Information Security Evaluation of the Electronic Medical Records System at Sultan Agung Islamic Hospital

Abstract

In the digital era, the use of Electronic Medical Records (EMR) is crucial for improving the effectiveness and accuracy of healthcare services. However, this advancement also brings new challenges related to the security and privacy of patient data. This study aims to evaluate the information security aspects of the EMR at Sultan Agung Islamic Hospital (RSI) Semarang using a Gap Analysis model based on the ISO 27001 standard. The study was conducted using a case study and concurrent mixed methods, involving five key informants, including the head of IT, the head of medical records, and the medical records officer. Data were analyzed using a Gap Analysis checklist and in-depth interviews. The results showed that only 40% of the 108 clauses of the ISO 27001 requirements were met, indicating the need for significant improvements in information security. The implementation of encryption technology, multi-factor authentication, and data security regulations are proposed to provide stronger protection for patient data. This study is expected to increase patient confidence in the privacy of their data and provide a benchmark for other healthcare facilities in managing data securely and efficiently.