<![CDATA[This study evaluates the information security level of the Electronic Medical Record (EMR) system at Santosa Hospital Bandung Central using a gap analysis based on the ISO/IEC 27001 standard. The study addresses the growing need for robust patient data protection in the digital healthcare era, particularly in the face of increasing risks of data breaches and cyberattacks. A mixed-method case study design was employed, incorporating in-depth interviews, direct observations, and quantitative assessment using the ISO 27001 checklist. The findings show that several security aspects—such as confidentiality, integrity, and availability—are adequately implemented, although weaknesses remain in access control, multi-factor authentication, and documentation of information security policies. Overall, the hospital’s compliance level with ISO 27001 falls into the “adequate” category, indicating a need for stronger policies, enhanced security technologies, and regular security audits. The study is expected to support the hospital in strengthening its information governance and improving patient data protection.]]>
Copyrights © 2025
