Published: Oct 8, 2020

Abu Dhabi, UAE Issues Standard on Healthcare Data Privacy

The Department of Health Abu Dhabi (‘DOH’) issued a new policy on patient healthcare data privacy in September 2020 (‘Data Privacy Standard’). The Data Privacy Standard addresses identifiable patient health information, also called protected health information (‘PHI’), setting the minimum data protection requirements including:

  • Circumstances in which PHI may be used or disclosed;
  • Secure and optimal use of PHI;
  • Operational policies, standards, and practices; and
  • Security and safety of PHI to maintain confidentiality, integrity, availability, and privacy.

The standard applies to all categories of healthcare entities regulated by the DOH in the Emirate of Abu Dhabi as well as healthcare professionals, insurance providers, service providers, vendors, brokers and third-party administrators who have access to and are processing or storing PHI related to Abu Dhabi patients.

In line with the federal ICT Health Law (please see our article entitled ‘The Federal Law regulating the Use of Information and Communication Technology in the UAE Healthcare Sector‘ for further information), it remains that no entity is permitted to store, develop, or transfer PHI outside the United Arab Emirates that is related to health services provided within Abu Dhabi, except in cases where an exception to do so is issued by the DOH in coordination with the Ministry of Health and Prevention.

Entities are required to have a privacy policy and procedures in place that describes the way they collect, use, and disclose PHI, including guidelines on data collection, processing, security, localisation, and retention. Further, entities must communicate with relevant health authorities within 24hrs of initial knowledge of a data breach and implement an incident response management plan and investigate the incident.

The DOH requires that the entities to which this standard applies perform a privacy risk assessment to understand and implement the controls as appropriate, including for situations where the patient is receiving treatment via telemedicine, remote care and for medical tourism. Further, DOH expects that such entities will execute periodic privacy compliance programs and perform compliance audits to evaluate the effectiveness of the implemented privacy program.

Al Tamimi & Company’s Healthcare sector and Technology, Media, and Telecommunications Department regularly advises on data privacy matters in the UAE as well as assists client to carry out risk assessments. For further information, please contact healthcare@tamimi.com.

 

Key Contacts:

Christina Sochacki
Senior Associate, Healthcare
c.sochacki@tamimi.com

Andrew Fawcett
Senior Counsel, Technology, Media & Telecommunications
a.fawcett@tamimi.com

Related Insights

back Chat with us

Disclaimer: This chat service should not be relied upon as a substitute for professional advice which takes account of your specific circumstances and any changes in the law and practice. No warranty is made as to the accuracy or completeness of the information provided via this service and no liability is accepted by Al Tamimi & Company Limited, its affiliates, partners or employees for any loss arising as a result of reliance upon the information provided.

I Agree   

Kindly accept the disclaimer to proceed to a live chat.

Please choose one of the following options below:

Thank you for your inquiry. We will connect you to one of our agents now.

Thank you. Which service are you looking for?

Thank you for your interest in working with Al Tamimi & Company. Please click here to view our latest job openings.

Please click here leave a message and we will get back to you shortly.

Chat