<![CDATA[Regulation of the Minister of Health Number 24 of 2022 concerning Medical Records requires Health Service Facilities, including hospitals, to organize Electronic Medical Records and are also obliged to maintain the confidentiality of the data in them. However, cases of Electronic Medical Record data leakage that occur rampantly make patient data vulnerable to exposure and even illegal trading. The objectives of this study are to analyze hospital policies on EMR confidentiality and examine the legal framework governing EMR management in Indonesia. The research method uses a normative juridical approach with descriptive research specifications involving synthetic and perspective analysis, while the data collection technique employs literature review and field studies. The results show that hospital policies for maintaining data confidentiality in Electronic Medical Record implementation must follow provisions in accordance with applicable laws and regulations as stated in Law Number 17 of 2023 concerning Health, Regulation of the Minister of Health Number 24 of 2022 concerning Medical Records, and Law Number 27 of 2022 concerning Personal Data Protection. Hospitals must also act in accordance with the principles of good corporate governance. The corporate criminal liability model applicable to Electronic Medical Record data leaks occurring in hospitals positions the hospital as both the perpetrator of the crime and the responsible party; therefore, prosecution can be carried out and criminal sanctions can be imposed against the corporation itself.]]>
