Data Privacy Risk Governance in Hospital Management Information System: A Proposed Framework for Hospital in Padang
| Dublin Core | PKP Metadata Items | Metadata for this Document | |
| 1. | Title | Title of document | Data Privacy Risk Governance in Hospital Management Information System: A Proposed Framework for Hospital in Padang |
| 2. | Creator | Author's name, affiliation, country | Muhammad Galing Ganesworo; Institut Teknologi Bandung; Indonesia |
| 2. | Creator | Author's name, affiliation, country | Raden Aswin Rahadi; Institut Teknologi Bandung; Indonesia |
| 3. | Subject | Discipline(s) | |
| 3. | Subject | Keyword(s) | |
| 4. | Description | Abstract | The implementation of Hospital Management Information System (SIMRS) in Indonesia has been mandated by the Ministry of Health to digitize more of their operations and infrastructure including service quality, operational efficiency, and patient care security especially regarding electronic medical records (EMRs) that has indicated the digital transformation in healthcare sector through the integration of information security and data privacy governance that will developed through this study that manage framework of the privacy risk. This study grounded in three essential guiding frameworks which formed as the study's foundation: COSO Enterprise Risk Management (ERM) 2017, ISO/IEC 27701:2019, and Indonesia’s Personal Data Protection (PDP) Law No. 27/2022. Using a qualitative case study approach, data were collected through in-depth interviews with five stakeholders which were then conducted through thematic analysis, which revealed five core themes: (1) Governance and Leadership in Privacy Risk, (2) Privacy Risk Identification and Assessment, (3) Privacy Controls and Operational Safeguards, (4) Monitoring and Incident Management, and (5) Compliance with Legal and Regulatory Requirements. The analysis revealed, fragmented privacy practices, lack of proactive governance, and low awareness of regulatory obligations. In response, this study proposes a phased improvement plan to enhance digital maturity, which includes appointing a Data Protection Officer (DPO), developing privacy SOPs, and conducting required privacy assessments allowing hospitals to enable progressive, track and measurable progress to meet the regulatory expectations. The governance findings model offers a scalable and replicable for hospitals in Indonesia that may facing similar struggling, and it emphasizes the need for data governance model. Ultimately, this framework supports the patient safety, data protection, and sustainable digital health transformation |
| 5. | Publisher | Organizing agency, location | Universitas Bina Sarana Informatika |
| 6. | Contributor | Sponsor(s) | |
| 7. | Date | (YYYY-MM-DD) | 2025-07-31 |
| 8. | Type | Status & genre | Peer-reviewed Article |
| 8. | Type | Type | |
| 9. | Format | File format | |
| 10. | Identifier | Uniform Resource Identifier | https://ejournal.bsi.ac.id/ejurnal/index.php/widyacipta/article/view/26065 |
| 10. | Identifier | Digital Object Identifier (DOI) | https://doi.org/10.31294/widyacipta.v9i2.26065 |
| 11. | Source | Title; vol., no. (year) | Widya Cipta: Jurnal Sekretari dan Manajemen; Vol 9, No 2 (2025): September |
| 12. | Language | English=en | en |
| 13. | Relation | Supp. Files | |
| 14. | Coverage | Geo-spatial location, chronological period, research sample (gender, age, etc.) | |
| 15. | Rights | Copyright and permissions |
Copyright (c) 2025 Muhammad Galing Ganesworo, Raden Aswin Rahadi This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. |