Evaluation of Data Security and Patient Confidentiality in the Electronic Medical Record System at Santosa Hospital Bandung Central

Authors

  • Ogi Permana Politeknik Piksi Ganesha, Bandung, Indonesia
  • Yayang Ayu Nuraeni Politeknik Piksi Ganesha, Bandung, Indonesia

DOI:

https://doi.org/10.38035/dhps.v3i1.2805

Keywords:

Information Security, Electronic Medical Records, ISO/IEC 27001, Data Confidentiality, Gap Analysis

Abstract

This study evaluates the information security level of the Electronic Medical Record (EMR) system at Santosa Hospital Bandung Central using a gap analysis based on the ISO/IEC 27001 standard. The study addresses the growing need for robust patient data protection in the digital healthcare era, particularly in the face of increasing risks of data breaches and cyberattacks. A mixed-method case study design was employed, incorporating in-depth interviews, direct observations, and quantitative assessment using the ISO 27001 checklist. The findings show that several security aspects—such as confidentiality, integrity, and availability—are adequately implemented, although weaknesses remain in access control, multi-factor authentication, and documentation of information security policies. Overall, the hospital’s compliance level with ISO 27001 falls into the “adequate” category, indicating a need for stronger policies, enhanced security technologies, and regular security audits. The study is expected to support the hospital in strengthening its information governance and improving patient data protection.

References

Aprilia, C. S., & Rahmasari, G. (2022). Application users’ experiences on the Santosa features of Bandung patients during the Covid-19 pandemic. Kanal: Jurnal Ilmu Komunikasi, 10(2), 39–44. https://doi.org/10.21070/kanal.v10i1.1580

DeLone, W. H., & McLean, E. R. (2003). The DeLone and McLean model of information systems success: A ten-year update. Journal of Management Information Systems, 19(4), 9–30.

Hasanah, U., & Rachmawati, I. (2023). Analisis keamanan data rekam medis elektronik dengan pendekatan ISO/IEC 27001 pada rumah sakit X di Jawa Barat. Jurnal Rekam Medik dan Informasi Kesehatan, 15(2), 101–112.

International Organization for Standardization. (2013). ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements. ISO.

Keshta, I., & Odeh, A. (2021). Security and privacy of electronic health records: Concerns and challenges. Egyptian Informatics Journal, 22(2), 177–183. https://doi.org/10.1016/j.eij.2020.07.003

Kementerian Kesehatan Republik Indonesia. (2022). Peraturan Menteri Kesehatan Republik Indonesia Nomor 24 Tahun 2022 tentang Rekam Medis.

Lee, C., Jung, H., & Kim, Y. (2023). Cybersecurity challenges and strategies for electronic health records under GDPR. Health Information Science and Systems, 11(1), 23–34. https://doi.org/10.1007/s13755-023-00206-1

Nugraha, D., Sari, R., & Wibowo, A. (2024). Digital health apps and patient satisfaction: A case study in Indonesian hospitals. Jurnal Administrasi Kesehatan, 12(1), 15–25.

Putri, A., & Santoso, H. (2023). The impact of mobile health applications on patient satisfaction in outpatient services. Indonesian Journal of Health Information, 5(2), 88–96.

Rani, D. M., & Widyaningrum, B. N. (2025). Evaluasi keamanan informasi sistem rekam medis elektronik: Studi kasus rumah sakit di Jawa Tengah. Jurnal Manajemen Informasi Kesehatan Indonesia, 10(1), 45–56.

Santosa, I. V., Pratama, R., & Lestari, N. (2024). Analisis implementasi sistem informasi manajemen rumah sakit berbasis digital. Jurnal Inspirasi Mengabdi Untuk Negeri, 3(1), 77–85.

Sari, P., & Nugroho, W. (2023). Perlindungan hukum terhadap kerahasiaan data pasien dalam penerapan rekam medis elektronik di Indonesia. Jurnal Hukum dan Kesehatan, 9(1), 55–68.

Setiawan, A., & Marlina, R. (2022). Strategi penerapan keamanan informasi pada rekam medis elektronik berbasis cloud di rumah sakit daerah. Jurnal Teknologi Informasi Kesehatan, 8(2), 88–96.

Triplett, W. (2024). Exploring and mitigating cybersecurity challenges in electronic health records. Cybersecurity and Innovative Technology Journal, 2(1), 12–27. https://doi.org/10.5555/citj.2024.012

Ventola, C. L. (2014). Mobile devices and apps for health care professionals: Uses and benefits. P & T, 39(5), 356–364.

World Health Organization. (2021). Global strategy on digital health 2020–2025. https://apps.who.int/iris/handle/10665/344249

Wulandari, R., Sari, P., & Nugraha, D. (2022). Digital health application and its impact on patient queue reduction. Jurnal Kesehatan Masyarakat, 18(3), 220–229. https://doi.org/10.15294/kemas.v18i3.34567

Downloads

Published

2025-09-30

How to Cite

Permana, O., & Ayu Nuraeni, Y. (2025). Evaluation of Data Security and Patient Confidentiality in the Electronic Medical Record System at Santosa Hospital Bandung Central. Dinasti Health and Pharmacy Science, 3(1), 34–40. https://doi.org/10.38035/dhps.v3i1.2805

Issue

Vol. 3 No. 1 (2025): Dinasti Health and Pharmacy Science (July - September 2025)

Section

Articles

License

Copyright (c) 2025 Ogi Permana, Yayang Ayu Nuraeni

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Copyright :

Authors who publish their manuscripts in this journal agree to the following conditions:

  1. Copyright in each article belongs to the author.
  2. The author acknowledges that the DHPS has the right to be the first to publish under a Creative Commons Attribution 4.0 International license (Attribution 4.0 International CC BY 4.0).
  3. Authors can submit articles separately, arrange the non-exclusive distribution of manuscripts that have been published in this journal to other versions (for example, sent to the author's institutional repository, publication in a book, etc.), by acknowledging that the manuscript has been published for the first time at DHPS.