123-4

Venkatesh, V., & Davis, F. D. (2000). A theoretical extension of the technology acceptance model four longitudinal field studies. Management Science, 46(2), 186–204. https://doi.org/10.1287/mnsc.46.2.186.11926

World Health Organization. (2021). Ethics and governance of artificial intelligence for health. World Health Organization.

Zachariah, M., Sari, D. P., & Pratama, R. A. (2022). Extended technology acceptance model for mobile payment adoption in developing countries. International Journal of Innovation and Technology Management, 19(4), 2250021. https://doi.org/10.1142/S0219877022500213

Zolnierek, K. B. H., & DiMatteo, M. R. (2009). Physician communication and patient adherence to treatment A meta analysis. Medical Care, 47(8), 826–834. https://doi.org/10.1097/MLR.0b013e31819a5acc