An insight piece from Clyde & Co provides greater insights into the implications of the standalone healthcare data protection law in the UAE. Federal Law No. 2/2019 regulates the use of technology in healthcare and is the first piece of federal legislation which directly addresses data protection principles. The new rules will be relevant to healthcare providers, insurers and companies delivering healthtech solutions in the UAE market. Affected organisations will include healthcare providers but also medical insurance businesses, healthcare IT system suppliers and providers of outsourced services to the health sector, such as cloud service providers.

Amongst other things, the Law establishes a central IT system and mandatory interoperability standards for the health sector throughout the UAE and creates a national IT strategy for healthcare. In addition it creates ‘data protection’ obligations and restrictions, in particular in relation to confidentiality, integrity, sharing, storage and retention of data. However there are derogations from data sharing restrictions to promote scientific and clinical research and to allow the necessary exchange of information with the insurance industry. Finally disciplinary committees in each local Emirate health authority to enforce the law and apply sanctions for breach will be established. Federal Law No. 2/2019 was published in UAE Official Gazette, 647 of 2019 on 14 February 2019.