Analysis of Patient Data Security Aspects in the Implementation of Electronic Medical Records (EMR) at Hospital X Bandung

  • Sali Setiatin
  • Aulia Rizkia Azmi
Keywords: Implementation, Electronic Medical Records (EMR), Patient Data Security, Confidentiality, Integrity, Availability, CIA Triad

Abstract

This study aims to analyze the implementation of patient data security mechanisms within the Electronic Medical Record (EMR) system at Hospital X Bandung, using the Confidentiality, Integrity, and Availability (CIA) framework. The findings indicate that the current implementation of the EMR system still faces several vulnerabilities. For instance, the absence of an auto-logout feature allows user sessions to remain active for more than six hours, significantly increasing the risk of unauthorized access. Furthermore, during network outages (downtime), medical records are reverted to manual entry, which compromises both the efficiency and accuracy of data management. In terms of access control, while individual user accounts have been introduced as part of system accountability, essential security practices—such as routine password changes—have yet to be enforced. Regarding data confidentiality, critical security measures such as data encryption and multi-factor authentication are not yet implemented, leaving the system vulnerable to privacy breaches. Concerning data integrity, the absence of an audit trail means that there is no comprehensive mechanism to track user activity or detect unauthorized modifications. Additionally, in the area of availability, the hospital relies on a basic manual backup system that lacks robustness, highlighting the need for a stronger digital disaster recovery strategy. Although Hospital X Bandung has established a basic information governance structure—including standard operating procedures (SOPs) and the appointment of an information manager—the overall implementation of information security policies remains suboptimal. The hospital has yet to conduct regular staff training, periodic system audits, or implement a structured cyber risk mitigation strategy. Therefore, there is a pressing need for a comprehensive data security framework, involving advanced technology solutions, continuous system audits, and user education, to ensure that the EMR system functions not only operationally, but also in full compliance with holistic and sustainable patient data protection standards.

Published
2025-10-15
Issue
Vol 1 No 2 (2024): International Journal Prima Husada Health 2024
Section
Articles