JAKARTA – Health experts and rights groups have criticised a new draft law in Indonesia, saying it puts citizens’ health data at risk.
The Health Bill, when passed into law, will allow the authorities to collect and use a wide range of Indonesians’ health data, including their genomic data, and process it outside the country.
But this means the trove of data will be rendered more vulnerable to abuse and exploitation by malicious parties, the experts say.
The collection of genomic data may enable researchers to analyse types of diseases in a population and find ways to cure them, but the data could also be misused for business purposes or other intentions that might put national security at risk, according to the experts.
Dr Dicky Budiman, an Indonesian doctoral researcher in global health security at Australia’s Griffith University, said that Indonesia comprises numerous ethnic groups and has rich biodiversity, and such assets can make it vulnerable to exploitation for various interests, including commercial and bioterrorism ones.
“For instance, Indonesian health data (may) show a potential major non-communicable disease in the next five to 10 years. Insurance or pharmaceutical companies may use this for their business interests, which may clash with the interests of our people,” he told The Straits Times.
He pointed out that insurance companies may reject applications for insurance coverage from Indonesians based on their genomic data and their predicted health risks, while pharmaceutical companies could exploit such information to sell drugs.
Dr Dicky noted that based on past incidents, data protection in Indonesia is still weak.
One major incident in May 2021 involved the leakage of social security details – including identity cards and family cards – of more than 200 million citizens from the Healthcare and Social Security Agency’s database.
Not only was there a lack of adequate response from the authorities to the data breach but the perpetrators of the leak also got away lightly.
In October 2022, Indonesia’s Parliament passed into law a personal data protection Bill that imposes corporate fines and jail terms of up to six years on those who mishandle data. The law adopts some principles and aspects of the European Union’s 2018 General Data Protection Regulation.
However, Indonesia’s Personal Data Protection Law is not enough to guarantee the protection of Indonesia’s health data, said Dr Dicky. Australia, for instance, has at least three laws to protect health biosecurity data, he added.
Apart from concern over personal health data, critics of the Health Bill also want a 5 per cent minimum mandatory health spending in the annual state budget to be kept.
Rights groups say the elimination of the minimum mandatory spending, which is part of the Health Bill, will worsen healthcare services to the poor and vulnerable groups.
Health workers, including doctors, nurses and midwives, meanwhile, worry about legal uncertainties of their professional organisations. They see the Bill as reducing the role of their professional organisations, while giving more authority to the Health Ministry.
The majority of political party factions in Parliament agreed on June 19 to bring the Bill to a plenary session in July. Usually, when a Bill is brought before a plenary session, it is passed into law.
