E-Health – Just what the doctor ordered

Nick O’Connell - Partner, Head of Digital & Data - Saudi Arabia - Digital & Data

Concerns such as rising costs and scarce resources (including scarcity of qualified healthcare professionals) provide a further push towards using technology as a means to improve efficiency in the provision of healthcare services. In this article, we briefly outline some key areas covered by the term ‘e-Health’, and touch on some legal considerations.


The term ‘e-Health’ is an umbrella term that covers a variety of concepts. Essentially, it refers to leveraging advancements in information technology for healthcare-related purposes. The term encompasses a range of ‘front of house’ and ‘back of house’ equipment and systems. These include prescription management systems, mobile or internet based patient monitoring systems, patient records management systems, electronic bill payment systems, image archiving systems, communications systems, and a variety of other examples. e-Health stakeholders include patients, healthcare professionals and healthcare providers, as well as vendors of technology, pharmaceuticals, healthcare equipment and consumables, insurance companies, and healthcare policy makers.

The systematic collection of electronic health information about individual patients in a digital format capable of being shared in a variety of healthcare settings is often seen to be the backbone of developing a sophisticated e-Health system. So called “EHR” (Electronic Healthcare Records) can handle a range of data, from individual medical histories and demographic-type information through to test results, radiology images and billing information. e-Health is fundamentally dependent upon Electronic Healthcare Records and the collection and sharing of patient data, so data protection and privacy laws will clearly have an impact on the development of e-Health systems.

Countries in which there has already been extensive investment in the e-Health systems tend to have relatively sophisticated legal protection for personal data. In contrast, countries that have not yet had much investment in e-Health systems tend to have no legislation specifically pointed to the protection of privacy. While the UAE does not have any federal data protection law, the significance of personal data in a healthcare context has been recognized to some extent – albeit in quite limited circumstances.

  • The Abu Dhabi Health Insurance Law [Abu Dhabi Law 23 of 2005] makes some mention of the requirement to treat patient files of insured persons as confidential and to ensure that they are inaccessible to third parties.
  • Dubai Healthcare City (a healthcare free zone in Dubai), has its own data protection regulations, the Health Data Protection Regulations [DHCC Regulation No. 7 of 2008]. 
    While the Dubai Healthcare City regulations are comprehensive, and based on international best practice, they only apply to healthcare providers licensed in the Dubai Healthcare City free zone. Similarly, the Abu Dhabi Health Insurance Law relates only to insurance companies operating in Abu Dhabi.

A data protection law of federal application that includes specific provisions relating to personal data in an e-Health context is something that needs to be considered if the UAE is going to be able to develop a world-class e-Health system. Such a law would need to reflect international best practices, including requiring that personal data be collected only for specified and legitimate purposes, and allowing data subjects to access data held about them and to request corrections where such information is incomplete or inaccurate.

e-Health is not only about data protection. As with the provision of any product or service, be it an e-Health product or otherwise, there will typically be a contract for the sale of goods, and the Commercial Transactions Law is likely to provide a basis for determining disputes. Where e-Health products are sold as consumer goods, the Consumer Protection Law, and the guarantees contained within it, are likely to provide protection against substandard or defective goods. Issues such as defectiveness, failure to match descriptions or reasonable standards, failure to comply with local licensing requirements (including regulatory approval for medical devices or regulatory approval for telecommunications apparatus) are just some examples of other types of legal issues that could arise in the context of e-Health goods and services.


One area of e-Health that is developing swiftly is ‘m-Health’, a term used for the provision of healthcare services supported by mobile devices. There are a number of factors that have caused m-Health products and services to boom. Mobile phones are ubiquitous, even in developing countries where large segments of the population do not have convenient physical access to healthcare providers due to factors such as a shortage of healthcare workers and the distance and cost of travelling to visit a clinic. In developed countries, sophisticated smartphones and tablet computers have functions and processing capabilities that, until relatively recently, would have been considered the stuff of science fiction – and this has also led to an increase in the potential to use such devices for m-Health purposes.

m-Health is particularly useful for providing public health education and awareness, training for healthcare workers, diagnostic and treatment support, data collection, remote monitoring and helpline-type services. SMS messages offering discreet public health information and mobile apps that result in better maintenance of a clinic’s appointment schedule are basic examples of m-Health in action. Another example, particularly applicable in the UAE where diabetes is a significant public health issue, is the use of monitoring equipment linked with mobile devices to provide real-time analysis of a patient’s insulin requirements.

In the UAE, as in many other countries around the world, e-Health is at a relatively early stage in its development. Recently, both telecommunications operators in the UAE, Etisalat and du, announced their involvement in the development and provision of e-Health services. Etisalat announced that it is working closely with the Health Authority Abu Dhabi (HAAD) to share ideas and expertise to implement a community-wide program to address health issues such as diabetes and cardio-vascular disease. In collaboration with Dubai Healthcare City, du has launched an application that puts users in contact with health professionals 24 hours-a-day, reducing unnecessary visits to emergency rooms and over utilization of healthcare services.

The integration of technology in the healthcare sector has great potential to improve healthcare generally. It can improve healthcare decision-making by both patients and healthcare providers, and it can improve the speed and accuracy of information upon which healthcare decisions are made. These types of efficiencies are likely to be seen as desirable by all healthcare stakeholders.

Al Tamimi & Company’s Technology, Media & Telecommunications team is able to assist with the wide variety of e-Health and m-Health related legal issues. We have a range of experience applicable to e-Health offerings, including experience with the legal side of e-payment systems, development of mobile phone applications, provision of data storage services, data protection, cloud computing, and a ranghe of other technology-related legal matters.

For further information on any legal matters relating to technology, including healthcare technology, please contact or Nick O’Connell (n.oconnell@tamimi.com) in Dubai, or Waldo Steyn (w.steyn@tamimi.com) in Abu Dhabi.