Legal Protection for The Use of Patient Personal Data at Prof. Dr. Chairuddin P. Lubis Hospital, University of North Sumatra, Based on Law Number 27 of 2022 Concerning Personal Data Protection
DOI:
https://doi.org/10.62612/ijelass.v4i1.71Keywords:
Personal Data Protection, Legal Certainty Teaching, Hospital Electronic Medical, Records Patient RightsAbstract
The protection of patients’ personal data constitutes a fundamental privacy right guaranteed under the rule of law. The digital transformation in healthcare services, particularly through electronic medical records in teaching hospitals, increases the risk of improper use of personal data. Law Number 27 of 2022 on Personal Data Protection provides a comprehensive legal framework regulating the classification of health data, principles of data processing, data subject rights, and the obligations of data controllers. This study analyzes the legal regulation, factors influencing the use of patients’ personal data, and the legal certainty of its implementation at Prof. Dr. Chairuddin P. Lubis Hospital, Universitas Sumatera Utara. Employing a normative–empirical approach, data were collected through statutory review, relevant legal literature, and interviews with the Head of Medical Records, physicians, and nurses, and were analyzed qualitatively. Findings indicate that while the normative framework is clear, implementation is affected by structural, technical, and cultural factors, rendering legal certainty still at the normative-administrative stage. Strengthening institutional governance, updating internal policies, implementing granular access controls, and enhancing legal literacy among healthcare staff are necessary to ensure effective protection of patients’ rights.
References
Astuti, B., & Daud, M. R. (2023). Kepastian Hukum Pengaturan Transportasi Online. Al-Qisth Law Review, 6(2), 205. https://doi.org/10.24853/al-qisth.6.2.205-244
Friedman, A. B., Merchant, R. M., Maley, A., Farhat, K., Smith, K., Felkins, J., Gonzales, R. E., Bauer, L., & McCoy, M. S. (2023). Widespread Third-Party Tracking On Hospital Websites Poses Privacy Risks For Patients And Legal Liability For Hospitals. Health Affairs, 42(4), 508–515. https://doi.org/10.1377/hlthaff.2022.01205
Indonesia, R. (2022). Undang-Undang Republik Indonesia Nomor 27 Tahun 2022 tentang Pelindungan Data Pribadi. https://peraturan.bpk.go.id/Details/229798/uu-no-27-tahun-2022
Kartika, R. W., Nasser, M., & Suswantoro, T. A. (2025). Analisis Yuridis terhadap Perlindungan Privasi Pasien dalam Era Digital: Studi Kasus Aplikasi Satu Sehat. Jurnal Ilmu Hukum, Humaniora Dan Politik, 6(1), 1–8. https://doi.org/10.38035/jihhp.v6i1.5874
Kriswandaru, A. S., Pratiwi, B., & Suwardi, S. (2024). Efektivitas Kebijakan Perlindungan Data Pribadi di Indonesia: Analisis Hukum Perdata dengan Pendekatan Studi Kasus. Hakim: Jurnal Ilmu Hukum Dan Sosial, 2(4), 740–756. https://doi.org/10.51903/hakim.v2i4.2157
Lisa, M., Haskar, E., & Chofa, F. (2026). Tinjauan Yuridis Perlindungan Hukum Masyarakat Adat Dalam Pelaksanaan Proyek Strategis Nasional. RIGGS: Journal of Artificial Intelligence and Digital Business, 5(1), 5208–5217. https://doi.org/10.31004/riggs.v5i1.6890
Nugroho, S. S., Haryani, A. T., & Farkhani, F. (2020). Metodologi Riset Hukum. Oase Pustaka.
Palanichamy, A., & Dhandapani, S. (2025). Data Security Challenges In Hospitals: A Survey on Cyber Security Issues In HealthCare Sector and Their Applications. https://doi.org/10.21203/rs.3.rs-7238646/v1
Panggabean, M. V., & Fitria, A. (2025). Perlindungan Hukun Data Pribadi di Indonesia (Kasus Kebocoran Badan Penyelengara Jaminan Sosial Kesehatan). Arus Jurnal Sosial Dan Humaniora, 5(2), 1958–1965. https://doi.org/10.57250/ajsh.v5i2.1487
Peraturan Menteri Kesehatan Nomor 24 Tahun 2022 Tentang Rekam Medis (2022). https://peraturan.bpk.go.id/Details/245544/permenkes-no-24-tahun-2022
Prananda, R. R. (2020). Batasan Hukum Keterbukaan Data Medis Pasien Pengidap Covid-19: Perlindungan Privasi VS Transparansi Informasi Publik. Law, Development and Justice Review, 3(1), 142–168. https://doi.org/10.14710/ldjr.v3i1.8000
Prisusanti, R. D., Rusfadir, A., & Reliubun, N. M. S. (2024). Examine the Obstacles to RME Implementation with the PIECES Method Based on the User’s Perspective. Formosa Journal of Multidisciplinary Research, 3(8), 3009–3016. https://doi.org/10.55927/fjmr.v3i8.10528
Putri, P. A. A. A., & Sanjaya, D. B. S. (2025). Analisis Yuridis Unsur “Tanpa Persetujuan” Terhadap Kepastian Hukum dalam UU TPKS. Jurnal Pengabdian Masyarakat Dan Riset Pendidikan, 4(2), 9966–9973. https://doi.org/10.31004/jerkin.v4i2.3395
Rahmawati, D., & Mokodompit, E. A. (2025). Analisis Literatur Review: Diversifikasi Pelayanan Kesehatan melalui Integrasi Teknologi Digital dan Dampaknya pada Pelayanan Kesehatan. RIGGS: Journal of Artificial Intelligence and Digital Business, 4(4), 7332–7340. https://doi.org/10.31004/riggs.v4i4.4795
Rasyad, M. F., & Lubis, R. L. (2025). Hospital Patient Data Security Evaluation to Achieve SDGs 3.8.1 “Good Health and Wellbeing.” Enrichment: Journal of Multidisciplinary Research and Development, 2(12). https://doi.org/10.55324/enrichment.v2i12.326
Rivantoro, R., & Asri, D. P. B. (2026). Tanggung Jawab Hukum Korporasi Atas Kebocoran Data Peserta BPJS Kesehatan Berdasarkan UU No. 27 Tahun 2022. Jurnal Pengabdian Masyarakat Dan Riset Pendidikan, 4(3), 16034–16040. https://doi.org/10.31004/jerkin.v4i3.4575
Septiani Santoso, F., Ramadhani, P. A., Amnamuchlisah, D., & Purba, S. H. (2025). Transformasi Digital Dalam Sektor Kesehatan Kajian Literatur Untuk Mendukung Inovasi dan Efisiensi Layanan Kesehatan. Cindoku : Jurnal Keperawatan Dan Ilmu Kesehatan, 2(1), 1–12. https://doi.org/10.61492/cindoku.v2i1.240
Setya, C. A. P., Kholib, A., & Prasetyo, H. (2024). Protection And Legal Responsibility For Bpjs Patient Medical Records In The Perspective Of Legal Certainty. Jurnal Ekonomi Teknologi Dan Bisnis (JETBIS), 3(3), 667–674. https://doi.org/10.57185/jetbis.v3i3.94
Siladani Fatuhu, M., Yanti, N. K. W., Septiana, A. P., & Khairani, F. (2025). Tinjauan Keamanan Data Rekam Medis Elektronik Pasien di RSUD Patut Patuh Patju Gerung Lombok Barat. Jurnal Kesehatan Qamarul Huda, 13(2), 179–185. https://doi.org/10.37824/jkqh.v13i2.2025.1126
Siregar, R. A., & Sinaga, H. S. R. (2025). Aspek Hukum Perlindungan Data Pasien Dalam Penyelenggaraan Rekam Medis Elektronik di Indonesia. Jurnal Hukum To-Ra : Hukum Untuk Mengatur Dan Melindungi Masyarakat, 11(1), 106–116. https://doi.org/10.55809/tora.v11i1.433
Tampubolon, E. T. F., Putera, A. P., & Huda, M. K. (2024). Pertanggungjawaban Hukum Rumah Sakit Terkait Kebocoran Data Pribadi Pasien Berdasarkan Peraturan Perundang-Undangan. Syntax Idea, 6(3), 1388–1402. https://doi.org/10.46799/syntax-idea.v6i3.3121
Tazi, F., Nandakumar, A., Dykstra, J., Rajivan, P., & Das, S. (2024). SoK: Analyzing Privacy and Security of Healthcare Data from the User Perspective. ACM Transactions on Computing for Healthcare, 5(2), 1–31. https://doi.org/10.1145/3650116
Tuna, P. R. A. Y., & Juarsa, E. (2024). Pertanggung Jawaban Tindak Pidana Peretasan Data Pribadi Nasabah BPJS Kesehatan Ditinjau dari Undang-Undang Nomor 27 Tahun 2022 tentang Perlindungan Data Pribadi. Bandung Conference Series: Law Studies, 4(1), 408–413. https://doi.org/10.29313/bcsls.v4i1.9892
USU. (2026). Rumah Sakit Prof. Dr. Chairuddin P. Lubis Universitas Sumatera Utara. https://rumahsakit.usu.ac.id/id
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Alfred Johnatan Panjaitan

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.







