JOURNAL LA SOCIALE
VOL. 04, ISSUE 01 (020-025), 2023
DOI:10.37899/journal-la-sociale.v4i1.744

Evaluation of Patient Data Protection in the Implementation of the E-Health
Program in the City of Surabaya
Suci Megawati1, Deby Febriyan Epriliantor1, Muhamad Arif Mahdiannur2, Muhammad Kharis
Fajar3, Rizky Muhammad Sidik3
1

Department of Public Administration, Faculty of Social Sciences and Law, Universitas Negeri
Surabaya, Indonesia
2
Science Education Department, Faculty of Math and Science, Universitas Negeri Surabaya,
Indonesia
3
Sports Coaching Education Department, Faculty of Sports Science, Universitas Negeri
Surabaya, Indonesia
Corresponding Author: Suci Megawati
Email: sucimegawati@unesa.ac.id
Article Info
Article history:
Received 8 December 2022
Received in revised form 30
January 2023
Accepted 9 February 2023
Keywords:
Evaluation
Patient Data Protection
E-Health

Abstract
The city of Surabaya has implemented the e-health program since 2014.
Protection of patient data is the most important aspect in evaluating ehealth health programs. The research objective is to analyze the
evaluation of patient personal data protection in e-health programs. The
research method uses descriptive qualitative with a case study research
strategy. Data collection techniques used a mixed-method approach.
The research results show that the protection of patient data in the
implementation of the E-Health Program in the city of Surabaya is
reviewed from indicators (1). Guarantee of Patient Data Confidentiality
service recipient version; (2). E-Health Application Security; (3). Efforts
to Convince Users in Using E-Health; (4). E-Health Service Application
Security from Irresponsible Parties; (5). Patient Personal Data
Guarantee program implementation version.

Introduction
Health is a fundamental thing that must be realized through guarantees of safe and quality
health care (Ariany & Ningsih, 2020). As an effort to improve the quality of health services,
digital technology is an alternative policy for all countries to encourage the achievement of
welfare and the degree of public health through improving the quality of health services
(Wierda et al., 2018).
One of the most important aspects of implementing a program in the health sector is the
protection of health data and information for service users. Data privacy and protection,
especially for patients, is an important matter for every country to pay attention to because the
health sector is inseparable from potential violations of personal data protection (Wierda et al.,
2018). Moreover, currently patient data is not only used in conventional registration, but uses
information technology assistance to process patient data so that it makes it easier to store,
search, and other needs in making medical decisions (Zakariya, 2021). The State of Indonesia
regulates this in the Regulation of the Minister of Communication and Information No. 20 of
2016 concerning Protection of Personal Data in Electronic Systems (Permenkominfo PDPSE)
which regulates the protection of personal data. Further details regarding patient personal data
that must be kept confidential are also regulated in Article 10 paragraph (1) of Minister of
Health Regulation No. 269/Menkes/Per/III/2008 Concerning Medical Records (Rosadi, 2016).
One of the health programs that has been implemented in Indonesia is the e-health program in
the city of Surabaya. E-health is a health information system that has been directly integrated
20

ISSN 2721-0960 (Print), ISSN 2721-0847 (online)
Copyright © 2023, Journal La Sociale, Under the license CC BY-SA 4.0

with data from the Surabaya City Population and Civil Registry Office which functions to make
it easier for the public to register at health facilities (Prabowo et al., 2020). The Mayor of
Surabaya launched and inaugurated e-health on November 10, 2014. The e-health application
can be accessed by the people of Surabaya City through e-kiosks, websites
(https://ehealth.surabaya.go.id), and also through applications that can be downloaded via
playstore. The e-health program eliminates the physical registration queue system so that
patients can register online to get certainty of service time (Putra & Prabawati, 2019).
The e-health program has seen how other districts or cities can effectively and efficiently utilize
available resources and technology to improve medical processes between organizations and
patients with better quality. However, the service process using the e-health program will
collect a number of patient personal data and raise new legal issues, namely the extent to which
health service providers can protect patient personal data which can be disseminated more
easily through advances in information and communication technology. This research will
examine and describe the evaluation of patient personal data protection in e-health programs
Methods
This research uses a qualitative descriptive approach with a case study research strategy. Data
collection techniques used a mixed-method approach. Questionnaires were distributed to 175
respondents from Surabaya City residents and in-depth interviews with E-Health program
implementers, as well as secondary data through journals, research reports, regulations, and
encyclopedias, both printed and electronic. The data analysis method for this research is
qualitative. Through analysis at the time of data collection, capturing the essence of the
research objectives through the sources that have been collected. Then re-analyze the collected
data as raw data that needs to be identified with each other. This activity includes data
minimization, visualization, validation, and drawing conclusions.
Results and Discussion
As a city that continues to move to provide information technology-based innovations to
facilitate services to its people, Surabaya has an e-health program that has been implemented
since 2014. Protection of patient data is the most important aspect in evaluating e-health health
programs. This can be studied through two classifications, namely from service recipients and
service providers, an explanation of each classification is identified. First, the results of data in
the field by the service recipient community have important aspects that become benchmarks
for evaluation so that it can be stated that patient data is truly protected and e-health is declared
effective. Among them are:
Available
33%

Not
Vailable
67%
Available

Not Vailable

Figure 1. Patient Data Confidentiality Guarantee Diagram

Based on the pictures. 1 in detail shows that in health services using e-health services, the
majority of people/respondents gave no answer as many as 116 respondents or 67%. This is
21

ISSN 2721-0960 (Print), ISSN 2721-0847 (online)
Copyright © 2023, Journal La Sociale, Under the license CC BY-SA 4.0

possible because some respondents have never used/know to use e-health services, so they
provide that answer. Meanwhile, 58 respondents or 33% answered that there was a guarantee
of confidentiality of patient's personal data using e-health services at puskesmas and hospitals
in the city of Surabaya.
Not Safe
8%

Available/Safe
20%

Not
Available/Unkn
own
72%

Figure 2. e-health Application Security Diagram

Based on the pictures. 2 in detail shows that health services use e-health services related to
application security, most of the respondents gave answers that did not know as many as 125
respondents or 72%. This is because the respondents have never/know to use e-health services.
Meanwhile, 35 respondents or 20% answered that e-health service applications were safe to
use, and then 14 respondents or 8% answered that e-health service applications were not safe
or easily hacked by irresponsible parties.
Unknown
10%

Socializing
90%

Figure 3. Diagram of Efforts to Convince Users in Using e-health

Based on the pictures. 3 in detail shows that the majority of respondents do not know the efforts
that have been made to convince users/communities in using e-health services, namely 121
respondents or 70%. Meanwhile, as many as 53 respondents or 30% have given answers to the
efforts that have been made, namely through socialization activities either directly, through
advertisements on TV, through social media, or pamphlets/banners to convince
users/communities in using e-health services at health centers and hospitals in the city of
Surabaya.
In the process of implementing the e-health program, of course there will be obstacles and
obstacles in the implementation of services. The results of the data from respondents' answers
by service users or the public, the answers are collected and it can be summarized that there
22

ISSN 2721-0960 (Print), ISSN 2721-0847 (online)
Copyright © 2023, Journal La Sociale, Under the license CC BY-SA 4.0

are several obstacles related to e-health services at puskesmas and hospitals in the city of
Surabaya. Some of these obstacles and obstacles include a) more complicated services due to
unclear SOPs, b) lack of socialization of e-health services, so that many people do not know
about them, c) people who are still technologically illiterate, and d) limited infrastructure and
internet networks . Through this, respondents submitted suggestions for improvements to
improve e-health applications, as follows: a) service mechanisms were made easier and clearer
(SOP), b) carry out more equitable outreach, c) improve e-health applications more easily and
practical to use, and d) pay more attention to data security. It is hoped that some of these
suggestions for improvement can be considered by related parties for a more optimal
implementation of e-health services at health centers and hospitals in the city of Surabaya.
Second, the results of data in the field by the implementor or service officer. Of course there
are important aspects that become benchmarks for evaluation so that it can be stated that patient
data is truly protected and e-health is declared effective. Among them are:
80
70
60

66,7

50
40
30

33,3

20
10
0
No problem related to hacking

No hacking case

Figure 4. Graph of E-Health Service Application Security from Irresponsible Parties

From the results of the data that has been collected, it shows that 66.7% of e-health services so
far have not had any significant problems, especially problems related to hacking. With the
existence of a cloud computing-based Single Sign On (SSO) system using Security Assertion
Markup Language (SAML) products that connect users with web applications in the form of
portals can help maintain privacy and data integrity. SSO technology itself is an authentic
system for users that can protect against the login process, sending data, and accessing data
(Ramadhani, 2015). So that it can be ensured that patient data can be protected, but attention
to maintaining the security of e-health applications must still be carried out.
100

Available, secured

Figure 5. Graph of Patient Personal Data Guarantee

23

ISSN 2721-0960 (Print), ISSN 2721-0847 (online)
Copyright © 2023, Journal La Sociale, Under the license CC BY-SA 4.0

From the results of the data that has been collected, it shows that the implementor guarantees
that patient's personal data can be protected by 100%.
Through these 2 graphs, the form of duties and functions carried out by officers in the mass
operation of e-health is in the form of program socialization efforts so that the program is
conveyed and utilized evenly among the public. In more detail, the following is attached: there
is socialization, intensified through the media in the form of brochures and communication
between individuals. Furthermore, 33.3% of the socialization distribution was carried out in
various health centers in the city of Surabaya directly when there were people or users who
needed information. In addition to the scope of the puskesmas, the Surabaya City Government
conducts outreach outside the scope of the puskesmas covering each village, local schools and
social media that utilizes WhatsApp and Instagram applications. Furthermore, 66.7% indicated
that outreach was carried out through the posyandu in the sub-district or village or directly at
the health facility before or when the patient arrived at the puskesmas. Socialization is carried
out by medical records at certain hours when patients arrive or are waiting for an examination
at the puskesmas so that socialization information can be received evenly. However,
socialization regarding e-health to the community encountered obstacles, namely the lack of
understanding of the community from the time the socialization was delivered, this was due to
human resources or the community being less information literate so that the target of
socialization was diverted to young people who could understand technology. Apart from that,
there are obstacles and other obstacles that until now have become a problem. The service
officer as a respondent, mentioned. Barriers and constraints include: data shows that 33.3% of
e-health service targets can be delivered correctly. The results of the study show that in the
implementation of the e-health program there are obstacles and obstacles encountered by the
implementor including, (1) the e-health website or application does not work as the
implementor wants, causing duplicate data from several employee identities or data can be lost
suddenly . Even the BPJS submission data can be lost when the website or application has an
error so that the officer cannot follow up and needs to be re-submitted. Second, externally,
namely, (2) the internet network used is not stable, and (3) lack of public awareness regarding
service serial numbers that are not on schedule from the application.
In carrying out the e-health program, the Surabaya city government provides budgetary
capacity, manpower or human resources, and infrastructure or facilities. This has an impact on
the high rate of usefulness, effectiveness and efficiency of the e-health program in providing
services which reaches 66.7%. However, suggestions in terms of coordination regarding the
provision of complete infrastructure and care to support the e-health program need attention
Conclusion
The Patient Data Protection System in the Implementation of the E-Health Program in the City
of Surabaya is reviewed from indicator (1). Patient Data Confidentiality Guarantee according
to service recipient version that 67% or 116 respondents out of 175 respondents did not know
for certain about patient data confidentiality guarantees; (2). E-Health Application Security that
most of the respondents gave answers that they did not know as many as 125 respondents or
72% of the 175 respondents. This is because the respondents have never/know to use e-health
services (3). Efforts to Convince Users in Using E-Health, it can be concluded that program
implementers are trying to socialize the use of E-Health with complete information; (4).
Security of E-Health Service Applications from Irresponsible Parties; (5). Patient Personal
Data Guarantee program implementing version that the e-health program guarantees patient
personal data according to applicable regulations.

24

ISSN 2721-0960 (Print), ISSN 2721-0847 (online)
Copyright © 2023, Journal La Sociale, Under the license CC BY-SA 4.0

References
Ariany, F., & Ningsih, M. (2020). Perlindungan Hukum Terhadap Identitas Pasien Covid
19. Jurnal Sangkareang Mataram, 6(2), 61-64.
Prabowo, S. A., Rizky, M., & Mashuri, M. A. (2020). Implementasi E-Health Sebagai
Alternatif Antrian Online di Puskesmas Kalirungkut Kota Surabaya. Jurnal Syntax
Transformation, 1(02), 66-73.
Putra, F. E. S., & Prabawati, I. (2019). Evaluasi Aplikasi e-Health di Puskesmas Jagir Kota
Surabaya. Publika, 7(8).
Ramadhani, E. (2015). Desain E-Health: Sistem Keamanan Aplikasi E-health Berbasis Cloud
Computing Menggunakan Metode Single Sign On. In Seminar Nasional Informatika
Medis (SNIMed) (pp. 50-57)
Rosadi, S. D. (2016). Implikasi Penerapan Program E-Health Dihubungkan Dengan
Perlindungan Data Pribadi. Arena Hukum, 9(3), 403-420.
Wierda, E., Eindhoven, D. C., Schalij, M. J., Borleffs, C. J. W., Amoroso, G., Van Veghel, D.,
... & Ploem, M. C. (2018). Privacy of patient data in quality-of-care registries in
cardiology and cardiothoracic surgery: the impact of the new general data protection
regulation EU-law. European Heart Journal-Quality of Care and Clinical
Outcomes, 4(4), 239-245.
Zakariya, R. (2021). Langkah Penguatan Perlindungan Data Diri Pasien di Indonesia,”
Heylaw.edu.

25

ISSN 2721-0960 (Print), ISSN 2721-0847 (online)
Copyright © 2023, Journal La Sociale, Under the license CC BY-SA 4.0