In brief

The long awaited Implementing Regulations under Federal Law No. 2 of 2019 concerning the Use of the Information and Communication Technology in the Areas of Health (the “Health Data Law”) were finally issued on 22 April 2020 in the form of Cabinet Resolution No. 32 of 2020 (the “HDL Regulations”). Understandably, in light of the current global health pandemic, the UAE Ministry of Health (MOH) is focusing its efforts on implementing the legal framework to establish a centralized health record database and the HDL Regulations are almost entirely focused on this topic. Unfortunately, the HDL Regulations do not provide further clarity on the proper interpretation and application of Article 13 of the Health Data Law, which contains a controversial data residency requirement.

The HDL Regulations are due to come into force six months from the date of publication and supplements the Health Data Law. You can read more about the Health Data Law in our alert here.

In this alert we also address developments introduced by the implementing regulations of Federal Law No. 4 of 2016 on Medical Liability, Cabinet Resolution No. 40 of 2019 (ML Regulations).

Key takeaways

  • The HDL Regulations will come into force six months from the date of publishing in the UAE Federal Gazette, namely on 1 November 2020.
  • The HDL Regulations set out further details concerning the establishment of a centralized UAE database of health records, which will be accessible by authorized persons across different corporate groups and health facilities.
  • Improved access to accurate and up-to-date patient data will enable UAE healthcare providers to provide superior and reliably informed treatment and should improve patient outcomes.
  • The HDL Regulations address who is authorized to use the system, how eligible persons can enroll to obtain access to it, how access controls should be managed by authorized participants and also introduces certain restrictions on how that data can be used.
  • The HDL Regulations also set out further detail on the storage of patient data, which includes a right of audit in favor of the MOH to allow them to ensure that the requirements of the law are being complied with.
  • The ML Regulations provide a more comprehensive picture of the MOH’s approach to the regulation of telehealth services, including remote patient monitoring and diagnostic services.

Read more here


Kellie Blyth is a Counsel and Head of the UAE Data and Technology practice of Habib Al Mulla & Partners, a member firm of Baker & McKenzie International, based in Dubai. An experienced technology and privacy lawyer, Kellie has been advising local and multinational clients in the technology, telecoms, financial services, insurance and automotive sectors, on their strategic IT projects, helping them develop, commercialise and implement digital and technology solutions whilst managing legal and regulatory risk.


Els Janssens is a counsel in Baker McKenzie's Brussels office, specializing in commercial law, litigation and healthcare regulatory issues. Els has been advising multinational pharmaceutical clients and investors on healthcare regulations in the EU and UAE. She has extensive industry experience having worked as senior regulatory legal counsel for Johnson & Johnson and as legal advisor in the European Medicines Agency, advising management, scientific committees, CMD(h) and the European Commission, on a wide variety of issues in the healthcare and pharmaceuticals sector.


Hani Naja is a partner in the Corporate & Commercial practice of Habib Al Mulla & Partners, a member firm of Baker & McKenzie International. He has been practicing since 2007 with a focus on M&A, reorganizations and post-acquisition integration as well as corporate structuring in the Middle East, particularly in the UAE and Qatar. Hani also advises on general commercial, corporate governance and compliance matters, and has gained substantive experience in the technology, retail, defense and government sectors.

Write A Comment