by Yuliasman Chaniago

There is a question that should keep every hospital director in Indonesia awake at night: how could a doctor assigned to an emergency department continue working for weeks while suffering from fever and respiratory distress, without a single management layer detecting or protecting her?

That is the question left behind by the death of dr. Myta Aprilia Azmy at KH Daud Arief Regional Hospital on May 1, 2026.

But the question does not stand alone. It is inseparable from another: how could thousands of fraudulent claims under Indonesia’s National Health Insurance (JKN) system be submitted to BPJS Kesehatan for months without detection? How could hospital executives celebrated for “performance” later be implicated in fictitious claims schemes, only to be transferred elsewhere to repeat the same practices?

These may appear to be different crises, but they stem from the same root cause: weak governance, risk management, and compliance (GRC) at the hospital level. Until this foundation is repaired, Indonesia will continue producing two kinds of victims simultaneously—doctors collapsing in service, and public funds flowing into corruption and fraud.

The Accreditation Paradox: Perfect Scores, Broken Systems

Indonesia’s hospital accreditation standards, regulated under Ministerial Decree No. HK.01.07/MENKES/1596/2024 and the Hospital Governance chapter within the Hospital Accreditation Commission framework, explicitly assign hospital directors responsibility for service quality, patient safety, workforce management, and fraud prevention.

The issue is not whether directors should know what is happening inside their institutions. They are formally required to know. The real question is: why does the system fail to ensure they actually do?

As of December 31, 2024, Indonesia had 3,216 registered hospitals. Ninety-six percent were accredited, and 85.1 percent achieved “Paripurna,” the highest accreditation status.

Yet these statistics reveal a dangerous paradox: a hospital can achieve near-perfect accreditation scores while, in day-to-day operations, a doctor works in near-fatal condition unnoticed, and fictitious claims continue unchecked.

This is the symptom of paper compliance—formal compliance that exists only on documentation, not in operational reality. Accreditation prepared merely for survey periods, rather than embedded into organizational culture, produces paperwork instead of transformation.

Three Layers of Internal GRC Failure

The death of dr. Myta exposed three interconnected layers of internal GRC failure.

First, governance failure: a broken reporting chain. Internship supervisors were not actively present, leaving no escalation mechanism when her condition deteriorated.

Good governance does not begin with omniscient directors. It begins with information systems capable of ensuring critical issues reach leadership in time. When supervisors are absent and hierarchical culture stigmatizes reporting as weakness, leaders are deprived of the information necessary to act.

Second, risk management failure: the absence of workforce risk profiling.

International Organization for Standardization, through ISO 31000:2018, emphasizes continuous monitoring of risks affecting organizational resources. In Indonesia’s type C and D hospitals—where high JKN patient volumes intersect with chronic shortages of permanent doctors—systemic exhaustion is not an unpredictable event. It is a measurable operational risk.

Without staff monitoring systems in high-intensity units such as emergency departments, this risk remains invisible until it becomes catastrophic.

Third, compliance failure: the absence of safe speak-up mechanisms.

dr. Myta reportedly chose not to report her condition because she feared burdening colleagues and risking an extension of her internship period. This was not simply a naive personal decision; it reflected an environment where raising concerns is punished rather than protected.

In healthy governance systems, whistleblower protections are essential. Without them, real risks disappear behind formally “clean” reports.

The Same Root Cause Behind JKN Fraud

If weak internal GRC at KH Daud Arief Regional Hospital contributed to the loss of a young doctor’s life, the same weaknesses elsewhere have produced equally devastating financial losses.

At the end of 2023, BPJS Kesehatan identified potential JKN fraud amounting to IDR 866 billion. A joint audit involving the Corruption Eradication Commission, the Ministry of Health, BPJS Kesehatan, and Financial and Development Supervisory Agency found that three out of six sampled hospitals had submitted fictitious claims.

Out of 4,341 physiotherapy claims, only 1,071 had valid medical records; more than 3,200 were suspected to be fraudulent. In cataract procedures, only 14 out of 39 claimed patients matched the diagnosis records.

By September 2025, the Corruption Eradication Commission reported cumulative state losses exceeding IDR 100 billion across 50 fraud cases since 2024. Fraud schemes evolved continuously: phantom billing, diagnosis upcoding, manipulation of hemophilia therapy claims, and even ICU ventilator claims for treatments involving only ordinary oxygen masks.

These shifting schemes are not merely evidence of criminal creativity. They signal governance gaps left open for too long.

Under Donald Cressey’s Fraud Triangle theory (1950), fraud emerges when pressure, opportunity, and rationalization converge.

The pressure came from financial strain. A survey by Indonesian Hospital Association in October 2024 found delayed claims in several provinces reaching 37 percent of total monthly submissions.

Opportunity existed because internal audits were irregular and external oversight remained episodic.

Rationalization grew within organizational cultures that tolerated misconduct in the name of operational survival.

Among these elements, opportunity is the most controllable through systemic intervention—and its root lies in weak internal GRC: absent clinical audits, fragmented medical-record controls, and inactive supervisory boards failing to review claims regularly.

From Periodic Certification to Continuous Governance

The greatest irony is that the necessary regulations already exist.

The 2024 KARS framework already includes good corporate governance, clinical governance, risk management, and fraud prevention. Ministerial Regulation No. 16/2019 defines directors’ anti-fraud responsibilities. Law No. 17/2023 on Health reinforces obligations to protect healthcare workers.

The problem is not the absence of regulation.

The problem is that these frameworks operate within a regime of periodic verification that fails to capture everyday operational realities. Three-year accreditation cycles, reactive claim audits, and occasional ministry inspections leave dangerous gaps between oversight points.

Indonesia therefore needs a paradigm shift: from compliance-as-certification to compliance-as-culture.

This requires at least three structural reforms:

1. Truly independent internal audit units in all hospitals, reporting directly to supervisory boards rather than to the same directors they are supposed to monitor.
2. Integration of healthcare worker safety and welfare indicators into accreditation assessments, creating structural incentives for directors to monitor staff conditions rather than focusing solely on patient-output metrics.
3. Real-time interoperability between hospital information systems, BPJS claim systems, and electronic medical records, enabling anomalies to be detected within days rather than months.

Two Victims, One Urgent Reform

The death of dr. Myta and the billions lost through JKN fraud are two expressions of a system that has lost its integrity.

Indonesia operates 3,216 hospitals serving more than 270 million people, including over 218 million JKN participants who depend daily on the honesty and reliability of the healthcare system.

At this scale, weak hospital GRC is no longer merely a corporate governance issue. It is a national health security issue.

Every rupiah lost to fraud is funding diverted from sick patients who genuinely need care. Every doctor who collapses under systemic neglect represents lost capacity in an already understaffed healthcare system.

The Ministry of Health, BPJS Kesehatan, Hospital Accreditation Commission, the Corruption Eradication Commission, and regional governments as owners of public hospitals must establish an integrated hospital GRC standard—one that not only regulates what exists on paper, but continuously verifies what actually works in practice, every day rather than every three years.

Because as long as oversight remains periodic, the gaps will remain. And as long as those gaps remain open, both human lives and public money will continue to be at risk.