UAE Healthcare Data Law has restricted domestic use and banned exporting healthcare Data. This law No. 2 was issued in March 2019 and was concerned with the Use of Information and Communication Technology in the Area of Health. It curbs the utilisation of UAE health data and information. Furthermore, it was mentioned the law takes effect three months after issuance.
Article 13 of Healthcare Data Law
In Article 13 of the Healthcare Data Law directly addressed the healthcare providers, consultants and insurers. It says that if these bodies are currently doing any business with or in UAE and continue to process and store health information generated in the UAE, cease the processes. Any continuation will bring heavy penalties.
The Law of Healthcare Data demonstrated health data and information as “characterised by a health feature, whether related to the health or insurance establishments or authorities or the beneficiary of the health services”.
Health Data and Information inside and outside the UAE
The healthcare data law has presaged regarding the processing of data in the UAE. There are various already published articles which elaborated the aspects of a future central electronic system (the CES) administered by the UAE Ministry of Health. Articles on prevention also exist, which defines how the health data will be transferred, gathered and maintained in the UAE. Under this Law, written consent meets the needs for processing patient data in the UAE. New laws and rules will probably explain patient consent. In the Emirate of Abu Dhabi, the approval of patients is described under the DOH Guidelines.
Article 13 has the most controversial provision, the general prohibition for the Healthcare Data Law processing outside the UAE. The healthcare providers, consultants and insurers are mostly addressed and forbidden to gather and transfer data outskirts of UAE. Consequently, this prohibition may force a drastic change in procedure. There is only one exemption, after consulting with Ministry, an emirate health authority can allow subsequent regulations and permits the storage and processing outside the UAE of UAE Health Data generated in such emirate.
Violation of Law
If the law of Article 13 will get violated by any institution or health authority, the fine will be between AED500,000 (~US$135,000) and AED700,000 (~US$190,000). However, that health authority is entitled to suspend or terminate the license of the offending entity to access the CES. The Healthcare Data Law has placed high-level provisions with practical aspects to be effected through supplementary legislation which involves implementing regulations, a resolution from the Ministry and emirate level rules.
It is always better to make things right on time than to remorse later. Ergo, the health authorities must comply with the regime which legislatures have set out for them. Otherwise, they will get potentially exposed to material financial penalties and potential prohibition from accessing the CES when it is established.