Practices
Sectors
Country Groups
Find a Lawyer

Book an appointment with us, or search the directory to find the right lawyer for you directly through the app.

Find out more

Saudi Arabia: Transformation of the Kingdom

Welcome to the Saudi Arabia focus edition of Law Update.

One of the key markets in the Middle East and North Africa (MENA) that continues to lead from the front is the Kingdom of Saudi Arabia (KSA). As the largest country in the Middle East and the 18th largest economy in the world, the progress KSA continues to make is underpinned by its Vision 2030 that envisions developing the country as an investment powerhouse and hub that ultimately connects Asia, Europe, and Africa. Given Saudi Arabia’s significance to the regional economy, our team of experts have prepared a range of pertinent articles that provide insights into new laws, regulations, and the legal landscape in the Kingdom.

This edition will provide you with an up-to-date guide on matters such as; the framework issued by the Saudi Central Bank on IT governance, the anti-corruption landscape under Vision 2030; we also provide practical tips for dispute avoidance. This is only a snapshot; there are many more articles within the KSA focus section for you to read, which we hope you will find valuable and enjoyable.

Read the edition

The leading law firm in the Middle East & North Africa region.

A complete spectrum of legal services across jurisdictions in the Middle East & North Africa.

Today's news and tomorrow's trends from around the region.

17 offices across the Middle East & North Africa.

Cancel
Find out more

Our Firm Back

Our Services Back

Our Knowledge Back

Our Offices Back

Published: Sep 9, 2020

The DoH Audit Program regarding Abu Dhabi Healthcare Information and Cyber Security Standards

The Abu Dhabi Department of Health (“DoH”) has published a Circular (DoH Circular No. (71) of 2020) which states that it will be initiating an audit program to ensure that all healthcare entities in the Emirate of Abu Dhabi are complying with the Abu Dhabi Healthcare Information and Cyber Security Standards (“ADHICS Standards”).

 

What are the ADHICS Standards?

DoH issued the ADHICS Standards on 3 February 2019 to ensure that the healthcare sector in Abu Dhabi harmonises its practices regarding privacy and information security to meet international standards and complement the Abu Dhabi Government’s Policy on the Healthcare Information Exchange (“HIE”) (dated 29/11/2018) to enhance the safety and security of health information.

Effectively there was a 12-month transition period to comply with the ADHICs standards.

 

What are the Health Information and Cyber Security Requirements within the ADHICS Standards?

The healthcare information and cyber security requirements within ADHICS Standards include standards for the following:

  • Human Resources Security;
  • Asset Management;
  • Physical and Environmental Security;
  • Access Control;
  • Operations Management;
  • Communications, Health Information and Security;
  • Third Party Security;
  • The Acquisition, Development and Maintenance of Health Information Systems;
  • Information Security Incident Management;
  • Information Security Continuity Management.

A significant control in the ADHICS Standards is Section CM 4.2 which provides that no healthcare entity can use cloud services or infrastructure to store, process or share information that contain the health information of a patient.

The control further states that healthcare entities must identify and disconnect integration of a system that processes, stores or utilises health information with any systems that connect or utilise cloud services and not share identified or de-identified health information with third parties, inclusive of counterparts and partners, unless authorised by the DoH.

 

Who is conducting the audit and what happens on completion?

The audit program will be undertaken by the Emirates Classification Society (TASNEEF) through their subsidiary TASNEEF-RINA Business Assurance (TRBA).

The audit program will be conducted in three year cycles, where in the first year of the cycle, there will be an audit conducted by TRBA to check for compliance with ADHICS, where a conformance certificate will be awarded.

In the second and third year of the cycle, there will be a surveillance audit to check for compliance with ADHICS, but no certification is provided for surveillance audits.

 

More Information

For more information regarding compliance with ADHICS Standards, Al Tamimi & Company’s Healthcare Sector and Technology, Media & Telecommunications teams regularly advise on laws and regulations impacting the healthcare sector. For further information please contact healthcare@tamimi.com.

 

Key Contacts:

Andrea Tithecott
Partner, Head of Regulatory, Head of Healthcare
a.tithecott@tamimi.com

Andrew Fawcett
Senior Counsel, Technology, Media & Telecommunications
a.fawcett@tamimi.com

Related Insights

banner-02
The 2021 Heartbeat of Healthcare in the Middle East

by Christina Sochacki

banner-02
Foreword | Healthcare and Life Sciences

by Samer Qudah

banner-02
Recent UAE Judgments: Force Majeure and Covid-19 in the UAE

by John Gaffney

banner-02
United Arab Emirates – In Case You Missed It: Key Dubai Healthcare Regulatory Developments of 2021

by Christina Sochacki

banner-02
Abu Dhabi Court accepts estoppel claim in recognising the Parties’ Arbitration Agreement

by Essam Al Tamimi

banner-02
Back to the Drawing Board: Healthcare facility planning from the drawing board to fully operational. Legal considerations concerning health regulation, real estate, and construction, for operators, developers and investors

by Andrea Tithecott / David Bowman / Leith Al-Ali