Roles of Law on Medical Records for Data and Information Security: A Systematic Literature Review

Authors

  • Ida Bagus Udayana Hanggara Magister Hukum Kesehatan, Universitas Udayana, Indonesia
  • Tuty Kuswardhani Magister Hukum Kesehatan, Universitas Udayana, Indonesia
  • I Gusti Agung Gede Utara Hartawan Magister Hukum Kesehatan, Universitas Udayana, Indonesia

DOI:

https://doi.org/10.38035/jlph.v5i2.1141

Keywords:

Roles of Law, Medical Records, Medical Data, Information Security

Abstract

Electronic medical records must adhere to the principles of data and information security, which include availability, integrity, and confidentiality. Medical records serve as legitimate legal evidence, thereby satisfying these principles both individually and institutionally. Consequently, the aim of this research is to explore the roles of law on medical records for data and information security. To achieve this aim, a systematic literature review (SLR) was employed. The Scopus and PubMed databases were chosen for their global recognition. Full-text articles from these databases were subjected to PRISMA analysis using Mendeley Reference Manager. The researchers collected 32 research articles by the categories of data protection law, medical records' law enforcement, and data protection law recommendation. The research findings indicate that the roles of law deal with the role of law in compliance and data protection, law enforcement and sanctions, a recommendation for improving compliance and data protection. In addition, the law is crucial for ensuring compliance and data protection in electronic medical records implementation in hospitals. However, compliance levels have not reached optimal levels. To improve security, awareness, and enforcement, collaboration with legal bodies, and educational initiatives are needed. Legislation like HIPAA and GDPR influence data protection measures, but penalties are insufficient. To enhance compliance, medical personnel should undergo rigorous training and improve oversight of health data management procedures

References

Abugabah, A., Nizamuddin, N., & Abuqabbeh, A. (2020). A review of challenges and barriers implementing RFID technology in the Healthcare sector. Procedia Computer Science, 170, 1003–1010. https://doi.org/https://doi.org/10.1016/j.procs.2020.03.094

Ahmad, R. W., Salah, K., Jayaraman, R., Yaqoob, I., Ellahham, S., & Omar, M. (2021). The role of blockchain technology in telehealth and telemedicine. International Journal of Medical Informatics, 148, 104399. https://doi.org/https://doi.org/10.1016/j.ijmedinf.2021.104399

Argaw, S. T., Troncoso-Pastoriza, J. R., Lacey, D., Florin, M.-V., Calcavecchia, F., Anderson, D., Burleson, W., Vogel, J.-M., O’Leary, C., Eshaya-Chauvin, B., & Flahault, A. (2020). Cybersecurity of Hospitals: discussing the challenges and working towards mitigating the risks. BMC Medical Informatics and Decision Making, 20(1), 146. https://doi.org/10.1186/s12911-020-01161-7

Attaran, M. (2022). Blockchain technology in healthcare: Challenges and opportunities. International Journal of Healthcare Management, 15(1), 70–83. https://doi.org/10.1080/20479700.2020.1843887

Azeez, N. A., & der Vyver, C. Van. (2019). Security and privacy issues in e-health cloud-based system: A comprehensive content analysis. Egyptian Informatics Journal, 20(2), 97–108. https://doi.org/https://doi.org/10.1016/j.eij.2018.12.001

Budiyanti, R., Herlambang, P., & Nandini, N. (2019). Tantangan etika dan hukum penggunaan rekam medis elektronik dalam era personalized medicine. Jurnal Kesehatan Vokasional, 4, 49. https://doi.org/10.22146/jkesvo.41994

Chen, L., Lee, W.-K., Chang, C.-C., Choo, K.-K. R., & Zhang, N. (2019). Blockchain based searchable encryption for electronic health record sharing. Future Generation Computer Systems, 95, 420–429. https://doi.org/https://doi.org/10.1016/j.future.2019.01.018

Chen, Y., Ding, S., Xu, Z., Zheng, H., & Yang, S. (2018). Blockchain-Based Medical Records Secure Storage and Medical Service Framework. Journal of Medical Systems, 43(1), 5. https://doi.org/10.1007/s10916-018-1121-4

Cheng, X., Chen, F., Xie, D., Sun, H., & Huang, C. (2020). Design of a Secure Medical Data Sharing Scheme Based on Blockchain. Journal of Medical Systems, 44(2), 52. https://doi.org/10.1007/s10916-019-1468-1

Cilliers, L. (2019). Wearable devices in healthcare: Privacy and information security issues. Health Information Management Journal, 49(2–3), 150–156. https://doi.org/10.1177/1833358319851684

da Veiga, A., Astakhova, L. V, Botha, A., & Herselman, M. (2020). Defining organisational information security culture—Perspectives from academia and industry. Computers & Security, 92, 101713. https://doi.org/https://doi.org/10.1016/j.cose.2020.101713

Elangovan, D., Long, C. S., Bakrin, F. S., Tan, C. S., Goh, K. W., Hussain, Z., Al-Worafi, Y. M., Lee, K. S., Kassab, Y. W., & Ming, L. C. (2020). Application of Blockchain Technology in Hospital Information System. In Mathematical Modeling and Soft Computing in Epidemiology (1st Editio, p. 16). CRC Press. https://www.taylorfrancis.com/chapters/edit/10.1201/9781003038399-12/application-blockchain-technology-hospital-information-system-deepa-elangovan-chiau-soon-long-faizah-safina-bakrin-ching-siang-tan-khang-wen-goh-zahid-hussain-yaser-mohammed-al-worafi-kah-seng-lee-yaman-walid-kassab-long-chiau-ming

Esmaeilzadeh, P. (2019). The Effects of Public Concern for Information Privacy on the Adoption of Health Information Exchanges (HIEs) by Healthcare Entities. Health Communication, 34(10), 1202–1211. https://doi.org/10.1080/10410236.2018.1471336

Evelyn Angelita Pinondang Manurung, & Emmy Febriani Thalib. (2023). Tinjauan yuridis perlindungan data pribadi berdasarkan UU nomor 27 tahun 2022. Jurnal Hukum Saraswati, 4(2 SE-), 139–148. https://e-journal.unmas.ac.id/index.php/JHS/article/view/5941

Ganiga, R., Pai, R. M., Pai, M. M., & Sinha, R. K. (2020). Security framework for cloud based electronic health record (EHR) system. International Journal of Electrical and Computer Engineering, 10, 455–466.

Habibzadeh, H., Nussbaum, B. H., Anjomshoa, F., Kantarci, B., & Soyata, T. (2019). A survey on cybersecurity, data privacy, and policy issues in cyber-physical system deployments in smart cities. Sustainable Cities and Society, 50, 101660. https://doi.org/https://doi.org/10.1016/j.scs.2019.101660

Hathaliya, J. J., & Tanwar, S. (2020). An exhaustive survey on security and privacy issues in Healthcare 4.0. Computer Communications, 153, 311–335. https://doi.org/https://doi.org/10.1016/j.comcom.2020.02.018

Hina, S., & Dominic, P. D. D. (2020). Information security policies’ compliance: a perspective for higher education institutions. Journal of Computer Information Systems, 60(3), 201–211. https://doi.org/10.1080/08874417.2018.1432996

Humphrey, B. A. (2021). Data Privacy vs. Innovation: A Quantitative Analysis of Artificial Intelligence in Healthcare and Its Impact on HIPAA regarding the Privacy and Security of Protected Health Information [Robert Morris University]. https://doi.org/28549541

Hussien, H. M., Yasin, S. M., Udzir, N. I., Ninggal, M. I. H., & Salman, S. (2021). Blockchain technology in the healthcare industry: Trends and opportunities. Journal of Industrial Information Integration, 22, 100217. https://doi.org/https://doi.org/10.1016/j.jii.2021.100217

Kaplan, B. (2020). Revisiting health information technology ethical, legal, and social issues and evaluation: Telehealth/telemedicine and COVID-19. International Journal of Medical Informatics, 143, 104239. https://doi.org/https://doi.org/10.1016/j.ijmedinf.2020.104239

Kaw, J. A., Loan, N. A., Parah, S. A., Muhammad, K., Sheikh, J. A., & Bhat, G. M. (2019). A reversible and secure patient information hiding system for IoT driven e-health. International Journal of Information Management, 45, 262–275. https://doi.org/https://doi.org/10.1016/j.ijinfomgt.2018.09.008

Keshta, I., & Odeh, A. (2021). Security and privacy of electronic health records: Concerns and challenges. Egyptian Informatics Journal, 22(2), 177–183. https://doi.org/https://doi.org/10.1016/j.eij.2020.07.003

Kessler, S. R., Pindek, S., Kleinman, G., Andel, S. A., & Spector, P. E. (2019). Information security climate and the assessment of information security risk among healthcare employees. Health Informatics Journal, 26(1), 461–473. https://doi.org/10.1177/1460458219832048

Kusnadi, S. (2021). Perlindungan hukum data pribadi sebagai hak privasi. AL WASATH Jurnal Ilmu Hukum, 2, 9–16. https://doi.org/10.47776/alwasath.v2i1.127

Li, Y., & Liu, Q. (2021). A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports, 7, 8176–8186. https://doi.org/https://doi.org/10.1016/j.egyr.2021.08.126

Lv, Z., & Qiao, L. (2020). Analysis of healthcare big data. Future Generation Computer Systems, 109, 103–110. https://doi.org/https://doi.org/10.1016/j.future.2020.03.039

Maha Wirajaya, M., & Dewi, N. M. U. (2020). Analisis kesiapan Rumah Sakit Dharma Kerti Tabanan menerapkan rekam medis elektronik. Jurnal Kesehatan Vokasional, 5, 1. https://doi.org/10.22146/jkesvo.53017

Mani, V., Manickam, P., Alotaibi, Y., Alghamdi, S., & Khalaf, O. I. (2021). Hyperledger Healthchain: Patient-Centric IPFS-Based Storage of Health Records. In Electronics (Vol. 10, Issue 23). https://doi.org/10.3390/electronics10233003

Meher, C., Sidi, R., & Risdawati, I. (2023). Penggunaan data kesehatan pribadi dalam Era Big Data: Tantangan hukum dan kebijakan di Indonesia. Jurnal Ners, 7, 864–870. https://doi.org/10.31004/jn.v7i2.16088

Murdoch, B. (2021). Privacy and artificial intelligence: challenges for protecting health information in a new era. BMC Medical Ethics, 22(1). https://doi.org/10.1186/s12910-021-00687-3

Naarttijärvi, M. (2018). Balancing data protection and privacy – The case of information security sensor systems. Computer Law & Security Review, 34(5), 1019–1038. https://doi.org/https://doi.org/10.1016/j.clsr.2018.04.006

Nagasubramanian, G., Sakthivel, R. K., Patan, R., Gandomi4, A. H., Balusamy, Sankayya, M., & Balamurugan. (2020). Securing e-health records using keyless signature infrastructure blockchain technology in the cloud. Neural Computing & Applications, 32(3), 639–647. https://doi.org/10.1007/s00521-018-3915-1

Nifakos, S., Chandramouli, K., Nikolaou, C. K., Papachristou, P., Koch, S., Panaousis, E., & Bonacina, S. (2021). Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review. In Sensors (Vol. 21, Issue 15). https://doi.org/10.3390/s21155119

Nugraheni, S. W., & Nurhayati. (2018). Aspek hukum rekam medis elektronik di RSUD Dr. Moewardi. Prosiding Seminar Nasional Unimus Volume 1, 97.

Nurpita, S. (2021). Data pribadi BPJS Kesehatan bocor, masyarakat dirugikan. Republika. https://sindikasi.republika.co.id/ berita/qtthfk282 /data-pribadi-bpjs-kesehatan-bocor-masyarakat- dirugikan

Pirbhulal, S., Samuel, O. W., Wu, W., Sangaiah, A. K., & Li, G. (2019). A joint resource-aware and medical data security framework for wearable healthcare systems. Future Generation Computer Systems, 95, 382–391. https://doi.org/https://doi.org/10.1016/j.future.2019.01.008

Pratimaratri, U., Ilona, D., & Zaitul, Z. (2019). Digital medical data protection compliance among medical staffs. Journal of Physics Conference Series, 1339, 1–7. https://doi.org/10.1088/1742-6596/1339/1/012100

Price, W. N., & Cohen, I. G. (2019). Privacy in the age of medical big data. Nature Medicine, 25(1), 37–43. https://doi.org/10.1038/s41591-018-0272-7

Sagitariani, S., Januraga, P. P., & Negara, I. (2020). Delphi approach to explore ways to optimize case manager services in inpatient wards of Sanglah General Hospital. Public Health and Preventive Medicine Archive, 8, 150. https://doi.org/10.15562/phpma.v8i2.310

Sheikh, A., Anderson, M., Albala, S., Casadei, B., Franklin, B. D., Richards, M., Taylor, D., Tibble, H., & Mossialos, E. (2021). Health information technology and digital innovation for national learning health and care systems. The Lancet Digital Health, 3(6), e383–e396. https://doi.org/10.1016/S2589-7500(21)00005-4

Shi, S., He, D., Li, L., Kumar, N., Khan, M. K., & Choo, K.-K. R. (2020). Applications of blockchain in ensuring the security and privacy of electronic health record systems: A survey. Computers & Security, 97, 101966. https://doi.org/https://doi.org/10.1016/j.cose.2020.101966

Srinivas, J., Das, A. K., & Kumar, N. (2019). Government regulations in cyber security: Framework, standards and recommendations. Future Generation Computer Systems, 92, 178–188. https://doi.org/https://doi.org/10.1016/j.future.2018.09.063

Sun, Z., Strang, K. D., & Pambel, F. (2020). Privacy and security in the big data paradigm. Journal of Computer Information Systems, 60(2), 146–155. https://doi.org/10.1080/08874417.2017.1418631

Susilayasa, I. K. A., Susanti, N. L. P. D., Wahyuningsih, L. G. N. S., & Wulandari, I. A. P. (2024). Case manager experience in health services in regional hospitals in Bali. Indonesian Journal of Global Health Research, 6(4 SE-Articles). https://doi.org/10.37287/ijghr.v6i4.3219

Tanwar, S., Parekh, K., & Evans, R. (2020). Blockchain-based electronic healthcare record system for healthcare 4.0 applications. Journal of Information Security and Applications, 50, 102407. https://doi.org/https://doi.org/10.1016/j.jisa.2019.102407

Thapa, C., & Camtepe, S. (2021). Precision health data: Requirements, challenges and existing techniques for data security and privacy. Computers in Biology and Medicine, 129, 104130. https://doi.org/https://doi.org/10.1016/j.compbiomed.2020.104130

Vitunskaite, M., He, Y., Brandstetter, T., & Janicke, H. (2019). Smart cities and cyber security: Are we there yet?A comparative study on the role of standards, third party risk management and security ownership. Computers & Security, 83, 313–331. https://doi.org/https://doi.org/10.1016/j.cose.2019.02.009

Vlahou, A., Hallinan, D., Apweiler, R., Argiles, A., Beige, J., Benigni, A., Bischoff, R., Black, P. C., Boehm, F., Céraline, J., Chrousos, G. P., Delles, C., Evenepoel, P., Fridolin, I., Glorieux, G., van Gool, A. J., Heidegger, I., Ioannidis, J. P. A., Jankowski, J., … Vanholder, R. (2021). Data Sharing Under the General Data Protection Regulation: Time to Harmonize Law and Research Ethics? Hypertension (Dallas, Tex.?: 1979), 77(4), 1029–1035. https://doi.org/10.1161/HYPERTENSIONAHA.120.16340

Wallace, S. E., & Miola, J. (2021). Adding dynamic consent to a longitudinal cohort study: A qualitative study of EXCEED participant perspectives. BMC Medical Ethics, 22(1), 12. https://doi.org/10.1186/s12910-021-00583-w

Downloads

Published

2025-01-04

How to Cite

Ida Bagus Udayana Hanggara, Tuty Kuswardhani, & I Gusti Agung Gede Utara Hartawan. (2025). Roles of Law on Medical Records for Data and Information Security: A Systematic Literature Review. Journal of Law, Politic and Humanities, 5(2), 1236–1248. https://doi.org/10.38035/jlph.v5i2.1141

Issue

Vol. 5 No. 2 (2024): (JLPH) Journal of Law, Politic and Humanities

Section

Articles

License

Copyright (c) 2024 Udayana Hanggara, Tuty Kuswardhani, I Gusti Agung Gede Utara Hartawan

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors who publish their manuscripts in this journal agree to the following conditions:

  1. The copyright on each article belongs to the author(s).
  2. The author acknowledges that the Journal of Law, Poliitic and Humanities (JLPH) has the right to be the first to publish with a Creative Commons Attribution 4.0 International license (Attribution 4.0 International (CC BY 4.0).
  3. Authors can submit articles separately, arrange for the non-exclusive distribution of manuscripts that have been published in this journal into other versions (e.g., sent to the author's institutional repository, publication into books, etc.), by acknowledging that the manuscript has been published for the first time in the Journal of Law, Poliitic and Humanities (JLPH).