Implementation of Patient Data Protection Policy through the SMARTA-Based Electronic Medical Record System at Yogyakarta City Hospital
DOI:
https://doi.org/10.47431/jirreg.v9i1.719Keywords:
Patient data protection, electronic medical records, SMARTA, policy implementation, Edward IIIAbstract
The protection of patient personal data is a crucial aspect of digital healthcare services. Yogyakarta City Hospital has implemented an SMARTA-based Electronic Medical Record (EMR) system as part of its policy to protect patient data in accordance with national regulations and internal hospital regulations. However, the success of policy implementation is not only determined by the existence of the system, but also by how the policy is implemented by those in the field. This study aims to analyze the implementation of patient personal data protection policies through the perspective of Edward III's Policy Implementation Theory, which covers four main variables, namely communication, resources, implementer disposition, and bureaucratic structure. This study used a qualitative descriptive approach with 20 informants selected through purposive sampling, involving medical record officers, information technology staff, health workers, legal staff, and management officials at the Yogyakarta City Hospital. Data were collected from August to October 2025 through in-depth interviews, observations, and documentation studies, then analyzed using the Miles and Huberman interactive model and validated through triangulation and member checking. The results of the study indicate that policy communication has been effective, but understanding of data access restrictions is not yet uniform, human resource competence in digital security is still limited, and coordination between units, especially between the information technology department and the polyclinic, is not yet optimal in handling patient data incidents. The results of the study show that based on interviews and observations, most informants stated that policy communication and the commitment of implementers to maintain the confidentiality of personal data had been carried out in accordance with procedures, although several technical obstacles were still found in the distribution of information and access monitoring, particularly in terms of clarity of communication and the commitment of implementers to maintain data confidentiality. However, there are still obstacles in the form of uneven distribution of information, limited human resource competencies related to digital security, the practice of using shared accounts, and monitoring mechanisms that tend to be reactive. This study is expected to provide practical recommendations for public hospitals in their efforts to improve patient data protection management in a sustainable and secure manner.
References
Asrofi, A. F. (2024). Review of the implementation of the electronic medical record regulation in Indonesia. International Journal of Scientific Research (IJSR) / National Review, 13(2), 45–52.
Astuti, N. D., & Fahyudi, A. (2023). User satisfaction of Electronic Medical Record Information Systems (case: RSUD Tugurejo). Jurnal Manajemen Kesehatan Indonesia.
Bungin, B. (2017). Metodologi penelitian kualitatif. Jakarta: Kencana.
Cobrado, U. N., Silva, M. R., & Fernandes, P. T. (2024). Access control solutions in electronic health record systems: A systematic review. Computers in Biology and Medicine.
Edward III, G. C. (1980). Implementing public policy. Washington, DC: Congressional Quarterly Press.
Harant, T. D. (2024). Perlindungan hukum terhadap kerahasiaan data pasien antara rekam medis konvensional dan elektronik. Jurnal Hukum Kesehatan Indonesia, 9(1), 45–57.
Hossain, M. K., Rahmawati, D., Nugraha, A., & Setiawan, E. (2025). An exploratory study of electronic medical record adoption and recordkeeping culture in Indonesian hospitals. BMC Health Services Research.
Ibrahim, A. M., et al. (2024). Balancing confidentiality and care coordination: Challenges in the digital age. BMC Health Services Research, 24(1), 117–129. https://doi.org/10.1186/s12913-024-XXXXX
Ikawati, F. R. (2024). Challenges in implementing digital medical records in Indonesian hospitals: Perspectives on technology, regulation, and data security. ICISTech Journal.
Indra, I., Dewi, T. N., & Wibowo, D. B. (2024). Perlindungan kerahasiaan data pasien vs kewajiban membuka akses rekam medis elektronik. Jurnal Hukum dan Kesehatan, 8(1), 33–48.
Lestari, A. Y., Misran, M., Raharjo, T., Annas, M., Riskanita, D., & Prabandari, A. P. (2024). Improving healthcare patient data security: An integrated framework model for electronic health records from a legal perspective. Jurnal Keamanan Informasi Kesehatan Indonesia, 3(1), 1–15.
Miles, M. B., Huberman, A. M., & Saldaña, J. (2014). Qualitative data analysis: A methods sourcebook (3rd ed.). Thousand Oaks, CA: Sage.
Siregar, R. A., & Sinaga, H. S. R. (2025). Aspek hukum perlindungan data pasien dalam penyelenggaraan rekam medis elektronik di Indonesia. Jurnal Hukum To-ra, 11(1), 106–116.
Tertulino, R. (2024). Privacy in electronic health records: A systematic mapping study. International Journal of Public Health.
Wahyuli, K. T., & Budi, S. C. (2022). Analisis efektivitas implementasi sistem informasi manajemen rumah sakit (SIMRS) di RSUD Kota Yogyakarta dengan metode PIECES. Jurnal Sistem Informasi Kesehatan, 4(3), 201–215.
Regulatory References:
Instruksi Presiden Republik Indonesia Nomor 3 Tahun 2003 tentang Kebijakan dan Strategi Nasional Pengembangan E-Government.
Peraturan Direktur RSUD Kota Yogyakarta No. 53 Tahun 2022 tentang Penyelenggaraan Rekam Medis di RSUD Kota Yogyakarta.
Permenkes RI No. 24 Tahun 2022 tentang Rekam Medis.
Peraturan Direktur RSUD Kota Yogyakarta No. 03 Tahun 2018 tentang Pengelolaan SDM Internal RSUD.
Peraturan Direktur RSUD Kota Yogyakarta No. 24 Tahun 2021 tentang Peraturan Internal Staff Medis RSUD.
Undang-Undang Republik Indonesia Nomor 11 Tahun 2008 tentang Informasi dan Transaksi Elektronik.
Undang-Undang Republik Indonesia Nomor 27 Tahun 2022 tentang Perlindungan Data Pribadi.
