Legal Updates


UAE: The Health Data Protection Law


As a result of the fast-paced growth of the market for medical and health technology, the United Arab Emirates’ (“UAE”) Government has passed UAE Federal Law No (2) of 2019, (the “Health Data Protection Law” or the “Law”) to regulate health data and information through the use of information and communication technology in the country.

Through this law, the Government seeks to ensure the optimum use of information and communication technology in health fields and the consistency of principles, standards and practices adopted with their internationally accredited counterparts. As well as enabling the Ministry of Health and Prevention (the “Ministry”) to regulate and ensure the safety and security of health information at the state level.

The Health Data Protection Law will take effect in May 2019 and its Executive Regulations are expected to be published by August 2019. All entities operating in the UAE in the health fields (including Free Zones), specifically those that provide health services, insurance, guarantee and management or electronic services in the field of health as well as entities that are indirectly related to the application of the provisions of this law shall comply. Penalties shall be imposed on entities that do not conform to the Law.

Under this law several aspects of data and information protection are regulated, including but not limited to:

  • Confidentiality, purpose limitation and accuracy of data
  • Availability of information and facilitation of access to it when needed
  • Regulation of electronic health information systems
  • Patient confidentiality and its exceptions

The two major updates based on this Law are:

  • Establishing a Central System for collecting and transferring healthcare data and information by the UAE Ministry of Health and Prevention that will be regulated by this Law’s Executive Regulations;
  • Prohibiting the storage, amendment and transfer of health care data and information that relate to health services provided in the UAE to any party outside of the UAE.

Finally, the “Health Data Protection Law” repeals any provisions that are contrary to or inconsistent with its provisions.

TLG’s Corporate & Commercial Division is pleased to be of service to any concerned party by ensuring effective legal compliance with the provisions of this new law to avoid any financial or administrative penalties and may assist in obtaining authorization from the Ministry and joining the new Central System while abiding by its regulations.