Article Details
Vol. 4 No. 2 (2026): Mei
Data Security in Electronic Health Information Systems: A Mixed-Methods Analysis of Indonesian Hospital Practices
Purpose: Electronic Health Information Systems (EHIS) are widely adopted in Indonesian hospitals, but this has introduced significant data security challenges. This study assesses EHIS data security implementation, identifies systemic vulnerabilities, and offers evidence-based improvement recommendations.
Research Methodology: A mixed-methods design was employed, combining surveys, interviews, and document analysis. Data were triangulated using the Electronic Health Information Systems (EHIS) security frameworks: the CIA Triad (Confidentiality, Integrity, and Availability), ISO/IEC 27001, and the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
Results: Four key security gaps were identified: awareness training (70% aware, 45% trained), policy compliance (85% have policies, 60% implement encryption), high incident rates (65%, mainly unauthorised access and malware), and low technology adoption (50% encryption use, 35% multi-factor authentication).
Conclusions: Indonesian EHIS security shows policy compliance gaps. Priorities include multi-factor authentication, encryption, staff training, and audits, supported by ISO/IEC 27001 and Minister of Health Regulation (PMK) No. 24/2022.
Limitations: The case study sample may not represent all Indonesian hospitals, access to internal security incident data was limited, and quantitative results are descriptive rather than inferential.
Contributions: This study analyzes EHIS data security in Indonesia using survey data and international frameworks to provide evidence based recommendations.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.