Purwati, Ani (2026) PERLINDUNGAN HUKUM TRANSFORMASI REKAM MEDIS ELEKTRONIK PERSPEKTIF ZERO TRUST ARCHITECTURE TERHADAP PELAYANAN KESEHATAN BERKEADILAN. Doctoral thesis, Universitas 17 Agustus 1945 Semarang.
![[thumbnail of PERLINDUNGAN HUKUM TRANSFORMASI REKAM MEDIS ELEKTRONIK PERSPEKTIF ZERO TRUST ARCHITECTURE TERHADAP PELAYANAN KESEHATAN BERKEADILAN.pdf]](https://repository.untagsmg.ac.id/style/images/fileicons/text.png)
Text
PERLINDUNGAN HUKUM TRANSFORMASI REKAM MEDIS ELEKTRONIK PERSPEKTIF ZERO TRUST ARCHITECTURE TERHADAP PELAYANAN KESEHATAN BERKEADILAN.pdf - Accepted Version
Download (144kB)
Abstract
Transformasi digital di bidang kesehatan membawa perubahan mendasar terhadap tata kelola layanan medis khususnya melalui pemanfaatan Rekam Medis Elektronik (RME). Instrumen ini meningkatkan efisiensi, akurasi serta keterhubungan antar fasilitas pelayanan kesehatan. Peralihan dari sistem manual ke sistem digital menghadirkan tantangan besar terutama terkait keamanan dan kerahasiaan data pribadi pasien. Risiko kebocoran informasi, serangan siber serta lemahnya tata kelola di berbagai rumah sakit menegaskan kebutuhan akan pendekatan keamanan yang lebih adaptif. Konsep Zero Trust Architecture (ZTA) strategis dengan prinsip never trust, always verify, yang mengutamakan autentikasi berlapis, segmentasi mikro dan enkripsi menyeluruh. ZTA tidak hanya diposisikan sebagai solusi teknologi sebagai basis normatif untuk menegakkan hak atas privasi dan kesehatan sebagaimana dijamin dalam UUD 1945, Undang-Undang Nomor 17 Tahun 2023 tentang Kesehatan serta Undang-Undang Nomor 27 Tahun 2022 tentang Perlindungan Data Pribadi. Penelitian ini mengangkat tiga pokok permasalahan. Pertama, bagaimana konsep ZTA dapat diletakkan secara konstitusional sebagai jaminan privasi dan perlindungan data kesehatan pribadi dalam era digital. Kedua, apakah penerapan ZTA dalam transformasi RME dapat menjamin perlindungan hukum yang efektif serta menghadirkan pelayanan kesehatan yang berkeadilan. Ketiga, bagaimana integrasi ZTA dalam RME dapat diukur dari perspektif kepatuhan hukum dan standar keamanan digital.
Metode penelitian menggunakan pendekatan yuridis normatif dengan perbandingan hukum serta diperkuat kajian empiris. Sumber data meliputi peraturan perundang-undangan, literatur akademik, standar internasional, dokumen resmi Kementerian Kesehatan dan WHO. Studi kasus dilakukan di tiga rumah sakit rujukan nasional RS Kanker Dharmais Jakarta, RSUPN Dr. Cipto Mangunkusumo, RS Mata Cicendo Bandung, untuk menguji sejauh mana praktik RME selaras dengan prinsip ZTA. Hasil penelitian menunjukkan bahwa penerapan RME di Indonesia masih menghadapi berbagai kendala baik teknis (interoperabilitas, kesiapan infrastruktur, keamanan siber) maupun regulatif (minimnya pengaturan teknis, lemahnya audit digital, ketiadaan sanksi tegas). Kemajuan yang signifikan ZTA berbagai negara Amerika Serikat melalui HIPAA mewajibkan enkripsi dan audit trail atas electronic protected health information. Singapura dengan PDPA mengatur persetujuan pasien dan mengintegrasikan autentikasi digital melalui SingPass. Australia dengan My Health Records Act memberikan hak pasien untuk opt-in atau opt-out serta mengatur sanksi pidana bagi pelanggaran. Finlandia melalui Findata menegakkan pengelolaan tunggal atas izin, akses dan pemanfaatan data kesehatan serta mensyaratkan Data Protection Impact Assessment (DPIA). Perbandingan penerapan ZTA memperkuat kerahasiaan, integritas, dan ketersediaan data medis serta meningkatkan kepercayaan masyarakat terhadap layanan kesehatan digital. Indonesia perlu menempatkan ZTA bukan hanya sebagai instrumen teknis melainkan paradigma hukum progresif yang selaras dengan nilai keadilan sosial Pancasila, prinsip hak asasi manusia, standar regulasi global untuk mewujudkan layanan kesehatan digital yang aman, inklusif dan berkeadilan.
============================================================
The digital transformation in the health sector has brought fundamental changes to the governance of medical services, particularly through the adoption of Electronic Medical Records (EMR). This instrument enhances efficiency, accuracy, and interoperability across healthcare facilities. However, the shift from manual to digital systems also presents major challenges, especially regarding the security and confidentiality of patients’ personal data. The risks of data breaches, cyberattacks, and weak governance in many hospitals highlight the urgent need for a more adaptive security approach. The concept of Zero Trust Architecture (ZTA) emerges as a strategic paradigm with the principle of never trust, always verify, emphasizing multi-layered authentication, micro-segmentation, and end-to-end encryption. ZTA is not only positioned as a technological solution but also as a normative basis to uphold the right to privacy and health as guaranteed by the 1945 Constitution of the Republic of Indonesia, Law No. 17 of 2023 on Health, and Law No. 27 of 2022 on Personal Data Protection.
This research addresses three main issues. First, how ZTA can be constitutionally positioned as a guarantee for privacy and the protection of personal health data in the era of digitalization. Second, whether the implementation of ZTA in EMR transformation can ensure effective legal protection and achieve equitable healthcare services. Third, how the integration of ZTA in EMR can be assessed from the perspective of legal compliance and digital security standards.
The research method applied is normative juridical with a comparative law approach, complemented by an empirical study. Data sources include legislation, academic literature, international standards, as well as official documents from the Ministry of Health and the World Health Organization (WHO). Case studies were conducted at three national referral hospitals Dharmais Cancer Hospital Jakarta, Dr. Cipto Mangunkusumo National General Hospital, and Cicendo Eye Hospital Bandung to examine the extent to which EMR practices align with ZTA principles.
The findings indicate that the implementation of EMR in Indonesia still faces significant obstacles, both technical (interoperability, infrastructure readiness, and cybersecurity) and regulatory (limited technical regulations, weak digital audit mechanisms, and lack of strict sanctions). In contrast, other countries demonstrate notable progress. The United States, through HIPAA, mandates encryption and audit trails for electronic protected health information (ePHI). Singapore, under the PDPA, regulates patient consent and integrates digital authentication via SingPass. Australia, through the My Health Records Act, grants patients the right to opt-in or opt-out and enforces criminal sanctions for violations. Finland, under Findata, establishes a single authority to oversee permissions, access, and utilization of health data, while requiring a Data Protection Impact Assessment (DPIA).
The comparative analysis highlights that ZTA strengthens the confidentiality, integrity, and availability of medical data while enhancing public trust in digital health services. Indonesia must therefore adopt ZTA not merely as a technical instrument but as a progressive legal paradigm aligned with the values of Pancasila’s social justice, human rights principles, and global regulatory standards to achieve digital healthcare services that are safe, inclusive, and equitable.
| Item Type: | Thesis (Doctoral) |
|---|---|
| Uncontrolled Keywords: | Zero Trust Architecture, Rekam Medis Elektronik, Perlindungan Hukum, Keadilan Kesehatan.;Zero Trust Architecture, Electronic Medical Records, Legal Protection, Health Justice. |
| Subjects: | K Law > K Law (General) |
| Divisions: | Fakultas Hukum > 74001 - S3 Hukum |
| Depositing User: | Fakultas Hukum S3 |
| Date Deposited: | 06 Mar 2026 09:16 |
| Last Modified: | 06 Mar 2026 09:16 |
| URI: | http://repository.untagsmg.ac.id/id/eprint/2907 |
Actions (login required)
- View Item