Published: Mar 20, 2019

UAE Implements Law on Information and Communication Technology in Healthcare

The United Arab Emirates has issued Federal Law No. 2 of 2019, Concerning the Use of the Information and Communication Technology in the Area of Health (“ICT Health Law”). The ICT Health Law applies to all methods and uses of information and communication technology (“ICT”) in the UAE healthcare sector, including in free zones, and comes into force in May 2019.

Establishment of a central exchange

Under the law, the Ministry of Health & Prevention (“Ministry”) sets out to establish a central electronic health data and information exchange (“HIE”), to facilitate confidential access, collection and exchange of health data and information within the UAE. The local emirate health authorities are empowered to establish the rules, standards and controls for their own electronic data and health information systems, such as the methods of operation, exchange of data and information and their protection, as well as access to and copying of data and information. However, the health authorities in the UAE must join the central HIE, in accordance with the regulations and procedures that are to be specified in the subsequent executive regulations. The executive regulations are to be issued within six months of the publication of this law.

National ICT strategy

The Ministry, in coordination with the local emirate health authorities, is to develop and implement a national strategic plan concerning the use of ICT in healthcare, as well as setting mandatory procedures for using ICT. One of the goals is to ensure compatibility and interoperability between information systems to procure valid, credible, and accessible health data and information. The executive regulation will further set out the conditions and controls of storing health data and information within the UAE.

Prohibition on sending health data outside the UAE

The ICT Health Law expressly prohibits handling, transferring or storing of medical records and health information outside the UAE, except where a resolution is passed by the relevant authorities. This may pose a problem for UAE healthcare facilities that have relationships with foreign vendors.

Healthcare data retention

Further, health information and data must be maintained through ICT for a period of 25 years from the last healthcare interaction of the concerned patient; the executive regulations are set to elaborate upon this obligation.

Healthcare providers, health insurers and insurance related services, medical device and pharmaceutical companies, and healthcare technology companies, amongst others, should audit their current practice for compliance with the ICT Health Law.

Should you require any advice concerning the use of Information and Communication Technology in the healthcare sector, we would be happy to assist. In a forthcoming Law Update article, we will expand upon this development.


Key Contacts:

Andrea Tithecott
Partner, Head of Regulatory, Head of Healthcare

Martin Hayward
Head of Technology, Media & Telecommunications

Christina Sochacki
Senior Associate, Healthcare

back Chat with us

Disclaimer: This chat service should not be relied upon as a substitute for professional advice which takes account of your specific circumstances and any changes in the law and practice. No warranty is made as to the accuracy or completeness of the information provided via this service and no liability is accepted by Al Tamimi & Company Limited, its affiliates, partners or employees for any loss arising as a result of reliance upon the information provided.

I Agree   

Kindly accept the disclaimer to proceed to a live chat.

Please choose one of the following options below:

Thank you for your inquiry. We will connect you to one of our agents now.

Thank you. Which service are you looking for?

Thank you for your interest in working with Al Tamimi & Company. Please click here to view our latest job openings.

Please click here leave a message and we will get back to you shortly.