Book an appointment with us, or search the directory to find the right lawyer for you directly through the app.
Find out moreThe first Law Update of 2024 is here, and our first focus of the year spotlights Healthcare and Lifesciences, a sector that is undergoing significant growth and development across the MENA region.
Our focus provides an insight into some of the most important regulatory updates across the region, such as the UAE’s groundbreaking law on the use of human genome, Kuwait’s resolution on nuclear and radioactive materials, the new regulations for healthcare services in Qatar, Egypt’s healthcare regulatory framework, and the impact of the Saudi Civil Transactions Law on the healthcare and life sciences sector … and there is so much more!
Beyond the healthcare pages our lawyers share with you multi-sector insights where you will discover articles on Dubai’s DIFC regulatory framework for startups, Bahrain’s commercial agencies law, and we also shed light on Kuwaiti civil code and the advantages of setting up a joint stock company in Saudi Arabia.
Read the full editionThe Department of Health Abu Dhabi (‘DOH’) issued a new policy on patient healthcare data privacy in September 2020 (‘Data Privacy Standard’). The Data Privacy Standard addresses identifiable patient health information, also called protected health information (‘PHI’), setting the minimum data protection requirements including:
The standard applies to all categories of healthcare entities regulated by the DOH in the Emirate of Abu Dhabi as well as healthcare professionals, insurance providers, service providers, vendors, brokers and third-party administrators who have access to and are processing or storing PHI related to Abu Dhabi patients.
In line with the federal ICT Health Law (please see our article entitled ‘The Federal Law regulating the Use of Information and Communication Technology in the UAE Healthcare Sector‘ for further information), it remains that no entity is permitted to store, develop, or transfer PHI outside the United Arab Emirates that is related to health services provided within Abu Dhabi, except in cases where an exception to do so is issued by the DOH in coordination with the Ministry of Health and Prevention.
Entities are required to have a privacy policy and procedures in place that describes the way they collect, use, and disclose PHI, including guidelines on data collection, processing, security, localisation, and retention. Further, entities must communicate with relevant health authorities within 24hrs of initial knowledge of a data breach and implement an incident response management plan and investigate the incident.
The DOH requires that the entities to which this standard applies perform a privacy risk assessment to understand and implement the controls as appropriate, including for situations where the patient is receiving treatment via telemedicine, remote care and for medical tourism. Further, DOH expects that such entities will execute periodic privacy compliance programs and perform compliance audits to evaluate the effectiveness of the implemented privacy program.
Al Tamimi & Company’s Healthcare sector and Technology, Media, and Telecommunications Department regularly advises on data privacy matters in the UAE as well as assists client to carry out risk assessments. For further information, please contact healthcare@tamimi.com.
Christina Sochacki
Senior Associate, Healthcare
c.sochacki@tamimi.com
Andrew Fawcett
Senior Counsel, Technology, Media & Telecommunications
a.fawcett@tamimi.com
To learn more about our services and get the latest legal insights from across the Middle East and North Africa region, click on the link below.