Onshore healthcare legislation also applies to ADGM entities

In brief

On 11 January 2023, the Abu Dhabi Global Market (ADGM) published on its website the news about the issuance of the ADGM Healthcare Regulations 2022 (“Healthcare Regulations“). The Healthcare Regulations adopt the Abu Dhabi onshore healthcare legislation – including the regulations and circulars issued by the Department of Health Abu Dhabi (DoH) – into ADGM’s legislative framework.

Key takeaways

  • The Healthcare Regulations extend the scope of the onshore health sector legislation applicable in the Emirate of Abu Dhabi to all ADGM Licensed Entities (i.e., entities licensed to operate in the ADGM).
  • Only entities with a license are allowed to practice any activity in the health sector “in or from” the ADGM.
  • The procedure to obtain a license will involve the ADGM Registration Authority at an early stage, then the DoH will be engaged to provide a technical “pre-approval”, and then the matter will be passed back to the ADGM Registrar to finalize the process of the application and grant the commercial license.
  • Once the ADGM Registrar grants the license, companies will need to obtain a final license from the DoH.
  • The DoH now has the authority to monitor, inspect and review the compliance of licensed entities with the applicable health sector regulations.
  • The ADGM Registration Authority and the DoH are now authorized to set, apply and collect the respective fees payable based on the activities the applicant performs during the license application process.

In more detail

The Healthcare Regulations introduce a framework to extend onshore health sector legislation to ADGM-licensed entities, as well as healthcare professionals. It also provides guidance to address potential conflicts or inconsistencies between the onshore and offshore legal requirements.

The Healthcare Regulations clarify that no health-related activities are permitted to be performed in or from the ADGM unless conducted by a Health Facility or a Health Professional (both terms, as defined in the Healthcare Regulations) who is licensed to practice in the ADGM also by the DoH.

According to the Healthcare Regulations, in order to conduct a regulated health-related activity from the ADGM, an entity must secure: (i) a commercial license from the ADGM Registration Authority; and (ii) a valid license from the DoH. Applicants should also pay administrative fees to both the ADGM Registration Authority, and the DoH for the activities carried out during the application process.

The Healthcare Regulations establish a procedure to obtain a commercial license to practice health-related activities in the ADGM, which is as follows:

  1. Initially, an assessment of the application will be conducted by the ADGM Registration Authority.
  2. If the ADGM Registration Authority decides to proceed with the application, it will refer it to the DoH to seek their technical “pre-approval”.
  3. After the DoH provides its pre-approval, the ADGM Registrar will finalize the process of the application and grant a commercial license.
  4. Following this, applicants will be referred to the DoH in order to obtain a final license.

The Healthcare Regulations also introduce new rights for the DoH to monitor, inspect and review licensed entities’ compliance with the standards, requirements, conditions and procedures it imposes.

This development can be welcomed on the basis that it creates a more uniform legal framework in the health sector throughout the Emirate of Abu Dhabi as well as provides more clarity for licensed entities on the legal requirements applicable to their activities. This development will, in practice, indirectly impact providers of health tech services – which will be required to comply with the Abu Dhabi Standard for Health Information Security and Cyber Security Standards (“Standards“) according to Circular No. 147 of 2022 recently issued by the DoH (“Circular“). For more information on the impact of the Circular, please see our previous alert here.

Notably, the Circular states that licensed entities must apply stricter cybersecurity controls, including ensuring health data are not transmitted outside of the UAE and discontinuing the use of any cloud-based services that store or utilize health data, irrespective of whether that solution is hosted within or outside the UAE. These restrictions will, in practice, override the more permissive regime for transferring sensitive personal data under the ADGM Data Protection Regulations 2021.

To speak to us in relation to any health data matters or broader data and technology issues, please reach out to the Baker McKenzie contacts below.

Author

Kellie Blyth is a partner based in Baker McKenzie's Dubai office. An experienced technology and privacy lawyer, she has been advising multi-national businesses and public institutions in the UAE and Saudi Arabia since 2012. Kellie's main focus is advising private sector clients on their strategic IT projects and on their information compliance. She also advises clients how to develop, commercialise and implement digital and technology solutions whilst managing regulatory risks. Kellie acts as a trusted advisor to some of the world's best known and most innovative technology companies.

Write A Comment