The final Law Update of 2022 is here, and it’s packed full of articles. The double edition features two focus areas, first is a spotlight on Energy and Resources and second we feature a collection of articles on Transport and Logistics. The developments occurring in these sectors in the MENA region are unprecedented and our lawyers cover vast themes for you.
The Energy and Resources focus features topics such as diversifying energy resources, solar PV, mining in the Middle East, renewable energy and green hydrogen. From a transport perspective, we draw attention to the Bahrain metro project, discuss the challenges and remedies associated with the repossession of an aircraft, and there is advice on what to consider should a party vary the terms of a shipping contract.
This edition navigates you through updates from across jurisdictions such as, Oman, Jordan, Saudi Arabia, Egypt, Iraq, Qatar, and the UAE. Each article is timely and provides insights into legal issues and cases that are affecting these sectors across the region.Read the full edition
Last year, a federal law was issued to regulate the use of information communication technology ( ‘ICT’) in the healthcare sector through the United Arab Emirates ( ‘UAE’), including in free zones (Federal Law No. 2 of 2019 ( ‘ICT in Health Law’)). While the ICT in Health Law came into force in May 2019, much of the key elements of the law were left to implementing regulations. At the core of the ICT in Health Law, it provided a basic framework, introducing a general prohibition on the transfer of health data outside the UAE and providing for the establishment of a central healthcare IT system ( ‘Central System’) for the purposes of collection, storing, and exchanging health data for all patients in the UAE. (Please see our summary of the ICT in Health Law, available here: https://www. tamimi.com/law-update-articles/the-federal- law-regulating-the-use-of-information-and- communication-technology-in-the-uae-
While further implementing regulations are still expected, in late April 2020, the Cabinet issued its first set of executive regulations to the ICT in Health Law (Cabinet Resolution No. 32 of 2020 ( ‘ICT in Health Regulation’), which come into force in November 2020.
The ICT in Health Regulation has now specified the controls and protocols for the establishment, operation, and permitted access to the Central System. We outline the significant aspects of these below.
Obligations required of health authorities and concerned entities joining the Central System include:
Under the ICT in Health Law, ‘concerned entities’ include any authority or entity in the UAE providing health services, health insurance services, facilitation, claims management, electronic health services, or any entity directly or indirectly associated with the application of the ICT in Health Law.
The Ministry, in co-operation with health authorities and concerned entities, will also determine the procedures taken to ensure the quality of personal health data placed in the Central System.
The Ministry will also have the authority to audit any health data stored in the Central System to ensure the data’s authenticity, quality, and its compliance with national digital health standards.
A new joint committee is to be formed by the Ministry, together with the health authorities and concerned entities; the aim of the committee is to govern the implementation of new joiners to the Central System.
The health authorities and concerned entities have the authority to determine the persons authorised to access the Central System, as long as they meet certain safety and privacy standards set out by the Ministry.
Health authorities and the concerned entities must determine the persons authorised to access the Central System, on an as-needed basis, and depending on the professional role.
No person may use the Central System unless authorised to do so by the health authorities or the concerned entities, in accordance with the following controls:
Importantly for individuals, they may:
After obtaining permission, every person authorised to have access to the Central System has a duty of confidentiality to take all the necessary steps to protect the data and information in the Central System In particular, in respect of a patient’s data:
Storing health data and information by means of ICT has to be according to specified controls including:
The Ministry, in conjunction with health authorities, is to issue the necessary decisions to implement the ICT in Health Regulation.
The ICT in Health Regulation prescribes controls and protocols necessary for the establishment and operation of the Central System including how it will be accessible to health authorities and other concerned entities in the health sector and the parameters on how the data can be used.
While the establishment of the Central System is a significant feature of the ICT in Health Law, it is not the only notable feature of the law.
Importantly, Article 13 of the ICT in Health Law provides that it is not permitted to store, develop, or transfer data and health information outside the UAE that is related to health services provided within the country, except in cases where a decree is issued by the health authority in co- ordination with the Ministry.
The ICT in Health Regulation is focused solely on the Central System and appears to be a preliminary guideline as further decisions are still needed by the Ministry and health authorities to implement them. We expect that further implementing regulations, or guidance at the emirate health authority level will be issued to detail further, for example, the process for a healthcare facility to join the Central System and the associated deadlines. Further, we are awaiting additional implementing regulations, or guidance from the individual emirate health authority level, to clarify the ICT Health Law’s restriction on the transfer of health data outside the UAE and permissible exceptions.
For further information, please contact firstname.lastname@example.org.