Analysis of Electronic Medical Records Data Security: Case Study in Citra Husada Sigli Hospital

Abstract

In health services, electronic medical record (E-MR) stands as tool to accelerate the provision of services to patients. However, patient’s medical record data must be kept secure, especially because it is easily hacked by unauthorized parties. This study aims to analyze the security of E-MR data at Citra Husada Hospital and identify risks that can occur. This study uses a qualitative survey with a case study design with 10 respondents that were selected by purposive sampling. The aspects of patient’s E-MR data security studied were confidentiality, integrity, authentication, availability, access control and non-repudiation. The security of E-RM data is generally good in confidentiality, authentication, availability, access control, and non-repudiation. However, some areas need improvement. While login requires a username and password, the password complexity is weak. Integrity is inadequate due to the lack of an SOP for data changes. Authentication includes digital signature related to encrypted username and password but lacks a certified electronic signature. The system is accessible only within the hospital’s intranet, ensuring availability. Access rights are well-structured. A track record ensures non-repudiation. The highest risk is unauthorized changes to patient data, highlighting the need for stronger risk management measures.

Ähnliche Arbeiten