<![CDATA[The advancement of digitalization in healthcare services requires hospitals to implement Electronic Medical Records (EMRs) supported by secure, accurate, and integrated data management. This study aims to analyze the compliance of data breach prevention measures for patient EMRs at RSUD Serpong Utara with national legal provisions and to assess the potential legal risks arising from data breaches. The research employs a normative–empirical juridical approach, with data collected through in-depth interviews with the Medical Records Coordinator, EMR implementing officers, Head of the IT Team, Public Relations officers, and the Chair of the Quality Committee, as well as analysis of internal documents and relevant laws and regulations. The findings indicate that RSUD Serpong Utara has implemented access control mechanisms, individual user accounts, hierarchical supervision, and data storage on external servers to prevent data breaches. However, EMR implementation remains hybrid in several units, the CPPT audit trail has not been effectively implemented, and there is no appointed Data Protection Officer or internal legal unit. The enactment of Law No. 27 of 2022 on Personal Data Protection (UU PDP) establishes a more stringent regulatory standard compared to previous regulations, demanding comprehensive compliance from healthcare institutions in protecting patient data. The potential legal risks include administrative sanctions, civil liability claims, and criminal liability. Based on normative juridical analysis of the applicable laws and regulations and empirical findings regarding EMR management practices at RSUD Serpong Utara, this study concludes that strengthening EMR governance through the completion of digital transition, the appointment of a Data Protection Officer, the establishment of an internal legal unit, and the effective implementation of incident audits and audit trails is necessary to enhance legal compliance and reduce the risk of patient data breaches.]]>
Copyrights © 2026
