Journal of Medical Record and Infomation Technologi (JOMRIT)

This study examine the implementation of information systems at Semen Padang Hospital, focusing on improving information system security. The audit was conducted using the COBIT 2019 framework, covering  the domains and processes EDM03, APO12, and APO13. The research involves risk identification, determination of security controls, and ensuring compliance with the standards set by COBIT 2019. The findings indicate that the current information system security level is at Level 2, with a gap of two-level below thw wxpected state. Therefore, improvements and enhancements to information security at Semen Padang Hospital are required. The steps taken include implementation security techniques such as vulnerability scanning, penetration testing, the use of Web Application Firewall, Intrusion Detection System, Intrusion Prevention System and data encryption. Enhancing  physical security of servers, including CCTV installation and access control using cards or fingerprints, security certifications like ISO 27001 to ensure compliance with security standards. Employee training to enhance understanding and capabilities in dealing eith security threats and to strengthen coordination among staff. The measures aim to improves the hospital’s system security and ensure ongoing compliance with relevant security standards.

A. Chauhan and R. Singh, “Information Technology Role in Hospital Administration practices,” Int. J. Manag. (IJM, vol. 7, no. 4, pp. 108–115, [Online]. Available: http://www.iaeme.com/IJM/index.asp108http://www.iaeme.com/ijm/issues.asp?JType=IJM&VType=7&IType=4JournalImpactFactor

R. Molly and M. Itaar, “Analisis Pemanfaatan Sistem Informasi Manajemen Rumah Sakit (SIMRS) Pada RRSUD DOK II Jayapura,” 2021. [Online]. Available: https://journal-computing.org/index.php/journal-sea/index

Kemenkes RI, “Permenkes No 3 Tahun 2020 Tentang Klasifikasi dan Perizinan Rumah Sakit,” Tentang Klasifikasi dan Perizinan Rumah Sakit, no. 3, pp. 1–80, 2020, [Online]. Available: http://bppsdmk.kemkes.go.id/web/filesa/peraturan/119.pdf

M. A. Algiffary, M. I. Herdiansyah, and Y. N. Kunang, “Audit Keamanan Sistem Informasi Manajemen Rumah Sakit Dengan Framework COBIT 2019 Pada RSUD Palembang BARI,” vol. 4, no. 1, pp. 19–26, 2023.

P. I. I. S. Listyorini, “Sistem Keamanan SIMRS di Rumah Sakit,” Pros. Semin. Inf. Kesehat. Nas., pp. 234–240, 2021.

Y. A. Wilar, K. Yuliawan, and A. A. Natsir, “Analisis Keamanan Sistem Manajemen Informasi Rumah Sakit Umum Daerah Nabire,” MAHESA Malahayati Heal. Student J., vol. 3, no. 10, pp. 3365–3374, 2023, doi: 10.33024/mahesa.v3i10.11246.

A. D. Yaner, H. Tanuwijaya, and E. Sutomo, “AUDIT KEAMANAN SISTEM INFORMASI PADA INSTALASI SISTEM INFORMASI MANAGEMENT (SIM-RS) BERDASARKAN STANDAR ISO 27002 (Studi Kasus: Rumah Sakit Umum Haji Surabaya) Annisa,” J. Sist. Inf. Komput. Akunt., vol. 1, no. 1, pp. 1–8, 2012.

ISACA, COBIT 2019 Framework Introduction and Methodology. 2019.

R. Von Solms and J. Van Niekerk, “From information security to cyber security,” Comput. Secur., vol. 38, pp. 97–102, 2013, doi: 10.1016/j.cose.2013.04.004.

R. Ayyagari, V. Grover, and R. Purvis, “Technostress: Technological antecedents and implications,” MIS Q. Manag. Inf. Syst., vol. 35, no. 4, pp. 831–858, 2011, doi: 10.2307/41409963.

X. Liu, J. Gao, X. He, L. Deng, K. Duh, and Y. Y. Wang, “Representation learning using multi-task deep neural networks for semantic classification and information retrieval,” NAACL HLT 2015 - 2015 Conf. North Am. Chapter Assoc. Comput. Linguist. Hum. Lang. Technol. Proc. Conf., pp. 912–921, 2015, doi: 10.3115/v1/n15-1092.

R. F. Chen and J. L. Hsiao, “An investigation on physicians’ acceptance of hospital information systems: A case study,” Int. J. Med. Inform., vol. 81, no. 12, pp. 810–820, 2012, doi: 10.1016/j.ijmedinf.2012.05.003.

W. W. Widiyanto, “SIMRS Network Security Simulation Using Snort IDS and IPS Methods,” Indones. Heal. Inf. Manag. J., vol. 10, no. 1, pp. 10–17, 2022, doi: 10.47007/inohim.v10i1.396.

M. E. Whitman and H. J. Mattord, “Information Security Governance for the Non-Security Business Executive,” J. Exec. Educ., vol. 11, no. 1, pp. 97–111, 2012.

H. Khotimah, F. Bimantoro, and R. S. Kabanga, “Implementasi Security Information And Event Management (SIEM) Pada Aplikasi Sms Center Pemerintah Daerah Provinsi Nusa Tenggara Barat,” J. Begawe Teknol. Inf., vol. 3, no. 2, pp. 213–219, 2022, doi: 10.29303/jbegati.v3i2.752.

G. Martha and G. Bororing, “Evaluasi Kinerja Algoritma Machine Learning Dalam Prediksi Serangan Malware,” J. Rev. Pendidik. dan Pengajaran, vol. 7, no. 1, pp. 3060–3066, 2024.

T. G. Laksana and S. Mulyani, “Pengetahuan Dasar Identifikasi Dini Deteksi Serangan Kejahatan Siber Untuk Mencegah Pembobolan Data Perusahaan,” J. Ilm. Multidisiplin, vol. 3, no. 01, pp. 109–122, 2024, doi: 10.56127/jukim.v3i01.1143.

Person, “Pengukuran Tingkat Kesadaran Keamanan Informasi Menggunakan Multiple Criteria Decision Analysis (Mcda),” J. Penelit. dan Pengemb. Komun. dan Inform., vol. 5, no. 1, p. 122371, 2014.