RSU PKU Muhammadiyah Bantul have been using information technology to improve health care in their area. One of the uses of information technology is in medical record information system. The existence of medical record information system will help to manage all medical record data. But with applying information system its data need to be secured, while there still less knowledge and understanding about medical record information system security. Therefore, it?s needed to have an audit using the standard of ISO 27001 to get a convenient security service for a medical record information. The audit of ISO 27001 used because this standard focus at information system security and use as the national standard of Indonesia. This standard contains complete determination to discover information system security. This research managed to give an assessment for medical record information system security of RSU PKU Muhammadiyah Bantul with maturity value of 2,2 (Repeatable but Intuitive). So medical record information system security of RSU PKU Muhammadiyah Bantul is good enough because it?s been followed the information system security procedure. But the hospital management is not paying attention regarding the understanding of their employees about information system security for their medical record information system.