Legal Protection of Personal Health Data in Electronic Systems
DOI:
https://doi.org/10.62951/ijsw.v2i3.404Keywords:
Data Protection, Digital Security, Electronic Systems, Health Law, Personal Health DataAbstract
Legal protection of personal health data amidst the rapid digitalization of health services, such as telemedicine, electronic medical records, and online consultation applications is very important. Sensitive health data requires careful management, but in fact, many digital service providers in Indonesia have not implemented adequate security standards. The case of the BPJS Kesehatan participant data leak is a real example of the weakness of the data protection system, coupled with the practice of data misuse by digital platforms without valid consent. The method used is qualitative with a normative legal approach, through a literature study of primary and secondary regulations such as Law No. 27 of 2022 concerning Personal Data Protection (UU PDP), the ITE Law, and related Government Regulations and Permenkes. The results of the study show that although regulations are comprehensively available, implementation in the field still faces serious challenges such as the lack of appointment of Data Protection Officers (DPOs), weak supervision, and low awareness of data protection. Real threats such as cyber attacks, data leaks due to negligence, and misuse by third parties are the main issues. Electronic system providers have a great responsibility in building an information security system, preparing privacy policies, and implementing the principle of "privacy by design".
Downloads
References
Alder, Steve. "Healthcare Data Breach Statistics." The HIPAA Journal, 2025..
Ayereby, Manouan Pierre-Marius. "Overcoming Data Breaches and Human Factors in Minimizing Threats to Cyber-Security Ecosystems." College of Management and Technology Walden University, 2018.
Chaterine, Rahel Narda, and Dani Prabowo. "Kemenkominfo Suspects 279 Million Leaked Population Data Identical to BPJS Health Data." kompas.com, 2021. https://nasional.kompas.com/read/2021/05/21/15192491/kemenkominfo-duga-279-juta-data-penduduk-yang-bocor-identik-dengan-data-bpjs.
CIPL. Ensuring the Effectiveness and Strategic Role of the Data Protection Officer under the General Data Protection Regulation. Pennsylvania: Center For Information Policy Leadership, 2016.
Cyble. "5 Steps To Master Data Incident Response | Cyble," 2025. https://cyble.com/knowledge-hub/5-data-incident-response/.
EDPS. "Data Protection Officer (DPO) | European Data Protection Supervisor," 2025. 2025.
Faiqy, Muhammad Raihan, Muhammad Izzar Damargara, Muhammad Alhidayah, and Jatnika Maulana. "The Urgency of Realizing the Role of Data Protection Officer (DPO) in the Health Sector in View of Personal Data Protection Law." Padjadjaran Law Review 10, no. 1 (2022): 1–15. https://doi.org/10.56895/plr.v10i1.838.
Fatmawati, Arum. "Legal Protection of User Data by Cloud Computing Service Providers in View of Law Number 11 of 2008 concerning Electronic Information and Transactions." Faculty of Social Sciences and Law, Surabaya State University, 2022.
Fauzi, Elfian, and Nabila Alif Radika Shandy. "The Right to Privacy and Legal Politics of Law Number 27 of 2022 on Personal Data Protection." Journal of Lex Renaissance 7, no. 3 (2022): 445–61. https://doi.org/10.20885/JLR.vol7.iss3.art1.
Haapalainen, Aleksi. "Data Privacy and Security in Healthcare Systems." Lappeenranta, Finland: Unpublished, 2024. https://doi.org/10.13140/RG.2.2.35998.55363.
Hansen, Johan, Petra Wilson, Eline Verhoeven, Madelon Kroneman, and Mary Kirwan. Assessment of the EU Member States' Rules on Health Data in the Light of GDPR. Luxembourg: Publications Office of the European Union, 2021.
Ministry of State Secretary RI. Government Regulation No. 71 of 2019 on the Implementation of Electronic Systems and Transactions. Jakarta: Ministry of State Secretariat of the Republic of Indonesia, 2019.
Maharani, Rista, and Andria Luhur Prakoso. "Protection of Consumer Personal Data by Electronic System Operators in Digital Transactions." Journal of USM Law Review 7, no. 1 (2024): 333–47. https://doi.org/10.26623/julr.v7i1.8705.
Mayasafira, Sarrah Dwiananda, and Mohammed Almansoob. "Electronic Medical Records as Digital Transformation in Indonesian Health Services 4.0." International Journal Of Nursing And Midwifery Science (IJNMS) 8, no. 2 (2024): 229-39.
Indonesian Minister of Health. Minister of Health Regulation No. 269/MENKES/PER/III/2008 concerning Medical Records. Jakarta: Ministry of Health of the Republic of Indonesia, 2008.
Seh, Adil Hussain, Mohammad Zarour, Mamdouh Alenezi, Amal Krishna Sarkar, Alka Agrawal, Rajeev Kumar, and Raees Ahmad Khan. "Healthcare Data Breaches: Insights and Implications." Healthcare 8, no. 2 (2020): 133. https://doi.org/10.3390/healthcare8020133.
RI State Secretariat. Law No. 19 of 2016 on Electronic Information and Transactions (UU ITE). Jakarta: State Secretariat of the Republic of Indonesia, 2016.
---. Law No. 27 of 2022 on Personal Data Protection. Jakarta: State Secretariat of the Republic of Indonesia, 2022.
Singh, Suruchi, Bhatt Pankaj, K. Nagarajan, Neha P. Singh, and Veer Bala. "Blockchain with Cloud for Handling Healthcare Data: A Privacy-Friendly Platform." Materials Today: Proceedings 62, no. 7 (2022): 5021–26. https://doi.org/10.1016/j.matpr.2022.04.910.
Utomo, Handryas Prasetyo, Elisatris Gultom, and Anita Afriana. "The Urgency of Legal Protection of Patient Personal Data in Technology-Based Health Services in Indonesia." Galuh Justisi Scientific Journal 8, no. 2 (September 13, 2020): 168–85. https://doi.org/10.25157/justisi.v8i2.3479.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 International Journal of Social Welfare and Family Law
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
