LEGAL REVIEW OF PATIENT MEDICAL RECORD CONFIDENTIALITY IN HOSPITALS
Abstract
The confidentiality of patient medical records is a fundamental legal and ethical obligation within healthcare systems, serving as the cornerstone of trust between patients and healthcare providers. This study examines the legal framework governing medical record confidentiality in Indonesian hospitals, with a particular focus on statutory provisions, regulatory instruments, and their practical implementation. Utilizing a normative juridical approach supported by comparative analysis, this research explores the adequacy of Indonesian legislation—principally Law No. 29 of 2004 on Medical Practice, Law No. 36 of 2009 on Health, Law No. 44 of 2009 on Hospitals, and Ministry of Health Regulation No. 24 of 2022 on electronic medical records (EMR)—in protecting patient rights. The findings reveal that while Indonesia has established a robust legal foundation, significant challenges persist in practice. These include unclear liability for non-medical staff, weak enforcement mechanisms, and vulnerabilities arising from the adoption of EMR, particularly regarding cybersecurity and unauthorized access. Furthermore, the absence of structured institutional oversight and standardized operating procedures undermines effective compliance. Comparative insights from the United States (HIPAA Privacy Rule) and the United Kingdom (Caldicott Principles) demonstrate that legal provisions must be reinforced by accountability structures, privacy officers, and principles such as minimum necessary disclosure. This study concludes that Indonesia’s framework is normatively sufficient but practically inadequate. Strengthening medical record confidentiality requires legislative refinement, institutional oversight, enhanced technological safeguards, continuous professional training, and patient empowerment. Adopting selected international best practices while adapting them to Indonesia’s socio-legal context is crucial for ensuring both compliance and public trust.
Keywords: Medical records, confidentiality, hospital law, electronic medical records, patient rights, Indonesia.
References
Basani, C. S. (2023). Perlindungan Hukum Data Pasien dalam Rekam Medis Elektronik di Indonesia. Dialogia Iuridica, 15(2), 143–160.
Gostin, L. O., & Hodge, J. G. (2002). The Right to Know Versus the Right to Privacy: Ethical and Legal Dilemmas in the AIDS Epidemic. Milbank Quarterly, 80(1), 151–180.
Haque, A., et al. (2024). Electronic Medical Records and Data Security in Healthcare Systems. arXiv preprint arXiv:2410.12226.
International Committee of Medical Journal Editors (ICMJE). (2021). Recommendations for the Protection of Patients’ Rights in Medical Research.
McGraw, D., Dempsey, J. X., Harris, L., & Goldman, J. (2009). Privacy as an Enabler, Not an Impediment: Building Trust into Health Information Exchange. Health Affairs, 28(2), 416–427.
Ministry of Health Regulation No. 24 of 2022 concerning Medical Records.
Ministry of Health Regulation No. 269/Menkes/Per/III/2008 concerning Medical Records.
Rodrigues, R. J., & Risk, A. (2003). eHealth in Latin America and the Caribbean: Development and Policy Issues. Journal of Medical Internet Research, 5(1), e4.
Rumbold, J. M., & Pierscionek, B. K. (2017). The Effect of the General Data Protection Regulation on Medical Research. Journal of Medical Internet Research, 19(2), e47.
Sari, R., & Indrawati, A. (2020). Legal Protection of Patient Rights to Completeness and Confidentiality in the Management of Medical Record Documents. Journal of Law and Policy Studies, 12(1), 45–60.
U.S. Department of Health and Human Services. (2013). Summary of the HIPAA Privacy Rule. Washington, D.C.
United Kingdom Department of Health. (2013). Information: To Share or Not to Share? The Information Governance Review (Caldicott 2 Report). London: HMSO.
World Health Organization (WHO). (2016). Global Strategy on Digital Health 2020–2025. Geneva: WHO.
