<![CDATA[The implementation of EMR is part of the digital transformation of healthcare services aimed at improving service quality, efficiency, and accuracy of patient data management. However, this digitalization also poses challenges in maintaining the security of sensitive information, necessitating protection of data confidentiality, integrity, and availability. This study aims to review the implementation of patient data information security aspects in the Electronic Medical Records (EMR) system at Dr. Sitanala General Hospital. This research employed a descriptive method with a qualitative approach, collecting data through observation and in-depth interviews with eight informants, including the head of medical records, doctors, nurses, the head of IT, and IT staff. The analysis focused on six aspects of information security: privacy, integrity, authentication, availability, access control, and non-repudiation. The findings indicate that information security within the EMR system has generally been implemented adequately, with privacy and access control ensured through individual user accounts and role-based access restrictions, integrity maintained by limiting data modification authority, authentication conducted via username and password-based login mechanisms, availability supported by system reliability and data backup processes, and non-repudiation ensured through user activity logs. Nevertheless, weaknesses were identified in the automatic log-out feature, which has not yet functioned optimally and may pose potential security risks, highlighting the need for continuous evaluation and improvement to strengthen patient data protection and maintain public trust in healthcare services.]]>
