Important changes are coming for anyone who collects, processes or transfers electronic health data originating in the UAE. Besides a host of new data protection measures and new rules around use of a centralized database managed by the United Arab Emirates (UAE) Ministry of Health, a general prohibition on transferring health data outside the UAE may have a significant impact on healthcare service providers and life sciences companies operating locally.
Cloud based health solutions which involve collection, storage and processing of health data, such as wearables and health monitoring apps, may be particularly affected. While the full extent of the new requirements is still not clear, it is imperative for companies operating in the sector to carefully monitor developments.
On 6 February 2019, the President of the UAE issued Federal Law No. 2 of 2019 (the Law) which regulates the use of information technology and communications (ITC) in the healthcare sector. This eagerly anticipated Law:
- aims to raise the minimum bar for protection of health data and to introduce certain concepts which are on a par with best international practice in information law;
- continues the legislative trend towards localization of sensitive categories of data; and
- paves the way for centralized health data capture and analysis to support public health initiatives conducted by the UAE Ministry of Health.
The Law has been published in the Federal Gazette on 14 February 2019 and will come into force three months from publication. The implementing regulations which will provide further details on its application are to be issued within six months from the date of publication.
To view the full alert, please click here or the Download article button below.
To speak to us in relation to any healthcare data issues in the UAE, please feel free to contact one of the lawyers below, or your usual Baker McKenzie contact.