<![CDATA[Legal protection of personal health data amidst the rapid digitalization of health services, such as telemedicine, electronic medical records, and online consultation applications is very important. Sensitive health data requires careful management, but in fact, many digital service providers in Indonesia have not implemented adequate security standards. The case of the BPJS Kesehatan participant data leak is a real example of the weakness of the data protection system, coupled with the practice of data misuse by digital platforms without valid consent. The method used is qualitative with a normative legal approach, through a literature study of primary and secondary regulations such as Law No. 27 of 2022 concerning Personal Data Protection (UU PDP), the ITE Law, and related Government Regulations and Permenkes. The results of the study show that although regulations are comprehensively available, implementation in the field still faces serious challenges such as the lack of appointment of Data Protection Officers (DPOs), weak supervision, and low awareness of data protection. Real threats such as cyber attacks, data leaks due to negligence, and misuse by third parties are the main issues. Electronic system providers have a great responsibility in building an information security system, preparing privacy policies, and implementing the principle of "privacy by design".]]>
Copyrights © 2025
