Since the emergence of the COVID-19 pandemic, the transformation of the health sector in Indonesia has taken place with the beginning of the era of digitization of health services, one of which is the digitization of the implementation of electronic medical records through the Regulation of the Indonesian Minister of Health (PMK) No. 24 of 2022 on Medical Records. Through this regulation, the Government provides freedom for health care facilities to choose the system to be used, which can be a system developed independently, a system developed by the Ministry of Health, or can also collaborate with vendors providing information systems or partner systems for short. However, there is no detailed description of the liability for leakage of electronic medical record data whose system comes from a partner system, so that clear boundaries are needed regarding this matter. This research aims to explore the legal standing of electronic medical record system providers or system partners and the legal liability provided in the event of an electronic medical record data leak. The result of this research is the position of the partner system as a form of PSE in accordance with the provisions of Government Regulation Number 71 of 2019 on the Implementation of Electronic Systems and Transactions and the legal liability of the partner system for leakage of electronic medical record data is as a Controller of Personal Data based on Law Number 27 of 2022 concerning Personal Data Protection.