DOI: https://doi.org/10.14710/lr.v22i1.65728

Legal Guarantees for the Protection of Patient Confidentiality: A Cross-Jurisdictional Study

*Mourad Benseghir orcid scopus publons  -  College of Law, University of Sharjah, United Arab Emirates
Maamar Bentria orcid scopus publons  -  College of Law, University of Sharjah, United Arab Emirates
Adnan Ibrahim Sarhan orcid scopus publons  -  College of Law, University of Sharjah, United Arab Emirates
Salih Ahmed Luhaibi orcid scopus publons  -  College of Law, University of Sharjah, United Arab Emirates
Alaa Yakoob Yousif orcid scopus publons  -  College of Law, University of Sharjah, United Arab Emirates
Open Access Copyright 2026 LAW REFORM under http://creativecommons.org/licenses/by-sa/4.0.

Citation Format:
Abstract

This study examines the legal guarantees governing the confidentiality of patient information in Indonesia and the United Arab Emirates (UAE), two jurisdictions undergoing rapid digital transformation in their healthcare sectors. As the adoption of electronic medical records, telemedicine, and health information systems expands, concerns surrounding the protection, governance, and misuse of patient information have intensified. Through a normative and comparative legal method, this research analyzes the primary legislative instruments, regulatory mechanisms, and institutional arrangements that safeguard patient confidentiality in both countries. The UAE has established a more unified and structured legal framework, particularly through Federal Law No. 2 of 2019 on the Use of Information and Communication Technology (ICT) in Health Fields and the Personal Data Protection Law No. 45 of 2021, which impose stringent obligations for secure processing, access limitation, and data governance. Indonesia, on the other hand, has introduced key regulations such as the Health Law No. 17 of 2023, Minister of Health Regulation No. 24 of 2022 on Medical Records, and the Personal Data Protection Law No. 27 of 2022; however, challenges persist in enforcement consistency, system interoperability, and institutional capacity. By comparing legal standards, confidentiality obligations, penalties for violations, and enforcement practices, this study highlights the strengths and weaknesses of both frameworks. The findings underscore the need for Indonesia to enhance regulatory coherence, improve oversight mechanisms, and adopt best-practice elements from the UAE to reinforce patient information protection

Fulltext View|Download
Keywords: Patient Confidentiality; Patient Information Protection; Comparative Health Legislation; Indonesia; United Arab Emirates

Article Metrics:

Article Info
Section: Research Article
Language : EN
Recent articles
The Potential Application of The Bridging Approach In Community-Based Corrections In Indonesia: A Comparative Perspective Inequality Between The Potential of Fishery Resources and The Poverty Level of Fisherman Communities in Coastal Areas Legal Guarantees for the Protection of Patient Confidentiality: A Cross-Jurisdictional Study Pretrial as Supervisory Mechanism for Protecting Suspects' Human Rights More recent articles
Most cited articles
IMPLEMENTASI PENILAIAN KEBARUAN DAN PRINSIP ITIKAD BAIK DALAM PERLINDUNGAN DESAIN INDUSTRI PERLINDUNGAN HUKUM TERHADAP KONSUMEN DALAM TRANSAKSI E-COMMERCE PRIVATISASI BADAN USAHA MILIK NEGARA KEBIJAKAN FORMULASI HUKUM PIDANA DALAM MELINDUNGI TRANSAKSI E - COMMERCE DI INDONESIA URGENSI REKONSTRUKSI HUKUM E-COMMERCE DI INDONESIA More cited articles
  1. Abbott, P. A., & Coenen, A. (2008). Globalization and advances in information and communication technologies: The impact on nursing and health. Nursing Outlook, 56(5),238–246. https://doi.org/10.1016/j. outlook.2008.06.009
  2. Abouahmed, A., Kandeel, M. E., & Zakaria, A. (2024). Personal data protection in the United Arab Emirates and the European Union regulations. Journal of Governance and Regulation,13(1),195-202. https://doi.org/10.22495/jgrv13i1art17
  3. Adnan, K., & Akbar, R. (2019). Limitations of information extraction methods and techniques for heterogeneous unstructured big data. International Journal of Engineering Business Management, 11. https://doi.org/10.1177/1847979019890771
  4. Adonara, F. F., Ohoiwutun, Y. A. T., & Taniady, V. (2025). The Application of the Res Ipsa Loquitur Doctrine as a Principle of Evidence in Medical Malpractice. Jurnal Pembangunan Hukum Indonesia,7(3),358–376. https://doi.org/10.14710/jphi.v7i3.179-197
  5. Akbar, A. (2018). Design of information system of medical record web based inpatient public hospital in South Solo. Jurnal Rekam Medic,1(1),1–9. https://doi.org/10.33085/jrm.v1i1.3957
  6. Alhajaj, K. E., & Moonesar, I. A. (2023). The power of big data mining to improve the health care system in the United Arab Emirates. Journal of Big Data, 10(12). https://doi.org/10.1186/s40537-022-00681-5
  7. Alostad, A. H., Steinke, D. T., & Schafheutle, E. I. (2018). International comparison of five herbal medicine registration systems to inform regulation development: United Kingdom, Germany, United States of America, United Arab Emirates and Kingdom of Bahrain. Pharmaceutical Medicine,32(1),39–49. https://doi.org/10.1007/s40290-018-0223-0
  8. Alpay, L., Verhoef, J., Xie, B., Te’eni, D., & Zwetsloot-Schonk, J. H. M. (2009). Current challenge in consumer health informatics: Bridging the gap between access to information and information understanding. Biomedical Informatics Insights, 2(1), 1–10. https://doi.org/10.4137/BII.S2223
  9. Alpiah, S., Asbari, M., Saputri, I. A., & Adilya, N. R. (2024). Oversharing: Urgensi privasi di era digital. Journal of Information Systems and Management (JISMA), 3(1), 42-47. https://doi.org/10.4444/jisma.v3i1.877
  10. Anggraeni, S. F. (2018). Polemik pengaturan kepemilikan data pribadi: Urgensi untuk harmonisasi dan reformasi hukum di Indonesia. Jurnal Hukum & Pembangunan, 48(4),814–825 https://scholarhub.ui.ac.id/jhp/vol48/iss4/7
  11. Archer, N., Fevrier-Thomas, U., Lokker, C., McKibbon, K. A., & Straus, S. E. (2011). Personal health records: A scoping review. Journal of the American Medical Informatics Association, 18(4), 515–522. https://doi.org/10.1136/amiajnl-2011-000105
  12. Ardiansyah, M. R., & Ardiana, R. (2023). Kewajiban dan tanggung jawab hukum perdata dalam perlindungan privasi data pasien dalam layanan kesehatan digital. Hakim: Jurnal Ilmu Hukum dan Sosial, 1(4), 276-287. https://doi.org/10.51903/hakim.v1i4.1470
  13. Bunga, A. (2015). Kewenangan pemerintah dalam perlindungan hukum pelayanan kesehatan tradisional ditinjau dari Undang-Undang Republik Indonesia Nomor 36 Tahun 2009 tentang kesehatan. Jurnal Wawasan Hukum, 32(1), 82–98. https://doi.org/10.25072/jwy.v32i1.91
  14. Coorevits, P., Sundgren, M., Klein, G. O., Bahr, A., Claerhout, B., Daniel, C., Dugas, M., Dupont, D., Schmidt, A., Singleton, P., De Moor, G., & Kalra, D. (2013). Electronic Health Records: New opportunities for Clinical Research. Journal of Internal Medicine,274(6),547–560. https://doi.org/10.1111/joim.12119
  15. Daeng, Y., Linra, N., Darham, A., Handrianto, D., Sianturi, R. R., Martin, D., Putra, R. P., & Saputra, H. (2023). Perlindungan Data Pribadi Dalam Era Digital: Tinjauan Terhadap Kerangka Hukum Perlindungan Privasi. Innovative: Journal of Social Science Research, 3(6), 2898-2905. https://doi.org/10.31004/innovative.v3i6.6662
  16. Eckhoff, D., & Wagner, I. (2018). Privacy in the Smart City—Applications, Technologies, Challenges, and Solutions. IEEE Communications Surveys & Tutorials, 20(1),489–516. https://doi.org/10.1109/COMST.2017.2748998
  17. Effoe, V. S., Katula, J. A., Kirk, J. K., Pedley, C. F., Bollhalter, L. Y., Brown, W. M., Savoca, M. R., Jones, S. T., Baek, J., Bertoni, A. G., & the LIFT Diabetes Research Team. (2016). The Use of Electronic Medical Records For Recruitment in Clinical Trials: Findings from the Lifestyle Intervention for Treatment of Diabetes trial. Trials, 17(1), 496. https://doi.org/10.1186/s13063-016-1631-7
  18. El-Gheriani, M., & Hashish, A. (2023). Egypt Amends its Competition Law to Establish A Pre-Merger Control System. Journal of European Competition Law & Practice, 14(2),106–112. https://doi.org/10.1093/jeclap/lpad014
  19. Gao, Y., Zhou, Y., Zhou, B., Shi, L., & Zhang, J. (2017). Handling data skew in MapReduce cluster by using partition tuning. Journal of Healthcare Engineering, 2017(1). https://doi.org/10.1155/2017/1425102
  20. Greenleaf, G., & Cottier, B. (2021). International and regional commitments in African data privacy laws: A comparative analysis. Computer Law & Security Review, 44. https://doi.org/10.1016/j.clsr.2021.105638
  21. Hendra, H., Ravel, R., Firdhaus, N., Kurniawan, M. A., & Platina, G. (2021). E-health Personal Data Protection in Indonesia. Jurnal Hukum Kesehatan Indonesia, 1(2), 121-131. https://doi.org/10.53337/jhki.v1i02.15
  22. Heriyanto, H. (2023). Analisis perbandingan regulasi dan perlindungan hukum atas privasi data pasien di tiga negara Asia Tenggara (Indonesia, Singapura, dan Laos). Jurnal Ners, 7(2), 1247–1259. https://doi.org/10.31004/jn.v7i2.16760
  23. Indriyajati, F., Jawa, M. M. S. D., & Utomo, H. (2023). Analisis Keamanan Data Electronic Medical Record Digital Transformation Office (DTO) Kementerian Kesehatan Indonesia. Sanskara Manajemen dan Bisnis,2(1),59–66. https://doi.org/10.58812/smb.v2i01.130
  24. Iswandari, H. D., & Hoque, S. (2022). Reconceptualizing legal arrangement on the doctor–patient relationship in Indonesia. Law Reform, 18(1), 58–78. https://doi.org/10.14710/lr.v18i1.44711
  25. Kesuma, S. I. (2023). Sosialisasi Tentang Ulasan Undang-Undang No. 17 Tahun 2023 Tentang Kesehatan. Birokrasi: Jurnal Ilmu Hukum dan Tata Negara, 1(4), 143–156. https://doi.org/10.55606/birokrasi.v1i4.731
  26. Kumar N, M., & Manjula, R. (2014). Role of big data analytics in rural health care – A step towards Svasth Bharath. International Journal of Computer Science and Information Technologies, 5(6), 7172–7178. https://www.ijcsit.com/docs/Volume%205/vol5issue06/ijcsit2014050661.pdf
  27. Labadie, C., & Legner, C. (2023). Building data management capabilities to address data protection regulations: Learnings from EU-GDPR. Journal of Information Technology, 38(1),16–44. https://doi.org/10.1177/0268 3962221141456
  28. Lestari, A. Y., Misran, M., Raharjo, T., Annas, M., Riskanita, D., & Prabandari, A. P. (2024). Improving healthcare patient data security: An integrated framework model for electronic health records from a legal perspective. Law Reform, 20(2), 329–352. https://doi.org/10.14710/lr.v20i2.56986
  29. Lintang, K., & Triana, Y. (2021). Perlindungan Hukum terhadap Hak Privasi dan Rekam Medis Pasien pada Masa Pandemi Covid-19. Jurnal Hukum Lex Generalis, 2(10), 913–927. https://doi.org/10.56370/jhlg.v2i10.71
  30. McGraw, D., & Mandl, K. D. (2021). Privacy Protections to Encourage Use of Health-Relevant Digital Data In A Learning Health System. NPJ Digital Medicine, 4(2), 1–11. https://doi.org/10.1038/s41746-020-00362-8
  31. Meinert, E., Alturkistani, A., Brindley, D., Knight, P., Wells, G., & de Pennington, N. (2018). Weighing Benefits and Risks in Aspects of Security, Privacy and Adoption of Technology in a Value-Based Healthcare System. BMC Medical Informatics and Decision Making, 18(100). https://doi.org/ 10.1186/s12911-018-0700-0
  32. Muntari, M., Djawoto, D., Suwitho, S., & Oetomo, H. W. (2020). Pengaruh Kualitas SIMRS dan Lingkungan Kerja Non Fisik Terhadap Kinerja Pegawai dan Person–Organization Fit (Studi Kasus pada Rumah Sakit Islam Jemursari Surabaya). JIM: Jurnal Ilmu Manajemen,8(3),658–674. https://doi.org/10.26740/jim.v8n3.p658-674
  33. Nair, S. C., & Ibrahim, H. (2015). Assessing Subject Privacy and Data Confidentiality in An Emerging Region for Clinical Trials: United Arab Emirates. Accountability in Research,22(4),205–221. https://doi.org/10.1080/08989621.2014.942452
  34. Ohoiwutun, Y. A. T., Taniady, V., Lutfian, L., Rachim, K. V., & Putri, N. A. (2024). Euthanasia in Indonesia: Laws, human rights, and medical perspectives. Law Reform,20(2),408–430. https://doi.org/10.14710/lr.v20i2.63813
  35. Rahayu, N. (2017). Pengaruh Pengetahuan Perpajakan, Ketegasan Sanksi Pajak, dan Tax Amnesty Terhadap Kepatuhan Wajib Pajak. Akuntansi Dewantara, 1(1), 15–30. https://jurnal.ustjogja.ac.id/index.php/akuntansidewantara/article/view/21
  36. Rahmouni, H. B., Essefi, I., & Ladeb, M. F. (2019). Enhanced privacy governance in health information systems through business process modelling and HL7. Procedia Computer Science, 164, 706–713. https://doi.org/10.1016/j.procs.2019.12.239
  37. Sarabdeen, J., & Ishak, M. M. M. (2025). A comparative analysis: Health data protection laws in Malaysia, Saudi Arabia and EU General Data Protection Regulation (GDPR). International Journal of Law and Management, 67(1), 99–119. https://doi.org/10.1108/IJLMA-01-2024-0025
  38. Sarabdeen, J., & Moonesar, I. A. (2018). Privacy Protection Laws and Public Perception of Data Privacy: The Case of Dubai E-Health Care Services. Benchmarking, 25(6), 1883–1902. https://doi.org/10.1108/BIJ-06-2017-0133
  39. Sarastri, E. S., Saputro, L. T., & Hartini, M. I. (2021). Comparison of aesthetic plastic surgery laws applied in the United States and Indonesia. Law Reform, 17(2), 232–251. https://doi.org/10.14710/lr.v17i2.41750
  40. Simamora, I. M. M. (2022). Perlindungan Hukum Atas Hak Privasi Dan Kerahasiaan Identitas Penyakit Bagi Pasien Covid-19. Sibatik Journal: Jurnal Ilmiah Bidang Sosial, Ekonomi, Budaya, Teknologi, dan Pendidikan,1(7). https://doi.org/10.54443/sibatik.v1i7.126
  41. Situmorang, R. (2022). Hubungan Penerapan Sistem Informasi Pendokumentasian Asuhan Keperawatan Dengan Kepuasan Perawat Di Rumah Sakit Wilayah Jakarta. Moluccas Health Journal, 4(3). https://doi.org/10.54639/mhj.v4i3.967
  42. Suari, K. R. A., & Sarjana, I. M. (2023). Menjaga Privasi di Era Digital: Perlindungan Data Pribadi di Indonesia. Jurnal Analisis Hukum,6(1),132-142. https://doi.org/10.38043/jah.v6i1.4484
  43. Susanto, S. N. H. (2019). Karakter Yuridis Sanksi Hukum Administrasi: Suatu Pendekatan Komparasi. Administrative Law and Governance Journal, 2(1), 126–142. https://doi.org/10.14710/alj.v2i1.126-142
  44. Suyudi, G. A. Wildana, D. T., Prihatmini, S., & Puspaningrum, G. (2025). Kebijakan Formulasi dan Prospektif Penegakan Hukum Tindakan Kealpaan Tenaga Medis/Tenaga Kesehatan (Dinamika Pertanggungjawaban Pidana dalam Malpraktik Medis). Jurnal Pembangunan Hukum Indonesia, 7(2), 49–70. https://doi.org/10.14710/jphi.v7i2.49-70
  45. Taufiqurrohman, A. A., Muhtar, M. H., Ahmad, A., Kasim, N. M., & Imran, S. Y. (2024). The Role of Islamic Law, Constitution, and Culture in Democracy in the UAE and Indonesia. Ahkam: Jurnal Ilmu Syariah, 24(1). https://core.ac.uk/download/629902082.pdf
  46. Utomo, H. P., Gultom, E., & Afriana, A. (2020). Urgensi Perlindungan Hukum Data Pribadi Pasien dalam Pelayanan Kesehatan Berbasis Teknologi di Indonesia. Jurnal Ilmiah Galuh Justisi, 8(2), 168-185. https://doi.org/10.25157/justisi.v8i2.3479
  47. van Velthoven, M. H., Mastellos, N., Majeed, A., O’Donoghue, J., & Car, J. (2016). Feasibility of Extracting Data from Electronic Medical Records for Research: An international Comparative Study. BMC Medical Informatics and Decision Making, 16(90). https://doi.org/10.1186/s12911-016-0332-1
  48. Wang, H., Xu, Z., Fujita, H., & Liu, S. (2016). Towards Felicitous Decision Making: An Overview on Challenges and Trends of Big Data. Information Sciences, 367–368, 747–765. https://doi.org/10.1016/j.ins.2016.07.007
  49. Weber, P. A., Zhang, N., & Wu, H. (2020). A Comparative Analysis of Personal Data Protection Regulations between the EU and China. Electronic Commerce Research, 20(3), 565–587. https://doi.org/ 10.1007/s10660-020-09422-3
  50. Wilona, M. Z., Latifah, E., & Purwadi, H. (2021). Privacy policy on smart contracts in e-commerce transactions. Law Reform, 17(1),47–60. https://doi.org/10.14710/lr.v17i1.37552
  51. Wu, P.-J., & Lin, K.-C. (2018). Unstructured Big Data Analytics for Retrieving E-Commerce Logistics Knowledge. Telematics and Informatics,35(1),237–244. https://doi.org/10.1016/j.tele.2017.11.004
  52. Zhang, Q., & Hansen, D. (2007). Approximate Processing for Medical Record Linking and Multidatabase Analysis. International Journal of Healthcare Information Systems and Informatics, 2(4), 14. DOI: 10.4018/jhisi.2007100104
  53. Amiruddin, A., Asikin, Z. (2012). Pengantar Metode Penelitian Hukum. Jakarta: Raja Grafindo Persada
  54. Institute of Medicine (US) Roundtable on Value & Science-Driven Health Care. (2010). Clinical Data as the Basic Staple of Health Learning: Creating and Protecting a Public Good: Workshop Summary. Washington, DC: National Academies Press (US). http://www.ncbi.nlm.nih.gov/books/NBK54302/
  55. Mittelstadt, B. D., & Floridi, L. (Eds.). (2016). The ethics of biomedical big data. Cham, Switzerland: Springer International Publishing. https://doi.org/10.1007/978-3-319-33525-4
  56. Yustina, E. W. (2012). Mengenal Hukum Rumah Sakit. Bandung: C.V. Keni Media
  57. DPD PORMIKI DKI Jakarta. (2025). Regulation of the Minister of Health of the Republic of Indonesia Number 269/Menkes/Per/III/2008 about Medical Records. Retrieved from https://pormikidki.or.id/lain-lain/download/ 26-permenkes-269-tahun-2008-rekam-medis
  58. Database Peraturan JDIH BPK. (2025a). Law Number 29 of 2004 concerning Medical Practice Republic of Indonesia. Retrieved from https://peraturan.bpk.go.id/Details/ 40752/uu-no-29-tahun-2004
  59. Database Peraturan JDIH BPK. (2025b). Law Number 27 of 2022 concerning Personal Data Protection Republic of Indonesia. (2022). Retrieved from https://peraturan. bpk.go.id/Details/229798/uu-no-27-tahun-2022
  60. United Arab Emirates. (2019). Federal Law No. 2 of 2019 on the Use of Information and Communication Technology (ICT) in Health Fields. Retrieved from https://uaelegislation.gov.ae/en/legislations/1209/download
  61. United Arab Emirates. (2021). Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data. Retrieved from https://uaelegislation.gov.ae/en/legislations/1972/download
  62. Laney, D. (2001). 3D Data Management: Controlling Data Volume, Velocity and Variety. META Group Research Note, 6(70), 1. https://diegonogare.net/wp-content/uploads/2020/08/3D-Data-Management-Controlling-Data-Volume-Velocity-and-Variety.pdf
  63. Rifly, N. F. (2022). Analisis Pengaruh Implementasi Sistem Informasi Manajemen Rumah Sakit (SIMRS) Terhadap Kinerja Karyawan di Unit Rawat Jalan RSUD Arifin Achmad Provinsi Riau. Undergraduate Thesis: Universitas Awal Bros. https://repository.univawalbros.ac.id/96/
  64. Ghandour, A., & Woodford, B. J. (2019). Ethical Issues in Artificial Intelligence in UAE. In 2019 International Arab Conference on Information Technology (ACIT) (pp. 262–266). https://doi.org/10.1109/ACIT47987.2019.8990997
  65. Paxton, C., Niculescu-Mizil, A., & Saria, S. (2013). Developing Predictive Models Using Electronic Medical Records: Challenges and Pitfalls. AMIA Annual Symposium Proceedings,pp.1109–1115. https://europepmc.org/articles/PMC3900132
  66. DA, A. T. (2021). Diduga Data Peserta Bocor, Begini Upaya Yang Dilakukan BPJS Kesehatan. Retrieved from https://www.hukumonline.com/berita/a/diduga-data-peserta-bocor--begini-upaya-yang-dilakukan-bpjs-kesehatan-lt60aca63a21b82/
  67. GDPR.EU. (2018). What is GDPR, the EU’s new data protection law? GDPR.eu. Retrieved from https://gdpr.eu/what-is-gdpr/
  68. Ivan, D. (2019). Clinical vs. consumer data: Why does it matter?. Retrieved from https://www.chiefhealthcareexecutive.com/view/clinical-vs-consumer-data-why-does-it-matter
  69. Sanjoyo, R. (2007). Aspek Hukum Rekam Medis. D3 Rekam Medis FMIPA Universitas Gadjah Mada. Retrieved from https://www.academia.edu/19696792/ASPEK_HUKUM_REKAM_MEDIS
  70. Tithecott, A., & Jhala, K. (2019). The Federal Law Regulating The Use of Information and Communication Technology in the UAE Healthcare Sector. Retrieved from https://www.tamimi.com/law-update-articles/the-federal-law-regulating-the-use-of-information-and-communication-technology-in-the-uae-healthcare-sector/
  71. UAE - Data Protection Overview. (2022). Retrieved from https://www.dataguidance. com/notes/uae-data-protection-overview

Last update:

No citation recorded.

Last update: 2026-02-24 13:23:17

No citation recorded.