Article Per Year (5 Year)
p-Index From 2021 - 2026
0.408
P-Index
This Author published in this journals
All Journal Widya Cipta : Jurnal Sekretari dan Manajemen Widya Cipta : Jurnal Sekretari dan Manajemen
Ganesworo, Muhammad Galing
Unknown Affiliation
Decision Sciences, Operations Research & Management Economics, Econometrics & Finance Social Sciences

Published : 2 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 2 Documents
Search

 1 
Data Privacy Risk Governance in Hospital Management Information System: A Proposed Framework for Hospital in Padang Ganesworo, Muhammad Galing; Rahadi, Raden Aswin
Widya Cipta: Jurnal Sekretari dan Manajemen Vol 9, No 2 (2025): September
Publisher : Universitas Bina Sarana Informatika

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.31294/widyacipta.v9i2.26065

Abstract

The implementation of Hospital Management Information System (SIMRS) in Indonesia has been mandated by the Ministry of Health to digitize more of their operations and infrastructure including service quality, operational efficiency, and patient care security especially regarding electronic medical records (EMRs) that has indicated the digital transformation in healthcare sector through the integration of information security and data privacy governance that will developed through this study that manage framework of the privacy risk. This study grounded in three essential guiding frameworks which formed as the study's foundation: COSO Enterprise Risk Management (ERM) 2017, ISO/IEC 27701:2019, and Indonesia’s Personal Data Protection (PDP) Law No. 27/2022. Using a qualitative case study approach, data were collected through in-depth interviews with five stakeholders which were then conducted through thematic analysis, which revealed five core themes: (1) Governance and Leadership in Privacy Risk, (2) Privacy Risk Identification and Assessment, (3) Privacy Controls and Operational Safeguards, (4) Monitoring and Incident Management, and (5) Compliance with Legal and Regulatory Requirements. The analysis revealed, fragmented privacy practices, lack of proactive governance, and low awareness of regulatory obligations. In response, this study proposes a phased improvement plan to enhance digital maturity, which includes appointing a Data Protection Officer (DPO), developing privacy SOPs, and conducting required privacy assessments allowing hospitals to enable progressive, track and measurable progress to meet the regulatory expectations. The governance findings model offers a scalable and replicable for hospitals in Indonesia that may facing similar struggling, and it emphasizes the need for data governance model. Ultimately, this framework supports the patient safety, data protection, and sustainable digital health transformation
Data Privacy Risk Governance in Hospital Management Information System: A Proposed Framework for Hospital in Padang Ganesworo, Muhammad Galing; Rahadi, Raden Aswin
Widya Cipta: Jurnal Sekretari dan Manajemen Vol. 9 No. 2 (2025): September
Publisher : Universitas Bina Sarana Informatika

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.31294/widyacipta.v9i2.11524

Abstract

The implementation of Hospital Management Information Systems (SIMRS) in Indonesia, mandated by the Ministry of Health, reflects the country's digital transformation in healthcare particularly in managing electronic medical records (EMRs), operational efficiency, and patient data security. This study aims to develop a privacy risk governance framework by integrating three key references: COSO Enterprise Risk Management (ERM) 2017, ISO/IEC 27701:2019, and Indonesia’s Personal Data Protection (PDP) Law No. 27/2022. Employing a qualitative case study approach, data were collected through in-depth interviews with five key stakeholders and analyzed thematically. Five major themes emerged: (1) Governance and Leadership in Privacy Risk, (2) Privacy Risk Identification and Assessment, (3) Privacy Controls and Operational Safeguards, (4) Monitoring and Incident Management, and (5) Legal and Regulatory Compliance. The study identified fragmented privacy practices, weak governance structures, and limited awareness of privacy obligations. To address these gaps, a phased improvement plan is proposed—starting with the appointment of a Data Protection Officer (DPO), the development of privacy-related standard operating procedures (SOPs), and the implementation of privacy impact assessments. These steps are designed to improve digital maturity and regulatory alignment. The proposed governance model is adaptable and scalable for other hospitals in Indonesia facing similar challenges. Ultimately, this framework contributes to enhancing patient safety, ensuring data protection, and supporting a sustainable digital health transformation. 
Co-Authors Rahadi, Raden Aswin