optimal public health status. The hospital is an organization or business entity in the health
sector that has an important role in realizing optimal public health status(Arifin, 2016). A
hospital is required to be able to manage its activities by prioritizing the responsibilities of
professionals in the health sector, specifically medical personnel and nursing personnel in
carrying out their duties and authorities(Wahyudi, 2011).
Article 296 Paragraph (1) of Law Number 17 of 2023 Concerning Health states that every
medical and health worker who provides individual health services is obliged to make medical
record data. Thus, hospitals and their components have an obligation to make documented
records about patients called medical records in the delivery of health services. Medical records
have a significant impact on the quality of service to patients. In addition, medical records can
be a documentation tool regarding all events related to patients while in health facility services,
and make a communication medium between health workers in supporting the importance of
health services today and in the future(Ohoiwutun, 2007).
Medical records include a variety of information, both recorded in writing and recorded
relating to patient identity, history taking, physical examination, laboratory results, diagnoses,
and all types of medical services and actions obtained by patients, both inpatient, outpatient,
and emergency services. Medical records are documents that contain records regarding patient
identity, examination, treatment, actions, and other services that have been provided to patients
(Sugiarti, 2020).
Health insurance is inseparable from social insurance. Referring to existing regulations,
Law No. 40 of 2004 concerning the National Social Security System and Law No. 24 of 2011
concerning the Social Security Organizing Agency are the basis for the implementation of
health social security under the sole control of BPJS Kesehatan. In terms of the implementation
of health social security, the Indonesian government organizes the National Health Insurance
(JKN) as a form of health insurance for every citizen. In line with this, JKN organized by the
BPJS Health Agency invites the public to actively participate in the Health Insurance program.
Although the explanation of the contents of medical records may only be carried out by
all parties involved in health services at Health Care Facilities even though the patient has
passed away as stated in Article 32 Paragraph (1) of the Minister of Health Regulation Number
24 of 2022 concerning Medical Records. However, this phase can open up space for the
practice of misuse of medical record data.
In 2021, there was a data leak from BPJS Health membership patients, where there were
279 million records of BPJS Health patient personal data information spread and traded on
Raid Forums. Dedy Permadi as a representative of the Ministry of Communication and
Information revealed that an assessment of the leaked data sample had been carried out and it
had been confirmed that the scattered personal information was thought to have come from
BPJS Health data. Dedy also mentioned that the claim was even more convincing after seeing
various information scattered, including BPJS participant card numbers, BPJS office codes,
family information, dependents covered by health insurance, and payment status (Kebocoran
Data Pribadi, BPJS Kesehatan Bakal Digudat, 2023).
Based on the above case, several times there have been frequent leaks of patient medical
record data so it requires more attention related to the personal data owned by patients in the
medical record. Any health data recorded or recorded in medical records is confidential and if