Patient personal data protection: comparing the health-care regulations in Indonesia, Singapore and the European Union

Abstract

Purpose This paper aims to identify the reasons why cases of leakage of patient personal data often occur in the health sector. This paper also analyzes personal data protection regulations in the health sector from a comparative legal perspective between Indonesia, Singapore and the European Union (EU). Design/methodology/approach This type of research is legal research. The research approach used is the statute approach and conceptual approach. The focus of this study in this research is Indonesia with a comparative study in Singapore and the EU. Findings Cases of leakage of patient personal data in Indonesia often occur. In 2021, the data for 230,000 COVID-19 patients was leaked and sold on the Rapid Forums dark web forum. A patient’s personal data is a human right that must be protected. Compared to Singapore and the EU, Indonesia is a country that does not yet have a law on the protection of personal data. This condition causes cases of leakage of patients’ personal data to occur frequently. Research limitations/implications This study analyzes the regulation and protection of patients’ personal data in Indonesia, Singapore and the EU to construct a regulatory design for the protection of patients’ personal data. Practical implications The results of this study are useful for constructing regulations governing the protection of patients’ personal data. The regulation is to protect the patient’s personal data like a patient’s human right. Social implications The ideal regulatory design can prevent data breaches. Based on the results of comparative studies, in Singapore and the EU, cases of personal data leakage are rare because they have a regulatory framework regarding the protection of patients’ personal data. Originality/value Legal strategies that can be taken to prevent and overcome patient data breaches include the establishment of an Act on Personal Data Protection; the Personal Data Protection Commission; and management of patients’ personal data.