Corporate Lawyers in Dubai had in their previous article discussed the very aspects of the Federal Law for IT in the healthcare industry, hereinafter referred to as the Federal Law, which aimed at safeguarding the confidential and private information of patients and provides a surety that such information will only be shared with relevant authorities.
The implementing regulations lay down the rules and regulations pertaining to the usage and transfer of data collected by healthcare institutes. The Implementing Regulation obliges the authorities to take proper consents and approval prior to releasing any personal health-related information of the patient. They are further obliged to immediately inform the relevant authorities to report any illicit usage of health information, shall use encrypted channels to transfer any information, and shall take all due and necessary steps to prevent the misuse of confidential health information of all the patients.
The Implementing Regulation identifies with the usage of Federal Law No. 2/2019 on the Use of Information and Communication Technology in Health Fields (the “ITC Health Law”). The ITC Health Law applies to health data and the utilization of ICT in healthcare fields in the UAE whether it is in the mainland or in the free zone.
In addition, the law defines “ICT” as Information and communication technology, which is characterized in the law as the specialized or electronic devices or tools, frameworks or other media allowing the handling of data and information, including capacity, recovery, transmission, and trade. The ITC Health Law expects to protect the uprightness and secrecy of healthcare data, just as to guarantee the accessibility of, and access to, such data by approved parties or authorities.
The ITC Health Law builds up the “Focal System” which is an electronic stage for the assortment, examination, and maintenance of Health Information and Data by the MoHAP (Ministry of Health and Prevention). “Health Information” is comprehensively characterized in the law as data collected through audio, visual, or readable information related to the health sector.
Whereas, data is defined as whatever might be put away, prepared, produced, or transferred through information and communication technology, for example, numbers, letters, codes, and photographs. The law gives that the Central System, along with its electronic framework standards, principles, and controls, is to be actualized by guideline, and it is the Implementing Regulation that plans to accomplish that.
Given the idea of numerous corporate set-ups in the pharmaceutical and medicinal services working in the UAE, such an arrangement disallows the sharing of health-related data and information obtained in the country with group companies registered outside the country.
Regularly, worldwide pharmaceutical and human services organizations are required to transfer health-related data and information to a parent or associate for examination, pharma-vigilance and additionally different purposes, and hence the issuance of the implementing regulation will define the procedure of transmitting such information without contradicting the relevant law.