Logo
International Journal of
Law, Policy and Social Review
Header

Search

ARCHIVES
2026 ISSUES
2025 ISSUES
2024 ISSUES
2023 ISSUES
2022 ISSUES
2021 ISSUES
2020 ISSUES
2019 ISSUES
VOL. 7, ISSUE 3 (2025)
Assessing legal and institutional readiness for patient data protection in the age of big health data: An empirical study of health facilities in Indonesia
Authors
Rospita Adelina Siregar, Nanin Koeswidi Astuti
Abstract

The rapid expansion of digital health systems in Indonesia has raised critical concerns regarding patient data privacy and institutional compliance with emerging legal standards. This study explores how healthcare facilities implement data protection practices within the framework of Indonesia’s Personal Data Protection Law (Law No. 27/2022). Employing a qualitative methodology, data were gathered through semi-structured interviews with healthcare professionals, policymakers, and IT specialists, alongside field observations and document analysis from selected hospitals and clinics. Findings indicate that many healthcare personnel lack familiarities with legal data protection principles and tend to rely primarily on professional ethics. Patient information is often accessed using shared credentials, with limited technical safeguards in place. At the policy level, institutions generally lack standardized guidelines and internal audit mechanisms to ensure compliance. Regulatory authorities acknowledged the absence of detailed technical directives and noted inconsistent implementation across facilities.

IT systems, though functional, are rarely optimized for security. Critical safeguards—such as encryption, role-based access controls, and incident reporting protocols—are frequently absent. Document analysis confirms that institutional policies and standard operating procedures (SOPs) rarely reference key data protection concepts such as consent, breach notification, or accountability. The lack of designated data protection officers and clearly defined roles further compounds these challenges. This study underscores the urgent need for a comprehensive governance framework that integrates legal, technical, organizational, and behavioral dimensions of data protection. Key recommendations include strengthened regulatory support, targeted capacity-building initiatives, investment in secure IT infrastructures, and the institutionalization of privacy protocols. Without holistic reforms, patient data will remain vulnerable, and healthcare institutions risk legal non-compliance in an increasingly digitized healthcare landscape.
Download
Pages:15-21
How to cite this article:
Rospita Adelina Siregar, Nanin Koeswidi Astuti "Assessing legal and institutional readiness for patient data protection in the age of big health data: An empirical study of health facilities in Indonesia". International Journal of Law, Policy and Social Review, Vol 7, Issue 3, 2025, Pages 15-21
Download Author Certificate

Please enter the email address corresponding to this article submission to download your certificate.