Book an appointment with us, or search the directory to find the right lawyer for you directly through the app.
Find out moreWe are excited to share the latest edition of the Law Update, beautifully and appropriately titled “Sustainable Horizons: The Saudi Arabian Vision.” Giving special honor to the Kingdom’s 2030 vision, this update focuses on a collection of both informative and inspiring articles.
For those in construction, you can learn about how the tendering environment impacts risk-pricing for contractors, the updates on the legal framework of the construction industry and how contractors can protect themselves against financial difficulties.
There is good news too from the kingdom’s banking sector, from which the practice of “Open Banking” is being pushed for! But what is open banking? We’re answering that too.
Also . . . Are there any women trail blazers in Saudi Arabia you can name? We’ll help you with that. We cover how the Middle East has been making strides in empowering women in the entrepreneurial space,most notably in STEM fields.
Read the full editionAndrew Fawcett - Partner - Digital & Data
This illustration is inspired by the original photograph of Lunch atop a Skyscraper.
Federal Law No.2 of 2019 on the use of information and communications technology (‘ICT’) in health fields in the UAE (‘ICT Health Law’) introduced national regulations to allow the Ministry of Health and Prevention (‘MOHAP’) to collect and analyse health data at a state level in the UAE.
One of the most impactful provisions of the ICT Health Law was that it mandated that health information and data related to services provided in the UAE could only be processed, generated, or transferred outside of the UAE in cases prescribed by virtue of a decision issued by a local Emirate health authority, in coordinaton with MOHAP.
This restriction on the movement of health data was problematic for health care providers whose services involve the movement of health data across borders. This was particularly impactful given that, for a period of nearly two years, there were no formal decisions by the regulators permitting the transfers outside of the UAE.
MOHAP has since addressed the situation. In April of 2021, Ministerial Resolution concerning Federal Law No.2 of 2019 on the use of Information and Communication Technology in Health Fields and Executive Regulation (‘Resolution’) introduced several clarifications and exceptions to the data localisation restriction in ICT Health Law.
The Resolution defines the phrase “health services provided within the [UAE]” as “any health work or procedure carried out by a health facility operating within the [UAE], whether it is within the scope of diagnosis, prevention, treatment, rehabilitation or health monitoring.”
Generally, the default position remains that health information and data may not be stored or transferred outside of the UAE. However, the Resolution expressly provides for 10 circumstances wherein the transfer of health information and data outside of the UAE may be permissible.
Those 10 exemptions are as follows:
In addition, the Resolution states that certain conditions must be fulfilled in order to render the aforementioned cases listed in exemptions 1, 2, 5 and 7 above fully permissible.
Those conditions are as follows:
In addition to these controls, a copy of the relevant health information and data must be kept and stored inside the UAE, as well as documentation of consent for the transfer or storage outside of the UAE for the exemptions in clauses 5, 7, 8 and 10 above.
The health data and information listed in exemptions 3 and 5 are subject to the following controls:
Exemption 3 maintains an additional control requiring that the sharing of data and information must be made for the purpose of scientific research only, and not be used for purposes other than the research being carried out.
Health data and information transferred under exemption 4 are subject to the following controls:
A patient who comes to the UAE on a visitor visa may transfer their health data and information outside of the UAE at their request or for the purpose of fulfilling the health insurance requirements.
While the Resolution provides welcome guidance on when health data may be transferred outside of the UAE, the exemptions remain limited and subject to particular controls. Accordingly, any business that wishes to rely on any of the exceptions must ensure proper comprehension and compliance with the exception and its conditions.
For more information on how we can help, please contact either our specialist Healthcare practice group or Digital & Data teams
To learn more about our services and get the latest legal insights from across the Middle East and North Africa region, click on the link below.