Important changes are coming for anyone who collects, processes or transfers electronic health data originating in the UAE. Besides a host of new data protection measures and new rules around use of a centralized database managed by the United Arab Emirates (UAE) Ministry of Health, a general prohibition on transferring health data outside the UAE may have a significant impact on healthcare service providers and life sciences companies operating locally.

Cloud based health solutions which involve collection, storage and processing of health data, such as wearables and health monitoring apps, may be particularly affected. While the full extent of the new requirements is still not clear, it is imperative for companies operating in the sector to carefully monitor developments.

On 6 February 2019, the President of the UAE issued Federal Law No. 2 of 2019 (the Law) which regulates the use of information technology and communications (ITC) in the healthcare sector. This eagerly anticipated Law:

  • aims to raise the minimum bar for protection of health data and to introduce certain concepts which are on a par with best international practice in information law;
  • continues the legislative trend towards localization of sensitive categories of data; and
  • paves the way for centralized health data capture and analysis to support public health initiatives conducted by the UAE Ministry of Health.

The Law has been published in the Federal Gazette on 14 February 2019 and will come into force three months from publication. The implementing regulations which will provide further details on its application are to be issued within six months from the date of publication.

To view the full alert, please click here or the Download article button below.

To speak to us in relation to any healthcare data issues in the UAE, please feel free to contact one of the lawyers below, or your usual Baker McKenzie contact.

Author

Zahi Younes is a partner in the Saudi Arabia Corporate and Securities practice, specializing in cross-border and domestic mergers and acquisitions, divestitures, joint ventures, global corporate reorganizations, securities and capital markets. Zahi also advises clients on a broad range of technology and media-related matters including cloud computing, data centers, e-commerce/payment solutions and navigating the regulatory landscape in the Kingdom.

Author

Els Janssens is a counsel in Baker McKenzie's Brussels office, specializing in commercial law, litigation and healthcare regulatory issues. Els has been advising multinational pharmaceutical clients and investors on healthcare regulations in the EU and UAE. She has extensive industry experience having worked as senior regulatory legal counsel for Johnson & Johnson and as legal advisor in the European Medicines Agency, advising management, scientific committees, CMD(h) and the European Commission, on a wide variety of issues in the healthcare and pharmaceuticals sector.

Author

Kellie Blyth is a Counsel and Head of the UAE Data and Technology practice of Baker McKenzie Habib Al Mulla, based in Dubai. An experienced technology and privacy lawyer, Kellie has been advising local and multinational clients in the technology, telecoms, financial services, insurance and automotive sectors, on their strategic IT projects, helping them develop, commercialise and implement digital and technology solutions whilst managing legal and regulatory risk.

Author

Ghada El Ehwany is a partner in Baker McKenzie's Corporate Practice Group in Cairo. She has nearly 20 years’ experience in the Middle East, particularly in Egypt, Saudi Arabia and the UAE, focusing on corporate and commercial transactions. Ghada also advises on healthcare regulatory, structuring, insolvency, employment and compliance matters.

Write A Comment