LITERATURE REVIEW: AUDIT OF MANAGEMENT INFORMATION SYSTEMS IN HOSPITALS TO IMPROVE PATIENT DATA SECURITY AND INTEGRITY

Authors

  • Seto Wahyu Prasetyo Sekolah Tinggi Ilmu Ekonomi indonesia Surabaya

Keywords:

system audit, data security, literature review, hospitals

Abstract

The development of Hospital Management Information Systems (SIMRS) and Electronic Medical Records (RME) improves the efficiency of healthcare services, but also poses risks to the security, confidentiality, and integrity of patient data. Sensitive medical data is vulnerable to leakage, manipulation, and unauthorized access if not supported by adequate controls. Therefore, information systems audits are an important instrument for evaluating the effectiveness of security controls and regulatory compliance. This study uses a qualitative approach with a systematic literature review method on publications in 2016–2026 from indexed national and international journals. The analysis is carried out through content analysis and thematic synthesis to identify security threats, audit frameworks, and improvement recommendations. The results of the study show that the threat is multidimensional, including technical, managerial, legal, and human aspects. Frameworks such as COBIT, ISO/IEC/IEEE standards, and the CIA Triad are effective in identifying security gaps. Innovations such as blockchain have the potential to strengthen trail audits and access controls. Standardized and continuous audits are key to improving security and maintaining public trust in digital healthcare.

References

Book:

Garfinkel, S., & Lipford, H. R. (2014). Usable security: History, themes, and challenges. Morgan & Claypool Publishers.

Ginanjar, Y., Judijanto, L., & Susilawati, M. (2026). Auditing. PT. Sonpedia Publishing Indonesia.

Weber, R. (1999). Information Systems Auditing: The Big Questions. University of Queensland.

Whitman, M. E., & Mattord, H. J. (2018). Management of Information Security (6th ed.). Cengage Learning.

Winarto, W. W. A. (2022). Audit sistem informasi. Penerbit NEM.

Windarti, S., & Nadya, A. (2023). Implementasi sistem informasi manajemen rumah sakit (SIMRS). Penerbit NEM.

Article in journal:

Adnyana, G. F., Wasita, R. R., & Trinoto, A. A. (2026). Audit of Hospital Management Information Systems Based on The COBIT 4.0 Framework. Faktor Exacta, 18(4). http://dx.doi.org/10.30998/faktorexacta.v18i4.28720.

Ahmad, A., Hastuti, J., & Hijriatin, M. (2025). Data Security Analysis in Electronic Health Information Systems. Journal Informatic, Education and Management (JIEM), 7(1), 1-11. https://doi.org/10.61992/jiem.v7i1.107.

Alhadi, B. I. (2022). Sistem Informasi Manajemen (Sim) Sebagai Sarana Pencapaian E-Government. Jurnal Stie Semarang (Edisi Elektronik), 14(2), 184-195. https://doi.org/10.33747/stiesmg.v14i2.564

Alharthi, A., Krotov, V., & Bowman, M. (2017). Addressing barriers to big data. Business Horizons, 60(3), 285-292. https://doi.org/10.1016/j.bushor.2017.01.002

Asih, H. A., Indrayadi, I., Soraya, S., & Khairunnisa, K. (2024). Evaluasi Keamanan Data Pasien Pada Rekam Medis Elektronik Dengan Systematic Literature Review. Jurnal Ilmiah Fifo, 16(2), 104-110. http://dx.doi.org/10.22441/fifo.2024.v16i2.001.

Dogiye, E. L., Adebisi, A. A., & Biobelemeye, G. G. (2025). Assessing data integrity and security in healthcare information management practice. International Journal Of Health Records & Information Management (IJHRIM), 8(1).

Elo, S., & Kyngäs, H. (2008). The qualitative content analysis process. Journal of advanced nursing, 62(1), 107-115. https://doi.org/10.1111/j.1365-2648.2007.04569.x.

Krisdiyawan, R. D., & Kuswantoro, R. H. (2017). Audit keamanan sistem informasi pada rs mata dr. Yap yogyakarta menggunakan framework cobit 5. Jurnal Ilmiah Manajemen Informasi dan Komunikasi, 1(1), 8-15. https://doi.org/10.56873/jimik.v1i1.44.

Lestari, A. Y., Misran, M., Raharjo, T., Annas, M., Riskanita, D., & Prabandari, A. P. (2024). Improving healthcare patient data security: an integrated framework model for electronic health records from a legal perspective. Law Reform, 20(2), 329-352. https://doi.org/10.14710/lr.v20i2.56986.

Mardiah, A., Na’am, J., & Kurnia, H. (2018). Perancangan Aplikasi Customer Relationship Management (CRM) untuk Meningkatkan Layanan Pelanggan pada Toko Lusi Ana Gorden Lubuk Alung Berbasis Web dengan Menggunakan PHP DAN MYSQL. Jurnal KomtekInfo, 5(1). https://doi.org/10.35134/komtekinfo.v5i1.11.

Mejia-Granda, C. M., Fernández-Alemán, J. L., de Gea, J. M. C., & Garcia-Berna, J. A. (2025). A method and validation for auditing e-Health applications based on reusable software security requirements specifications. International Journal of Medical Informatics, 194, 105699. https://doi.org/10.1016/j.ijmedinf.2024.105699.

Munthe, B. O., Amalia, F., & Cholissodin, I. (2019). Pengembangan Sistem Informasi Penilaian dan Evaluasi Kinerja Karyawan Dengan Metode Weighted Product Berbasis Web (Studi Kasus: UB Guest House). Jurnal Pengembangan Teknologi Informasi dan Ilmu Komputer, 3(9), 9095-9104.

Rasyad, M. F., & Lubis, R. L. (2025). Hospital Patient Data Security Evaluation to Achieve SDGs 3.8. 1 “Good Health and Wellbeing”. Enrichment: Journal of Multidisciplinary Research and Development, 2(12), 1572-1579.

Setiatin, S., & Azmi, A. R. (2024). Analysis of Patient Data Security Aspects in the Implementation of Electronic Medical Records (EMR) at Hospital X Bandung. International Journal Prima Husada Health (IJPHH), 1(2), 173-180.

Shojaei, P., Vlahu-Gjorgievska, E., & Chow, Y. W. (2024). Security and privacy of technologies in health information systems: A systematic literature review. Computers, 13(2), 41. https://doi.org/10.3390/computers13020041.

Snyder, H. (2019). Literature review as a research methodology: An overview and guidelines. Journal of business research, 104, 333-339. https://doi.org/10.1016/j.jbusres.2019.07.039

Ullah, F., He, J., Zhu, N., Wajahat, A., Nazir, A., Qureshi, S., ... & Dev, S. (2024). Blockchain-enabled EHR access auditing: Enhancing healthcare data security. Heliyon, 10(16). https://doi.org/10.1016/j.heliyon.2024.e34407

Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. computers & security, 38, 97-102. https://doi.org/10.1016/j.cose.2013.04.004.

Conference/proceeding:

Ekblaw, A., Azaria, A., Halamka, J. D., & Lippman, A. (2016, August). A case study for blockchain in healthcare: "MedRec" prototype for electronic health records and medical research data. Paper presented at the 2nd International Conference on Open and Big Data (OBD), Vienna, Austria.

Downloads

Published

2026-03-25

How to Cite

Prasetyo, S. W. (2026). LITERATURE REVIEW: AUDIT OF MANAGEMENT INFORMATION SYSTEMS IN HOSPITALS TO IMPROVE PATIENT DATA SECURITY AND INTEGRITY. Global Economics and Finance Insights, 1(1), 30–39. Retrieved from https://journal.scholarisglobal.id/index.php/gefi/article/view/7

Issue

Vol. 1 No. 1 (2026): Global Economics and Finance Insights – Volume 1 Issue 1 (2026)

Section

Articles

License

Copyright (c) 2026 Seto Wahyu Prasetyo

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.