Penulisan hukum ini bertujuan untuk mengetahui dan menganalisis penyelenggaraan RME di RSJ Grhasia yang ditinjau dari prinsip keamanan data dan informasi dalam Pasal 29 Permenkes 24/2022 serta untuk mengetahui dan menganalisis upaya pelindungan hukum data pribadi pasien dengan gangguan jiwa dalam RME oleh RSJ Grhasia.

Penelitian ini merupakan penelitian yuridis empiris dengan sifat deskriptif. Penelitian dilakukan melalui dua tahapan yaitu, penelitian kepustakaan untuk mengumpulkan data sekunder dan penelitian lapangan untuk mengumpulkan data primer. Data tersebut dianalisis secara kualitatif dengan metode deskriptif.

Hasil penelitian ini menunjukkan bahwa: Pertama, RSJ Grhasia telah menyelenggarakan RME sesuai prinsip keamanan data dan informasi dalam Pasal 29 Permenkes 24/2022, tetapi penyelenggaraannya belum didasari peraturan internal dan pengaturan terkait penghapusan data dan pembukaan isi rekam medis untuk penelitian yang melibatkan manusia tidak rinci. Kedua, RSJ Grhasia telah melakukan upaya pelindungan hukum preventif dan represif, tetapi tidak rincinya pengaturan terkait persetujuan pelayanan kesehatan, termasuk pemrosesan data oleh pasien dengan gangguan jiwa menunjukan satu aspek pelayanan kesehatan RSJ Grhasia yang belum cukup menjamin pelindungan hukum data pribadi pasien dengan gangguan jiwa.

This research aimed to identify and analyze the implementation of Electronic Medical Records (EMR) at RSJ Grhasia in terms of data and information security principles as stipulated in Article 29 of Minister of Health Regulation No. 24/2022, as well as to examine the legal protection efforts for the personal data of patients with mental disorders in the EMR system at RSJ Grhasia. 

This research was a juridical-empirical study with a descriptive nature. The study was conducted through two stages: literature research to collect secondary data and field research to collect primary data. The data were analyzed qualitatively using a descriptive method.

The findings of this research indicated that, first, RSJ Grhasia had implemented EMR in accordance with the data and information security principles outlined in Article 29 of Minister of Health Regulation No. 24/2022. However, its implementation was not yet supported by internal regulations, and the provisions regarding data deletion and access to medical records for research involving human subjects were not detailed. Second, RSJ Grhasia had undertaken both preventive and repressive legal protection efforts. However, the lack of detailed regulations on consent for healthcare services, including data processing by patients with mental disorders, indicated an aspect of healthcare services at RSJ Grhasia that did not yet fully guarantee the legal protection of personal data for patients with mental disorders.

Kata Kunci : Pelindungan Hukum, Data Pribadi, Rekam Medis Elektronik, Rumah Sakit Jiwa/Legal Protection, Personal Data, Electronic Medical Records, Mental Hospital.