<![CDATA[Data security in Electronic Medical Records (EMR) is a crucial issue in health information governance in Indonesia. This study evaluates the compliance of health facility information security systems with Ministry of Health Regulation (PERMENKES) No. 24 of 2022 and Personal Data Protection Law (UU PDP) No. 27 of 2022, and analyzes the impact of non-compliance on service quality and patient trust. The method employed is a systematic narrative literature review on the Google Scholar database (2023–2026) using the keywords "data security and privacy," "electronic medical records," and "CIA Triad," focusing on the implementation of Confidentiality, Integrity, and Availability. The four healthcare facilities examined have implemented controls such as role-based access control, Electronic Signatures (TTE), Virtual Private Networks (VPN), data encryption, and SSL/TLS protocols in accordance with PERMENKES provisions and Article 35 of the UU PDP. However, the effectiveness of implementation is hindered by weak authentication due to the use of simple passwords and excessively long auto-logout durations, the absence of comprehensive written standard operating procedures (SOPs), low staff compliance with security protocols, and minimal patient awareness regarding personal data protection rights. These weaknesses heighten the risk of patient data breaches as well as potential administrative sanctions and fines, and carry negative implications for service quality and public trust. Recommendations include strengthening internal security policies, developing written SOPs, providing continuous training for healthcare workers, implementing stronger authentication mechanisms (e.g., multi-factor authentication/MFA), and conducting patient awareness programs to ensure regulatory compliance and maintain public confidence.]]>
Copyrights © 2026
