The digital transformation of the healthcare sector has brought significant benefits to hospitals and patients alike. Electronic medical records, hospital information systems, and integrated health data platforms have enhanced service efficiency and improved the accuracy of medical decision-making.
However, digitalization has also introduced new risks. One of the most critical concerns is inaccurate patient data entry, which may result in incorrect diagnoses, medication errors, or inappropriate medical treatment. When such errors cause harm to patients, important legal questions arise regarding the liability of hospitals and healthcare professionals involved.
Can medical data entry errors be considered healthcare negligence? How does Indonesian law protect patients’ health data, and what legal remedies are available when such mistakes result in losses? This article explores these issues in greater detail.
Medical Data Entry Errors May Constitute Healthcare Negligence
In healthcare practice, patient data serves as the primary basis for physicians and healthcare professionals when making clinical decisions. Errors involving patient identification, allergy history, laboratory results, or medication prescriptions may lead to inappropriate medical treatment.
The World Health Organization (WHO) has consistently recognized medical errors and patient safety failures as ongoing global challenges within healthcare systems. One contributing factor to such incidents is the improper management of health information and patient data.
Under Law No. 17 of 2023 on Health (“Health Law“), every individual is entitled to receive safe, high-quality healthcare services that comply with applicable healthcare service standards. This protection is expressly provided under Article 4 paragraph (1) letters (c) and (d).
Furthermore, Article 23 paragraph (1) of the Health Law provides:
“The implementation of Health Efforts shall be conducted responsibly, safely, with quality, equitably, non-discriminatorily, and fairly.”
Where inaccurate data entry causes a patient to receive incorrect treatment, such circumstances may indicate negligence in the provision of healthcare services. Whether negligence exists must ultimately be assessed based on the facts of the case, applicable service standards, and the causal relationship between the error and the resulting harm.
From a civil law perspective, Article 1365 of the Indonesian Civil Code (“Civil Code“) provides:
“Any unlawful act that causes damage to another person obliges the person whose fault caused such damage to compensate for the loss.”
Accordingly, where a patient can demonstrate the existence of an error, actual damages, and a causal link between the incorrect data entry and the harm suffered, there may be sufficient legal grounds to pursue a civil claim against the responsible party.
Read also : A Guide to Clinical Trials in Indonesia: Legal Framework and Risks
Understanding That Patient Health Data Constitutes Sensitive Personal Data
In addition to patient safety concerns, errors in managing medical data are closely linked to personal data protection obligations. In today’s era of electronic medical records and digital healthcare systems, health information has become one of the most sensitive categories of personal data.
Article 4 paragraph (2) letter (a) of Law No. 27 of 2022 on Personal Data Protection (“PDP Law“) classifies health data as specific personal data, which receives a higher level of legal protection than general personal data.
Given its sensitive nature, data controllers are required to ensure that personal data is processed accurately, completely, and securely, while being protected from errors and unauthorized access. Inaccurate data entry that alters a patient’s medical information may therefore affect not only patient safety but also compliance with personal data protection regulations.
The Health Law further emphasizes this obligation. Article 274 letter (a) requires medical personnel and healthcare professionals to ensure that healthcare services are delivered in accordance with professional standards, service standards, operational procedures, professional ethics, and the patient’s condition and needs.
The obligation to maintain data accuracy and security is also reflected in Article 14 of Government Regulation No. 71 of 2019 on the Implementation of Electronic Systems and Transactions (“GR 71/2019“). This provision requires electronic system operators to safeguard the confidentiality, integrity, availability, and accuracy of the data under their management.
In addition, Minister of Health Regulation No. 24 of 2022 on Medical Records (“MOH Regulation 24/2022“) mandates healthcare facilities to implement electronic medical record systems that ensure the security, confidentiality, integrity, and availability of patient data.
Accordingly, hospitals are responsible not only for the medical services they provide but also for the governance and reliability of the health information systems used to manage patient data.
Read also : Exporting Medical Devices from Indonesia: A Regulatory and Compliance Guide
What Legal Remedies Are Available to Patients Who Suffer Losses?
Indonesian law provides a robust legal framework for individuals who suffer losses as a result of unlawful acts, including losses arising from errors or negligence in healthcare services. Depending on the nature of the violation and the harm suffered, several legal remedies may be available.
- Filing a Civil Claim for Damages
Patients may initiate a civil lawsuit based on Article 1365 of the Civil Code. Such claims may be pursued where the elements of an unlawful act, fault, damages, and causation can be established. If incorrect data entry is proven to have caused inappropriate treatment, the patient may seek compensation from the responsible party.
- Submitting a Complaint to the Hospital or the Professional Discipline Council
Patients may also file complaints with the hospital or the Professional Discipline Council (Majelis Disiplin Profesi or “MDP”) where there is an alleged violation of professional standards, healthcare service standards, operational procedures, or professional ethics by medical personnel or healthcare professionals.
Through this mechanism, an investigation may be conducted to determine whether a breach of professional discipline occurred during the provision of healthcare services.
- Reporting Criminal Conduct to Law Enforcement Authorities
If criminal elements are present, such as the falsification of medical records, manipulation of health data, intentional alteration of patient information, or other acts constituting criminal offenses, patients may report such incidents to law enforcement authorities.
Under certain circumstances, improper management of health data may not only result in civil liability or professional disciplinary sanctions, but also criminal liability if the relevant legal elements are met under applicable laws and regulations.
Alternative Dispute Resolution as a Preferred Mechanism
It is also important to note that Article 310 of the Health Law provides that where medical personnel or healthcare professionals are alleged to have committed unlawful acts in the provision of healthcare services, dispute resolution should first prioritize alternative dispute resolution mechanisms outside the court system.
Accordingly, mediation or other forms of alternative dispute resolution may serve as an initial avenue for resolving disputes before litigation is pursued.
Conclucion
Data entry errors within hospital systems should not be viewed merely as administrative mistakes. In certain circumstances, such errors may lead to inappropriate medical treatment and cause significant harm to patients.
Hospitals must therefore ensure that their health information systems, electronic medical record governance, and operational procedures comply with applicable legal requirements and healthcare service standards. At the same time, patients should understand their legal rights and available remedies to obtain adequate legal protection when they suffer losses arising from errors in the management of health data.***
Regulations:
- Law No. 17 of 2023 on Health (“Health Law“).
- Law No. 27 of 2022 on Personal Data Protection (“PDP Law“).
- Indonesian Civil Code (“Civil Code”).
- Government Regulation No. 71 of 2019 on the Implementation of Electronic Systems and Transactions (“GR 71/2019“).
- Minister of Health Regulation No. 24 of 2022 on Medical Records (“MOH Regulation 24/2022“).
References:
- Yulfendri, A. (2025). Manajemen Rekam Medis dan Administrasi Pembiayaan Pelayanan Kesehatan secara Efektif. PT Bukuloka Literasi Bangsa. (Accessed on 17 June 2026 at 10:34 AM (WIB)).
- Aldi Yoga, P. (2025). Analisis Pertanggungjawaban Pidana Terhadap Kelalaian Tenaga Kesehatan yang Menyebabkan Kematian Pasien (Studi Putusan Nomor: 15/PID/2020/PT. TJK). Jurnal Multidisiplin Ilmu Akademik (JMIA). (Accessed on 17 June 2026 at 11:15 AM (WIB)).
- World Health Organization (WHO). (2023). Patient Safety. (Accessed on 17 June 2026 at 11:42 AM (WIB)).
About Author
