JISTED

Article Details

Vol. 4 No. 2 (2026): Mei

Articles

Data Security in Electronic Health Information Systems: A Mixed-Methods Analysis of Indonesian Hospital Practices

A Adi Ahmad A Alfina Alfina
Abstract
03 May 2026

Purpose: Electronic Health Information Systems (EHIS) are widely adopted in Indonesian hospitals, but this has introduced significant data security challenges. This study assesses EHIS data security implementation, identifies systemic vulnerabilities, and offers evidence-based improvement recommendations.
Research Methodology: A mixed-methods design was employed, combining surveys, interviews, and document analysis. Data were triangulated using the Electronic Health Information Systems (EHIS) security frameworks: the CIA Triad (Confidentiality, Integrity, and Availability), ISO/IEC 27001, and the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
Results: Four key security gaps were identified: awareness training (70% aware, 45% trained), policy compliance (85% have policies, 60% implement encryption), high incident rates (65%, mainly unauthorised access and malware), and low technology adoption (50% encryption use, 35% multi-factor authentication).

Conclusions: Indonesian EHIS security shows policy compliance gaps. Priorities include multi-factor authentication, encryption, staff training, and audits, supported by ISO/IEC 27001 and Minister of Health Regulation (PMK) No. 24/2022.
Limitations: The case study sample may not represent all Indonesian hospitals, access to internal security incident data was limited, and quantitative results are descriptive rather than inferential.
Contributions: This study analyzes EHIS data security in Indonesia using survey data and international frameworks to provide evidence based recommendations.

Keywords: Cybersecurity Data Security Electronic Health Information Systems Healthcare ISO/IEC 27001
How to Cite
Ahmad, A. ., & Alfina, A. . (2026). Data Security in Electronic Health Information Systems: A Mixed-Methods Analysis of Indonesian Hospital Practices. Jurnal Ilmu Siber Dan Teknologi Digital, 4(2), 21–33. https://doi.org/10.35912/jisted.v4i2.6893
License & Copyright