<![CDATA[Systemic non-compliance with PERMENKES 24/2022 & UU PDP 27/2022 on EHR, such as human error, weak passwords, vulnerable physical access, and low ISO 27001, increases the risk of data breaches & fines. This research fills the gap in the study by evaluating the compliance of the CIA Triad principles on Electronic Medical Records post-issuance of PERMENKES No. 24 of 2022 and Law No. 27 of 2022 thru a literature review, while also highlighting the impact of non-compliance on service quality and patient trust. This study aims to evaluate the compliance of healthcare facility security systems with PERMENKES No. 24 of 2022 and Law No. 27 of 2022 and analyze the impact of non-compliance on service quality and patient trust. This research method employs a systematic narrative literature review design to comprehensively examine the implementation of the CIA Triad in EHR security. Searches were conducted on Google Scholar (2023-2026) using the keywords "data security and privacy," "electronic medical records," and "CIA Triad." The research results show that all four healthcare facilities have adopted access control, TTE, VPN, encryption, and SSL/TLS in accordance with PERMENKES No. 24/2022 and Article 35 of the PDP Law No. 27/2022. However, the effectiveness is hindered by authentication weaknesses (weak passwords, long auto logout), the absence of written SOPs, low staff compliance, and minimal patient socialization, resulting in the data subject's rights not being transparently fulfilled. The lack of data security socialization to patients indicates that transparency and protection of data subjects' rights based on Law No. 27 of 2022 are not optimal.]]>
Copyrights © 2026
