On 31 August 2022, the Ministry of Health of Indonesia issued the Minister of Health Regulation No. 24 of 2022 on Medical Records (“PMK 24/2022”). The PMK 24/2022 is a regulatory framework that functions as the implementation of the health technology transformation in Indonesia, which is Indonesia's sixth pillar of Health Transformation. The PMK 24/2022 has replaced the PMK No. 269 of 2008 on Medical Records. The main issues in the PMK 24/2022 are data storage and transfer, which are also subject to Law No.27 of 2022 concerning Privacy Data Protection (“PDP Law”). Prior to the PDP Law, there was no protection for data privacy under the law in Indonesia. The PDP Law will affect every business sector, including healthcare, which is reflected by the issuance of PMK 24/2022. Regulations in Indonesia continue to develop to provide ease of doing business, as well as to protect the public interest.
Article 3 (1) of PMK 24/2022 mandates the use of Medical Electronic Records (MER) in all types of healthcare facilities. This means that patients’ health data and their medical history recording system must be kept electronically with a backup system. Furthermore, Article 45 of the PMK 24/2022 stipulates that the transition process deadline to implement the digitization nationwide is 31 December 2023.
According to Article 8 of the PMK 24/2022, the patients' electronic medical records are facilitated by the Ministry of Health' electronic system and integrated platform, in this case the SATUSEHAT platform, which then can be accessed with the COVID-19 mobile contact-tracing application, PeduliLindungi.
Based on Article 25 (1) of PMK 24/2022, the contents of the medical records are owned by the healthcare facilities, but Article 26 of the PMK 24/2022 states that all contents of medical records are owned by the patients, and with their permission, the content can be delivered to other parties with secrecy guaranteed, and parties with access to the data are required to maintain the medical record’s secrecy. With regards to transferring medical data, Article 55 paragraph (1) of the PDP Law states that the personal data controller may transfer personal data to other personal data controllers in the jurisdiction of Indonesia. However, those transferring personal data and those who receive personal data transfers are required to protect the personal data as stipulated in the PDP Law.
According to Article 35 and 36 of the PMK 24/2022, in certain events and for certain needs, access to the patients' electronic medical records can be done without the patients' permission and without revealing their identity, but with the Ministry of Health's approval, in accordance with laws and regulations. In the event of needing to fulfill a court order, the minister's approval is not needed.
Regarding data storage, Article 39 of the PMK 24/2022 states that the patients' electronic medical records will be stored in the system for at least 25 years after their last health checkup. And after it expires, the data will either be erased or continue to be used.
According to Article 42 of the PMK, the healthcare facilities that are not in compliance with the implementation of the Electronic Medical Records can be sanctioned by the Minister of Health through the Director General. The sanctions can be in the form of a written warning and/or a revocation recommendation or accreditation status revocation.
How Schinder Can Help
Schinder Law Firm is a leading corporate law firm in Indonesia, practicing commercial dispute and general corporate matters, which covers PDP Law compliance services. Our team of corporate lawyers and dispute lawyers have forged a reputation for assisting various clients across the globe. Moreover, our Privacy, Data Protection and Cybersecurity practice group is a pioneer in providing data privacy law services in Indonesia. As Indonesian business lawyers, we have extensive experience providing daily legal services in commercial contract law and and regulatory compliance. If you have inquiries related to PMK No. 24/2022 compliance, please feel free to send us a message at email@example.com for further consultation.
Author: Budhi Satya Makmur