Book an appointment with us, or search the directory to find the right lawyer for you directly through the app.
Find out moreWe are excited to share the latest edition of the Law Update, beautifully and appropriately titled “Sustainable Horizons: The Saudi Arabian Vision.” Giving special honor to the Kingdom’s 2030 vision, this update focuses on a collection of both informative and inspiring articles.
For those in construction, you can learn about how the tendering environment impacts risk-pricing for contractors, the updates on the legal framework of the construction industry and how contractors can protect themselves against financial difficulties.
There is good news too from the kingdom’s banking sector, from which the practice of “Open Banking” is being pushed for! But what is open banking? We’re answering that too.
Also . . . Are there any women trail blazers in Saudi Arabia you can name? We’ll help you with that. We cover how the Middle East has been making strides in empowering women in the entrepreneurial space,most notably in STEM fields.
Read the full editionHow patient data is processed in the Kingdom of Bahrain has been altered by Law No. 30 of 2018 promulgating the Personal Data Protection Law (PDPL), which came into effect on 1st of August 2019. While the PDPL affects almost all businesses in the Kingdom, the health sector will be particularly impacted as, by its very nature, healthcare involves the collection of significant amounts of personal data to deliver services to patients.
Our Law Update article regarding the PDPL’s general applicability can be found here. In this alert, we focus on the healthcare sector.
Under PDPL any data related to a person’s health is categorised as “sensitive personal data” and is subject to specific processing conditions.
The PDPL expressly allows sensitive personal data to be processed without the consent of the data subject where the processing is necessary for “preventive medicine, medical diagnosis, provision of healthcare or treatment, or for the management of healthcare services which is carried out by a licensed member of a medical profession, or by any other person who is bound by a duty of confidentiality as imposed by law”.
However, this exception is not a complete exemption from the PDPL’s requirements. Here are some examples of the PDPL’s requirements with which health organisations in Bahrain now need to comply.
The PDPL includes provisions that require a data controller to, amongst other things, notify data subjects of certain information, including the purpose and location of any data that is collected. Further, the data subject now has a statutory right to access their personal information and to object to processing of their data in certain circumstances.
With patient health data collected at points ranging from doctor’s surgeries to specialised healthcare facilities, the data footprint of an individual patient can be highly fragmented. Under the PDPL, healthcare organisations must better understand how their patient information is collected and where it is stored.
Under the PDPL even where a data subject has consented to the processing of their personal data, for consent of the data subject to be considered to be valid, the consent has to meet certain perquisites including that:
Data controllers are legally compelled to have in place appropriate technical and organisational measures to protect the patient data against unauthorised or unlawful processing and against accidental loss or destruction of, or damage. Such measures have to be appropriate to the harm that might result and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures.
If they have not already done so, health organisations in Bahrain must review their policies, procedures, and practices for how they process patient data in order to comply with the PDPL.
Al Tamimi’s specialist healthcare and TMT lawyers, and members of our Bahrain office, can assist you with the necessary steps you need to take to comply with the new law. For more details on our offering and how we can assist you, please contact us at healthcare@tamimi.com.
Andrew Fawcett
Senior Counsel, TMT
a.fawcett@tamimi.com
Christina Sochacki
Senior Associate, Healthcare
c.sochacki@tamimi.com
Foutoun Hajjar
Partner, Head of Office – Bahrain
f.hajjar@tamimi.com
To learn more about our services and get the latest legal insights from across the Middle East and North Africa region, click on the link below.