RSU PKU Muhammadiyah Bantul have been using information technology to improve health care in their area. One of the uses of information technology is in medical record information system. The existence of medical record information system will help to manage all medical record data. But with applying information system its data need to be secured, while there still less knowledge and understanding about medical record information system security. Therefore, it’s needed to have an audit using the standard of ISO 27001 to get a convenient security service for a medical record information. The audit of ISO 27001 used because this standard focus at information system security and use as the national standard of Indonesia. This standard contains complete determination to discover information system security. This research managed to give an assessment for medical record information system security of RSU PKU Muhammadiyah Bantul with maturity value of 2,2 (Repeatable but Intuitive). So medical record information system security of RSU PKU Muhammadiyah Bantul is good enough because it’s been followed the information system security procedure. But the hospital management is not paying attention regarding the understanding of their employees about information system security for their medical record information system.

Audit System; ISO 27001; Medical Record Information System

Anonym, ISO/ IEC 27001 Information Security Management. Accessed from https://www.iso.org/isoiec-27001-information-security.html.

Iffano, and Sarno, R., Sistem Manajemen Keamanan Informasi. Surabaya: ITS Press, 2009.

R. A. Kusuma, “Audit Keamanan Sistem Informasi dengan Menggunakan Standar SNI ISO 27001 pada Sistem Informasi Akademik Universitas Islam Negeri Sunan Kalijaga Yogyakarta,” UIN Sunan Kalijaga Yogyakarata, 2013.

R. Unggara, “Audit Sistem E-Learning Fakultas Sains Dan Teknologi Uin Sunan Kalijaga Yogyakarta Menggunakan Framework Cobit 4.1,” Universitas Islam Negeri Sunan Kalijaga Yogyakarta, 2013.