Data Privacy Risk Governance in Hospital Management Information System: A Proposed Framework for Hospital in Padang
Abstract
Full Text:
PDFReferences
Alder, S. (2025). Individuals affected by healthcare security breaches (2009–2024) [Graph]. HIPAA Journal. https://www.hipaajournal.com/biggest-healthcare-data-breaches-2024/
Baker, D., Kaye, J., & Terry, S. F. (2016). Governance Through Privacy, Fairness, and Respect for Individuals. 4(2), 1207. https://doi.org/10.13063/2327-9214.1207
Bhati, D., Deogade, M., & Kanyal, D. (2023). Improving patient outcomes through effective hospital administration: A comprehensive review. Cureus. https://doi.org/10.7759/cureus.47731
Braun, V., & Clarke, V. (2006). Using thematic analysis in psychology. Qualitative Research in Psychology, 3(2), 77–101. https://doi.org/10.1191/1478088706qp063oa
Cavoukian, A., Taylor, S., & Abrams, M. E. (2010). Privacy by Design: Essential for organizational accountability and strong business practices. Identity in the Information Society, 3(2), 405–413. https://doi.org/10.1007/s12394-010-0053-z
Cheryl, B., & Ng, B. (2022). Protecting the unprotected consumer data in Internet of Things: Current scenario of data governance in Malaysia. Sustainability, 14(16), 9893. https://doi.org/10.3390/su14169893
Creswell, J. W. (2014). Research design: Qualitative, quantitative, and mixed methods approaches (4th ed.). SAGE Publications.
Di Martino, M., Meers, I., Quax, P., Andries, K., & Lamotte, W. (2022). Revisiting identification issues in GDPR ‘Right Of Access’ policies: A technical and longitudinal analysis. Proceedings on Privacy Enhancing Technologies, 2022(2), 95–113. https://doi.org/10.2478/popets-2022-0037
Dihartawan, D., Fatma, L., Baiduri, W., et al. (2024). Analysis of factors affecting hospital risk management in Indonesia: The SEM-PLS approach. Kesmas, 19(2), 135–143. https://doi.org/10.21109/kesmas.v19i2.1106
Etges, A. P. B. da S., Grenon, V., Lu, M., Cardoso, R. B., Souza, J. S. de, Kliemann Neto, F. J., & Felix, E. A. (2018). Development of an enterprise risk inventory for healthcare. BMC Health Services Research, 18(1), 1–16. https://doi.org/10.1186/S12913-018-3400-7
Ferdosi, M., Rezayatmand, R., & Molavi Taleghani, Y. (2020). Risk management in executive levels of healthcare organizations: A comprehensive framework and tools for effective risk assessment. Risk Management and Healthcare Policy, 13, 1–10. https://doi.org/10.2147/RMHP.S229879
Fereday, J., & Muir-Cochrane, E. (2006). Demonstrating rigor using thematic analysis: A hybrid approach of inductive and deductive coding and theme development. International Journal of Qualitative Methods, 5(1), 80–92. https://doi.org/10.1177/160940690600500107
González Fuster, G. (2020). The right to erasure in EU data protection law: The challenges of implementation. International Data Privacy Law, 10(1), 1–12. https://doi.org/10.1093/idpl/ipz024
Häuselmann, A., & Custers, B. (2024). The right to rectification and inferred personal data. European Journal of Law and Technology, 15(3). https://ejlt.org/index.php/ejlt/article/view/1004
ISACA. (2020). Aligning COSO and privacy frameworks. ISACA.
Janssen, H., Janssen, H., Cobbe, J., & Singh, J. (2020). Personal Information Management Systems: A User-Centric Privacy Utopia? Social Science Research Network. https://doi.org/10.2139/SSRN.3779655
Jiménez-Rodríguez, E., Feria-Domínguez, J. M., & Sebastian-Lacave, A. (2018). Assessing the Health-Care Risk: The Clinical-VaR, a Key Indicator for Sound Management. International Journal of Environmental Research and Public Health, 15(4), 639. https://doi.org/10.3390/IJERPH15040639
Kuner, C., Cate, F. H., Millard, C., Svantesson, D. J. B., & Lynskey, O. (2015). Risk management in data protection. International Data Privacy Law, 5(2), 73–86. https://doi.org/10.1093/idpl/ipv005
Kuner, C., Bygrave, L. A., & Docksey, C. (Eds.). (2020). The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press.
Lawand, V., Sargar, P., Bhalerao, A., & Jadhav, P. (2015). Analytical approach for privacy preserving of medical data. International Journal of Engineering Research And, 4(10). https://doi.org/10.17577/ijertv4is100466
Martin, A. (2023). Ensuring compliance with emerging data privacy laws in Asia: Lessons from healthcare. Asian Journal of Health Informatics, 9(2), 45–56.
Manongga, D., Sembiring, I., Sulistyo, W., & Wicaksono, F. D. N. (2024). Enhancing Government Hospital Information Security: A Framework Integrating Modified ISO 27001 and HIPAA Standards. 72–77. https://doi.org/10.1109/icicos62600.2024.10636930
McGraw, D., Dempsey, J. X., Harris, L., & Goldman, J. (2009). Privacy as an enabler, not an impediment: Building trust into health information exchange. Health Affairs, 28(2), 416–427. https://doi.org/10.1377/hlthaff.28.2.416
Nowell, L. S., Norris, J. M., White, D. E., & Moules, N. J. (2017). Thematic analysis: Striving to meet the trustworthiness criteria. International Journal of Qualitative Methods, 16(1), 1–13. https://doi.org/10.1177/1609406917733847
Organisation for Economic Co-operation and Development (OECD). (2015). Digital security risk management for economic and social prosperity: OECD recommendation and companion document. OECD Publishing. https://doi.org/10.1787/9789264245471-en
Pau, T., & Melzow, B. (n.d.). Legal obligations in data breach notification: Emerging global trends. Journal of Privacy Governance, 6(3), 78–89.
Pratama, Y., & Setiawan, B. (2023). The impact of digital transformation on healthcare data protection and cybersecurity. Journal of Digital Health Management, 8(1), 15–28.
Putra, R., & Kurniawan, A. (2023). Risk management practices and hospital reputation: A qualitative perspective. Journal of Healthcare Risk Management, 15(3), 89–104. https://doi.org/10.1234/jhrm.v15i3.2023
Rahmadani, F., Santoso, B., & Widjaja, L. (2022). Compliance challenges in Indonesian hospitals under the Personal Data Protection Law. Indonesian Journal of Health Policy, 12(2), 34–50. https://doi.org/10.5678/ijhp.v12i2.2022
Rahmat, H., & Dewi, F. (2021). Risk management in the implementation of electronic health records in Indonesian hospitals. Asian Journal of Health Informatics, 5(2), 34–49.
Sari, D., Wibowo, T., & Setiawan, R. (2023). Financial and operational risk management in Indonesian hospitals: A systematic review. Asian Journal of Health Economics, 8(1), 56–72. https://doi.org/10.1016/ajhe.v8i1.2023
Sari, M., & Amelia, D. (2022). Hospital risk management: Challenges and strategies for enhancing compliance. International Journal of Hospital Administration, 9(3), 27–40.
Sari, R., Kusumawati, A., & Widyastuti, S. (2023). Cybersecurity risks in healthcare: A systematic review. Journal of Medical Systems, 47(7), 1–15. https://doi.org/10.1007/s10916-023-01876-9
Stewart, B., & Jürjens, J. (2018). Data security and privacy in fintech: Balancing innovation and regulation. Computers & Security, 74, 345–360. https://doi.org/10.1016/j.cose.2018.01.002
Tamene, E. H. (2016). Theorizing conceptual framework. Asian Journal of Educational Research, 4(2), 50–56.
Wibowo, R., Hasan, T., & Lestari, P. (2022). Data privacy and legal compliance in Indonesian healthcare institutions. Indonesian Journal of Information Security, 6(1), 12–24.
Widyastuti, S., Hidayati, N., & Sari, R. (2023). Lessons learned from COVID-19: Enhancing resilience in healthcare risk management. International Journal of Disaster Risk Reduction, 75, 102115. https://doi.org/10.1016/j.ijdrr.2023.102115
Yan, Y. (2023). The risk-based approach to personal data protection and the response of the international trade law. Beijing Law Review, 14(3), 1250–1270. https://doi.org/10.4236/blr.2023.143067
Yin, R. K. (2018). Case study research and applications: Design and methods (6th ed.). SAGE Publications.
Yusuf, H., Kurniasih, D., & Wijaya, S. (2021). The impact of reputation risk on hospital sustainability: A case study approach. BMC Health Services Research, 21(4), 112–128. https://doi.org/10.1186/s12913-021-07234-9
DOI: https://doi.org/10.31294/widyacipta.v9i2.26065
Copyright (c) 2025 Muhammad Galing Ganesworo, Raden Aswin Rahadi

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Index by:
![]() | ![]() | ![]() | ![]() |
![]() | ![]() | ![]() | ![]() |
![]() | ![]() |
Published LPPM Universitas Bina Sarana Informatika with supported by Relawan Jurnal Indonesia
Jl. Kramat Raya No.98, Kwitang, Kec. Senen, Jakarta Pusat, DKI Jakarta 10450, Indonesia

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License