Digital Forensics in Medical Malpractice: The Challenge of Proving Clinical Data in Cloud-Based Medical Records
Keywords:
Electronic Health Records, Digital Forensics, Medical Malpractice, Cloud-Based Medical Records, Chain of Custody, Digital Evidence, Health LawAbstract
digital Transformation in healthcare, moving towards cloud-based Electronic Health Records (EHR), presents new legal challenges in medical malpractice disputes, specifically regarding the validity and integrity of digital evidence. These disputes require stricter evidentiary standards concerning authenticity, integrity, and an accountable digital chain of custody. Currently, Indonesia lacks a specific regulatory framework for health digital forensics, despite the critical role of system logs and audit trails. This normative legal research, using statutory, conceptual, case, and comparative approaches, aims to analyze the legal standing of digital medical records and formulate the necessary regulatory model. The study finds that without standardized audit trails, metadata preservation, and fixed chain of custody procedures, digital medical records risk losing their evidentiary strength in court. This paper proposes the establishment of a Health Digital Evidence Framework (HDEF) as a national standard to ensure the validity and reliability of clinical digital evidence
References
1. Ali, A. (2009). Menguak tabir hukum (Legal Research Methodology). Kencana Prenada Media Group.
2. Bal, B. S. (2009). The 21st century medical record: An updated perspective. Clinical Orthopaedics and Related Research, 467(10), 2539–2542.
3. Casey, E. (2011). Digital evidence and computer crime: Forensic science, computers and the internet. Academic Press.
4. Dimitropoulos, A. (2016). The General Data Protection Regulation and health data: An overview of the EU framework. Medical Law International, 16(3), 199–227.
5. European Union. (2016). Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). Official Journal of the European Union, L 119.
6. Garfinkel, S. L. (2010). Digital forensics research: The next 10 years. Digital Investigation, 7(1), S64–S73.
7. Groh, A. E. (2019). Digital evidence and cloud computing: Addressing jurisdictional challenges. Journal of Digital Forensics, Security and Law, 14(1), 1–18.
8. Indonesia. Law No. 11 of 2008 concerning Electronic Information and Transactions (UU ITE).
9. Indonesia. Law No. 17 of 2023 concerning Health.
10. Indonesia. Government Regulation No. 71 of 2019 concerning Implementation of Electronic Systems and Transactions (PP 71/2019).
11. ISO 27789:2019. Health informatics — Audit trails for electronic health records. International Organization for Standardization.
12. ISO/IEC 27001:2022. Information security, cybersecurity and privacy protection — Information security management systems — Requirements. International Organization for Standardization.
13. ISO/IEC 27037:2012. Information technology — Security techniques — Guidelines for identification, collection, acquisition and preservation of digital evidence. International Organization for Standardization.
14. Kohn, L. T., Corrigan, J. M., & Donaldson, M. S. (Eds.). (2000). To err is human: Building a safer health system. National Academies Press.
15. Lickona, T. (1992). Educating for character: How our scholl can teach respect and responsibility. Bantam Books.
16. Mello, M. M., Chandra, A., Gawande, A. A., & Studdert, D. M. (2010). National costs of the medical liability system. Health Affairs, 29(9), 1568–1576.
17. National Institute of Standards and Technology (NIST). (2020). NIST Special Publication 800-86: Guide to integrating forensic techniques into incident response. U.S. Department of Commerce.
18. Powers, J. M., & Cookson, P. W. Jr. (1999). The politics of school choice research. Educational Policy, 13(1), 104–122. https://doi.org/10.1177/0895904899131009
19. Quandary Peak Research. (2023). EHR audit trail production and legal implications: Analysis of Meherg v. Rush. (Industry Report).
20. Rindfleisch, T. C. (1997). Privacy, information technology, and health care. Communications of the ACM, 40(8), 92–100.
21. Soekanto, S., & Mamudji, S. (1983). Penelitian hukum normatif: Suatu tinjauan singkat. Rajawali.
22. Wiyana, N. A., & Barnawi. (2016). PAUD format: Concepts, characteristics & implementation of early childhood education. Ar-Ruzz Media.
23. Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation Computer Systems, 28(3), 583–592.
