p–ISSN: 2723 - 6609 e-ISSN: 2745-5254
Vol. 5, No. 6 Juny 2024 http://jist.publikasiindonesia.id/
Jurnal Indonesia Sosial Teknologi, Vol. 5, No. 6, Juny 2024 2795
Perception and Practices of Health Data Privacy Protection
among Consumers: An Empirical Study in One of Indonesia's
Major Cities
Joni Yusufa
1*
, Dede Hermawan
2
, Pradita Wuri Safitri
3
, Ananda Sujati
4
, Yuyut
Prayuti
5
, Arman Lany
6
Universitas Islam Nusantara, Indonesia
Email: [email protected]
1*
2
,
3
4
5
,
arman_lany@yahoo
6
.
*Correspondence
ABSTRACT
Keywords: Perception,
Practice, Protection,
Health Data Privacy.
Online information exchange has become commonplace in
today's digital era, especially in the health sector. However,
this also raises concerns regarding personal data privacy,
especially health data. This study analyses consumers'
perceptions and practices of health data privacy protection.
The empirical method is used in this research. The data
collection techniques used were literature studies, direct
observation, and interviews. After the data is obtained, it is
analyzed through the stages of reduction, presentation of
data, and conclusion. The results showed that consumers in
Jakarta have a high level of perception of the importance of
health data privacy; consumers understand that health data is
sensitive information that needs to be protected. The law
regarding the protection of consumer health data privacy in
Indonesia is Law No. 27 of 2022 concerning Personal Data
Protection. Practices in carrying out the personal data
protection function by officers involve providing
information and consultation to those in control of personal
data to ensure compliance with the Personal Data Protection
Law, monitoring to ensure that the rules applied by those in
control of individual data are by the provisions of the
applicable requirements, providing advice regarding the
impact of personal data protection as well as monitoring the
performance of individual data controllers and coordinating
and taking action on issues related to activities in processing
personal data.
Introduction
In today's digital era, online use and exchange of information have become
commonplace, especially in the health sector. Information and communication
technology development has made it possible for healthcare professionals and patients to
Joni Yusufa, Dede Hermawan, Pradita Wuri Safitri, Ananda Sujati, Yuyut Prayuti, Arman Lany
Jurnal Indonesia Sosial Teknologi, Vol. 5, No. 6, Juny 2024 2796
access and share medical information quickly and efficiently through online platforms.
This allows for adopting a more effective and responsive healthcare system to the
community's needs and facilitating collaboration between medical personnel in diagnosis,
treatment, and disease management (Herryani & Njoto, 2022). However, along with the
ease of access to information, various challenges related to health data privacy and
security must be overcome with appropriate policies and technology.
The difficulty in dealing with consumer data leakage is due to security issues in the
systems that allow unauthorized access to sensitive medical information. The need for
more awareness about the importance of protecting personal data is a difficulty that must
be faced, especially because various health histories are included in very specific and
sensitive data categories. According to Director General Semuel, data owners and
controllers must be aware of the need to protect data privacy. In addition, the management
and implementation of personal data protection still need to be improved, which is
becoming another challenge that needs to be resolved. The rapid development of wearable
devices and health apps also introduces new challenges, given the involvement of
personal data in the platform. Finally, balancing the public interest in accessing health
information and protecting individual personal data is challenging. In addition, it is
important to align the function of protecting individual data with medical ethics principles
in the health sector.
In the spirit of the preamble to the 1945 Constitution of the Republic of Indonesia
(1945 Constitution), the Government of Indonesia has a great need to protect the
constitutional rights of citizens to improve overall welfare, contribute to educating the
nation's life, and play a role in realizing a world order based on social justice as stated in
the 5th precept and independence. In the development of innovation, this goal is translated
to protect the privacy of every Indonesian individual during activities. Thus, the
Government is responsible for ensuring that every step of technological innovation and
development is carried out by paying attention to and respecting the privacy rights of
citizens, thus creating a safe and fair environment for everyone to participate in social,
economic, and cultural activities (Joestiawan, Dewa, & Mayasari, 2021).
Previous research (Indriani, 2017) shows that the development of e-commerce in
Indonesia has made significant progress. The government, at least, has encouraged the
birth of new startups with various programs, including the 1000 Technopreneur program
and other initiatives. However, this success has yet to be achieved well because no law
adequately protects it, especially regarding customer privacy rights. The relevant
regulations are Law No. 11 of 2008 concerning ITE and Government Regulation No. 28
of 2012 concerning the Implementation of Electronic Systems and Transactions. With
these two regulations, the Ministry of Communication and Information Technology can
collect various data for e-commerce business owners with various profiling and report
databases to protect against fraudulent actions by several irresponsible individuals.
Another study (Heryani & Njoto, 2022) found that adjudication and consensus
processes can carry out data privacy breaches. Consumers can file a civil lawsuit
regarding the provisions protecting victims of privacy violations under Indonesian laws,
Perception and Practices of Health Data Privacy Protection among Consumers: An Empirical
Study in One of Indonesia's Major Cities
Jurnal Indonesia Sosial Teknologi, Vol. 5, No. 6, Juny 2024 2797
such as the ITE Law and the Law on the Implementation of Electronic Systems and
Transactions. This means that the legal process allows for a compensation claim. The
demand for personal data violations is civil and has a wider scope. Therefore, a broader
law for violating the right to privacy is also needed.
The novelty of this research comes from the research object, namely the perception
and practice of health data privacy protection among consumers, which has never been
studied before. This research contributes to a further understanding of the perception and
practices of health data privacy protection in the beauty clinic sector in Jakarta. Its
theoretical implications include the development of theories and frameworks that can be
used to analyze health data privacy issues in the context of beauty clinics. This study
explores consumers' perceptions and practices of health data privacy protection.
Method
Empirical legal methods are used in this study. Empirical legal research is a type of
research involving law, with the data used being primary data obtained directly. Empirical
research prioritizes facts obtained directly based on observation results (Lodang, Dima,
& Kian, 2024). The data collection technique is carried out by literature study,
observation, and direct interviews. The case study is based on a beauty clinic in Jakarta.
After the data is obtained, it is analyzed through the reduction stages, data presentation,
and conclusion.
Results and Discussion
The importance of health data privacy is closely related to the human rights of
individuals to maintain the confidentiality of their medical information. Health data often
includes highly sensitive information, such as disease history, medical test results, and
mental health conditions. Protecting the privacy of health data is important because it
helps maintain trust between patients and healthcare providers. Patients may become
reluctant to share important information about their health without adequate privacy,
which can hinder proper diagnosis and effective treatment. Additionally, with more
healthcare adopting digital technologies, such as electronic medical records, it is
important to ensure that healthcare data remains safe from the threat of hacking and
misuse.
Health data protection also has a broader impact in the context of public health and
medical research. Health data collected from populations can provide valuable insights
into health trends, diseases that are spreading, and responses to medical interventions.
However, to take advantage of this potential information, it is important to maintain health
data privacy. By securing the confidentiality of health data, we can encourage greater
participation in medical research and public health programs without sacrificing
individual trust or privacy. This helps ensure that healthcare innovation is supported by
strong ethics and integrity, strengthening the foundation for progress in healthcare.
Consumers see consent as a form of privacy protection. The crucial role of consent
is to demonstrate the value of consumers in maintaining the policies provided and the
Joni Yusufa, Dede Hermawan, Pradita Wuri Safitri, Ananda Sujati, Yuyut Prayuti, Arman Lany
Jurnal Indonesia Sosial Teknologi, Vol. 5, No. 6, Juny 2024 2798
skills in selecting the data to be used. Everything done illegally, such as deleting data and
transparency, is related to data sharing. While there is no protection without permission,
it is just as important as consent. This shows that the combination of consent and
additional permissionless protections can increase consumer benefits and encourage them
to be more willing to share data (Gupta et al., 2023). Data is personal data that must be
guaranteed confidentiality if it relates to an individual because it can identify the
individual as the owner of the data (Medlimo, Septania, Hapsari, Zuleika, & Agustin,
2022).
In the constitution of the State of Indonesia, it has been stipulated that all citizens
have the right to individual protection, which is one of the constitutional rights. This is
stated in Article 28G paragraph (1) of the 1945 Constitution of the Republic of Indonesia
(1945 Constitution). The article states that every individual has the right to personal
protection, feel safe, and be protected from the threat of fear (Ravlindo & Gunadi, 2021).
Protecting personal data rights is the same as protecting the right to freedom of speech.
So, the right to privacy also guarantees protection against various threats of fear of doing
or not doing because it is included in human rights.
Some of the reasons the right to privacy needs to be protected are: first, to foster a
network between one individual and another, an individual does not have to open his
entire personal life to the point that the individual can maintain his position in a certain
position. Two, individuals need time to be alone at some point, so privacy is sometimes
necessary. Third, privacy is a right to oneself and has nothing to do with others. However,
this right will only be recovered if the individual shares various private things with the
general public. Fourth, privacy includes the right of individuals to build internal
relationships such as fostering marriage, family, and close individuals who can know
about these private matters. Fifth, privacy must be protected by law because the losses
obtained are difficult to assess (Kusnadi, 2021).
According to the Regulation of the Minister of Communication and Information
Technology Number 20 of 2016 concerning the Protection of Personal Data in Electronic
Systems, it is explained that personal data has a special meaning of information about
important individuals, so it is necessary to protect and give confidential data protection.
The types of personal data are divided into two: general and special. General personal
data includes information such as name, date of birth, occupation, and other personal
information. The personal data includes disease history, education, financial information,
race/ethnicity, sexual preferences, political views, family information, crime data, and
others (Karu & Febriansyah, 2024). Privacy is an individual freedom. Privacy is in every
individual, and it is important to respect it (Yel & Nasution, 2022). The importance of
protecting human rights and privacy is found in:
1. Universal Declaration of Human Rights, 1948;
2. Law No. 12 of 2005 concerning the Ratification of the International Covenant on Civil
and Political Rights;
3. Law No. 36 of 2009 concerning Health regulates the confidentiality of patients'
conditions;
Perception and Practices of Health Data Privacy Protection among Consumers: An Empirical
Study in One of Indonesia's Major Cities
Jurnal Indonesia Sosial Teknologi, Vol. 5, No. 6, Juny 2024 2799
4. Law No. 10 of 1998 concerning Banking regulates personal data regarding depositors
and depositors.
Government Regulation Number 71 of 2019 concerning the Implementation of
Electronic Systems and Transactions Article 1 Number 29 states that personal data is a
specific individual profile that can be identified with other information conventionally or
electronically (Meher, Sidi, & Risdawati, 2023). Then, the Draft Ministerial Regulation
on Personal Data Protection, which was passed based on Government Regulation Number
82 of 2012, along with the Draft Law on Personal Data Protection, is the government's
effort to respond to public needs related to consumer privacy protection (Indriyani et al.,
2017).
Personal data from the beauty clinic is included in the health data. Health data
provides sensitive and specific information such as health test results, disease conditions,
and other information that requires special protection. Protecting patients' data as
consumers is important because individual data concerns all information in it. This is
regulated in Law No. 29 of 2004 concerning Medical Practice. Then, Law No. 36 of 2009
concerning Health, and Law No. 44 of 2009 concerning Hospitals. In the digital realm,
personal data protection is protected by Law No. 19 of 2016 concerning Amendments to
Law No. 11 of 2008 concerning Electronic Information and Transactions (Faiqy,
Damargara, Alhidayah, & Maulana, 2022).
The confidentiality of patient information is related to Law No. 14 of 2008
concerning Public Information Disclosure. The law that protects the confidentiality of
personal data is contained in Article 29 g of the 1945 Constitution, which states that every
individual has the right to defend themselves, their closest people, or their property, as
well as a sense of security from various actions (Simamora, 2022).
Article 5 paragraph (1) of the Regulation of the Minister of Health of the Republic
of Indonesia Number 269/MENKES/PER/III/2008 mandates that doctors or dentists who
practice must provide medical record facilities as one of the health services offered.
Furthermore, Article 6 of the Regulation of the Minister of Health of the Republic of
Indonesia Number 269/MENKES/PER/III/2008 concerning Medical Records stipulates
that certain doctors, dentists, and health workers have responsibility for the records and
documents made in the medical records. The health worker responsible for the medical
records and documents is known as a medical recorder. Medical recorders are included
in the medical, technical health workers category as regulated in paragraph (1) letter j of
Law Number 36 of 2014 concerning Health Workers (Ramadhani, Alwiya, & Afwa,
2021).
In the world of health, there are medical records. A medical record is one of the
facilities in health services that contains patient information as a consumer. Medical
records contain important things, so their confidentiality needs to be maintained by all
parties in the implementation of health services. Medical records are required for review
in implementing health practices or legal aspects (Novita & Lubis, 2022).
The perception of consumers or patients of beauty clinics in Jakarta towards the
confidentiality of personal data is quite good because awareness of the importance of
Joni Yusufa, Dede Hermawan, Pradita Wuri Safitri, Ananda Sujati, Yuyut Prayuti, Arman Lany
Jurnal Indonesia Sosial Teknologi, Vol. 5, No. 6, Juny 2024 2800
personal information privacy has increased in this digital era. Many beauty clinics have
introduced clear privacy and data security policies to consumers, and they often provide
transparent explanations of how personal data will be used and protected. However, while
awareness of the importance of privacy has increased, the implementation of appropriate
data protection has only sometimes been adequate. Many beauty clinics may still face
challenges in implementing strict data security standards and ensuring that consumers'
personal information is guaranteed safe from cyber threats or internal abuse.
Further efforts are needed on the part of beauty clinics to improve their compliance
with data privacy regulations and to increase transparency to consumers about how their
data will be managed. In addition, continuous education about consumer rights related to
data privacy is also key. Beauty clinics need to ensure that their staff is well-trained in
managing and protecting consumers' data and are prepared for data security challenges
that may arise in the future. Thus, with the joint efforts between beauty clinics and
consumers, the security level and data privacy awareness can be significantly improved.
Conclusion
Consumers in Jakarta are highly aware of the importance of health data privacy,
realizing that health information is a sensitive matter that must be properly protected. In
Indonesia, regulations governing the protection of consumer health data privacy are listed
in Law No. 27 of 2022 concerning Personal Data Protection. In practice, officers
protecting personal data involve several steps, such as providing information and
consultation to personal data controllers or personal data processors to ensure compliance
with applicable laws. Furthermore, they also monitor the implementation of rules by
personal data controllers or personal data processors to ensure compliance with applicable
legal provisions. In addition, they advise on the impact of personal data protection and
supervise the performance of personal data controllers and processors. Finally, they are
responsible for coordinating and mediating in resolving issues related to activities in
processing personal data.
Perception and Practices of Health Data Privacy Protection among Consumers: An Empirical
Study in One of Indonesia's Major Cities
Jurnal Indonesia Sosial Teknologi, Vol. 5, No. 6, Juny 2024 2801
Bibliography
Faiqy, Muhammad Raihan, Damargara, Muhammad Izzar, Alhidayah, Muhammad, &
Maulana, Jatnika. (2022). Urgensi Realisasi Peran Data Protection Officer (DPO)
pada Sektor Kesehatan Ditinjau dari Hukum Pelindungan Data Pribadi.
Padjadjaran Law Review, 10(1).
Gupta, Ravi, Iyengar, Raghuram, Sharma, Meghana, Cannuscio, Carolyn C., Merchant,
Raina M., Asch, David A., Mitra, Nandita, & Grande, David. (2023). Consumer
views on privacy protections and sharing of personal digital health information.
JAMA Network Open, 6(3), e231305–e231305.
Herryani, Mas Rara Tri Retno, & Njoto, Harsono. (2022). Perlindungan Hukum Terhadap
Kebocoran Data Pribadi Konsumen Online Marketace. Transparansi Hukum, 5(1).
Indriani, Masitoh. (2017). Perlindungan Privasi Dan Data Pribadi Konsumen Daring Pada
Online Marketplace System. Justitia Jurnal Hukum, 1(2).
https://doi.org/10.30651/justitia.v1i2.1152
Joestiawan, Michael Wibowo, Dewa, I., & Mayasari, A. D. (2021). Perlindungan Privasi
Konsumen Terhadap Pemanfaatan Big Data. Jurnal Kertha Negara, 9(11), 916–
927.
Karu, Paulus J., & Febriansyah, Febriansyah. (2024). Legal responsibility towards
personal data controller due to dissemination of personal data. Journal of Law
Science, 6(1), 138–144.
Kusnadi, Sekaring Ayumeida. (2021). Perlindungan Hukum Data Pribadi Sebagai Hak
Privasi. AL WASATH Jurnal Ilmu Hukum, 2(1), 9–16.
Lodang, Maria Felisitas Isna, Dima, Adrianus Djara, & Kian, Darius Antonius. (2024).
Analisis Peran Kepolisian Resor Sikka dalam Mengurangi Kasus Pencurian
Kendaraan Roda Dua di Kota Maumere. Jurnal Hukum Dan Sosial Politik, 2(2),
255–273.
Medlimo, Rodrikson Alpian, Septania, Aisya Dyas, Hapsari, Hardina Okteviara, Zuleika,
Muhammad Fariel, & Agustin, Tasya. (2022). Measuring the future of NFT as a
digital asset in realizing economic revitalization. Annals of Justice and Humanity,
1(2), 59–67.
Meher, Cashtry, Sidi, Redyanto, & Risdawati, Irsyam. (2023). Penggunaan Data
Kesehatan Pribadi Dalam Era Big Data: Tantangan Hukum dan Kebijakan di
Indonesia. Jurnal Ners, 7(2), 864–870.
Novita, Rini, & Lubis, Diana. (2022). Perlindungan Data Medis Pasien Oleh Rumah Sakit
Atas Permintaan Medical Check-Up Perusahaan. Jurnal Meta Hukum, 1(3), 217–
Joni Yusufa, Dede Hermawan, Pradita Wuri Safitri, Ananda Sujati, Yuyut Prayuti, Arman Lany
Jurnal Indonesia Sosial Teknologi, Vol. 5, No. 6, Juny 2024 2802
231.
Ramadhani, Cahyadi, Alwiya, Nayla, & Afwa, Ulil. (2021). Perlindungan Hukum
Perekam Medis dalam Pelayanan Rekam Medis dan Informasi Kesehatan di
Fasilitas Pelayanan Kesehatan. Soedirman Law Review, 3(2).
Ravlindo, Endison, & Gunadi, Ariawan. (2021). Perlindungan Hukum Terhadap Data
Kesehatan Melalui Pengesahan Rancangan Undang-Undang Perlindungan Data
Pribadi. Jurnal Hukum Adigama, 4(2), 4748–4769.
https://doi.org/10.24912/adigama.v4i2.18028
Simamora, Indah Maria Maddalena. (2022). Perlindungan Hukum Atas Hak Privasi Dan
Kerahasiaan Identitas Penyakit Bagi Pasien Covid-19. Sibatik Journal: Jurnal
Ilmiah Bidang Sosial, Ekonomi, Budaya, Teknologi, Dan Pendidikan, 1(7), 1089–
1098.
Yel, Mesra Betty, & Nasution, Mahyuddin K. M. (2022). Keamanan informasi data
pribadi pada media sosial. Jurnal Informatika Kaputama (JIK), 6(1), 92–101.
