Latar Belakang: Program Studi Diploma Rekam Medis UGM dalam menjawab kebutuhan penguasaan kompetensi bagi lulusannya mengadakan pengembangan laboratorium dengan pengadaan fasilitas rekam medis berbasis komputer atau biasa disebut dengan Electronic Medical Record (EMR) berupa prototipe bernama RS.Papyrus. Prototipe EMR tersebut perlu dievaluasi untuk mengetahui sistem keamanannya. Standar yang dijadikan acuan berasal dari The Certification Commission for Healthcare Information Technology (CCHIT), standar ini dipilih karena memberikan panduan lengkap dalam penyelenggaraan EMR terutama pada sistem keamanannya. Tujuan: mengetahui penerapan prinsip-prinsip keamanan dari standar CCHIT meliputi keamanan sistem dan kehandalan sistem pada prototipe EMR. Metode: Jenis penelitian ini adalah deskriptif dengan pendekatan studi kasus. Pengumpulan data dengan wawancara, observasi dan Delphi study. Hasil: Pengujian prototipe EMR pada komponen hak akses telah memenuhi 57% standar CCHIT, komponen catatan audit 0% dari standar CCHIT, Autentikasi memenuhi 30% standar CCHIT, dokumentasi keamanan sistem 0% dari standar CCHIT, layanan teknis keamanan sistem 22% dari standar CCHIT, komponen backup data 0% dari standar CCHIT, dokumentasi kehandalan sistem memenuhi 10% standar CCHIT, dan layanan teknis kehandalan sistem telah memenuhi 100% standar CCHIT. Hasil penelitian ini dapat digunakan sebagai acuan pengembangan prototipe EMR khususnya pada aspek keamanannya. Kesimpulan: Prototipe EMR telah memenuhi 25% dari standar CCHIT. Hasil penelitian ini meberikan konsep pengembangan untuk hak akses, catatan audit, autentikasi, dokumentasi, layanan teknis, dan backup data pada prototipe EMR.

Background: Medical Record Diploma Program UGM has developed the laboratory with computer-based medical record called Electronic Medical Record (EMR) as a prototype named RS.Papyrus. This EMR prototype needs to be evaluated to determine its security systems. The Certification Commission for Healthcare Information Technology (CCHIT), as a standard systems can be used to evaluate this prototype especially its security and reability systems implementation. Objective: To know the application of security principles of access-control the CCHIT standards. Methods: This study was a descriptive case study approach. Collecting data through interviews, observation and Delphi Study. Results: Ability to access-control on the prototype EMR is the control of access users and users delete without the ability to erase history users in the system. Components of the access rights that need to be increased is associated with the policy of "break the glass". This policy contains rules about the making of specific information that is confidential by health professionals who treat, and policy of opening EMR forcibly during emergencies or system error. Conclusion: The tests on a access-control components have met 57% of the CCHIT standards and the rest has to be developed based the CCHIT standards. Indonesia has not the standards used to audit an existing EMR system yet. Essential component for security systems EMR is the control of access users, elimination of a particular user without deleting the user history, and the policy of "break the glass".

Kata Kunci : Pengujian,Sistem keamanan,Electronic medical record, Testing, Security System