The region is implementing legislation aimed at integrating international standards, says Christina Sochacki, Senior Associate at law firm Al Tamimi & Company

Over the past year, the healthcare and life sciences regulators have been very active across the Middle East. Amidst the continued plethora of COVID-19 related legislation, the regulators have continued to advance their healthcare systems and implement legislation aimed at integrating international standards. The region continues to focus on healthcare transformation.

UAE Healthcare Overview

The UAE is a confederation of seven emirates. While the most well-known are Dubai and Abu Dhabi, the other emirates are Sharjah, Ajman, Fujairah, Umm al-Qaiwain and Ras al-Khaimah, often collectively referred to as the ‘Northern Emirates’. At the federal level, the Ministry of Health and Prevention (MOHAP) oversees the implementation of federal government policy in relation to the provision of comprehensive healthcare for all UAE citizens and residents. MOHAP works in collaboration with the local emirate health authorities to ensure that all public and private hospitals are accredited according to clear national and international quality standards of medical services and staff performance.

The emirates of Abu Dhabi, Dubai and Sharjah have established their own health authorities, the Department of Health (DOH), the Dubai Health Authority (DHA), and the Sharjah Health Authority respectively. The remaining Northern Emirates rely on the MOHAP to act as their regulator to oversee delivery of healthcare services.

Dubai and Abu Dhabi have the most developed rules and regulations among the seven emirates with respect to healthcare matters. Both regulators have been extremely busy in 2021, not only keeping up with the fight against COVID-19, but also issuing a plethora of new and updated regulations.

Telehealth

Telehealth has remained a hot topic through the pandemic. Accordingly, in 2021, the DHA issued a swathe of new and updated legislation aimed at telehealth, including a new telehealth policy setting out the regulatory requirements for licensure of telehealth services.

Telehealth services are divided into six key areas: 1) teleconsultation; 2) telediagnosis; 3) telemonitoring (remote patient monitoring); 4) mHealth (mobile health); 5) telerobotics and robot-assisted services; and 6) telepharmacy. All telehealth services and telehealth platforms operating in Dubai must be licensed by DHA. Telehealth services are licensed under one of the following areas: 1) call centre; 2) telebooth; or 3) add-on services. It is not permitted to store, develop, or transfer data and health information outside the country that is related to health services provided within the country, except in limited cases.

In addition to the new telehealth policy, the DHA’s telehealth services standards were updated. Version 3 issued several updates, including requiring all facilities providing telehealth services, as well as all telehealth platforms intended for internal or commercial use, to obtain approval from the DHA prior to providing such services. Also included are updates to: the exceptions to store, develop, or transfer data and health information outside the country; requirements for electronic consent; and certain subsections related to telepharmacy.

Further, a new version of the DHA’s guidelines for reporting telehealth key performance indicators was issued. All telehealth service providers are required to adhere to the quarterly collection and reporting of performance indicators within the two-week deadline, as specified in the new version 3 of the guideline. Among other updates, the new version has added reporting deadlines and a new KPI on the percentage of telehealth calls from outside the Emirate of Dubai.

A variety of clinical guidelines pertaining to managing various symptoms through telehealth were also issued by the DHA. The guidelines are presented in a format comprising of clinical history/symptoms, differential diagnosis, investigations, and management.

In addition, compliance is required with, amongst others: federal laws regarding telehealth services, the use of the information and communication technology (‘ICT’) in healthcare, and medical liability; the National Electronic Security Authority Standards and Guidelines for Cyber Security; the Telecommunications and Digital Government Regulatory Authority for Voice Over Internet Protocol channel requirements related to telehealth; the Dubai Health Insurance Corporation requirements for telehealth approval processes e-claims, reimbursement, and documentation; and applicable DHA standards.

Artificial Intelligence

Keeping pace with developments in digital health, the DHA issued a new policy on artificial intelligence (AI) solutions for healthcare. All AI solutions used in the delivery of healthcare must conform to international, UAE federal, and Emirate of Dubai information laws, regulations, and guidelines with respect to human values, patient autonomy, people rights, and acceptable ethics. The policy applies to: a) all healthcare facilities and professionals licensed by DHA utilising AI in healthcare services; b) national and locally based international AI developers that utilise Dubai based population or patient clinical and nonclinical data to develop AI solutions; c) UAE based pharmaceutical manufacturers, health insurers, public health entities utilising AI solutions for healthcare services in Dubai; d) all AI solutions used by healthcare researchers involved in human research in Dubai.

Healthcare Data Privacy & Security

On the horizon, we can expect the UAE to continue to develop its legislative framework concerning healthcare information data privacy and security, which will impact any entity that processes health related information.

In 2019, the UAE’s federal law on the use of information and communications technology (ICT) in health fields (ICT Health Law) introduced national regulations to allow the MOHAP to collect and analyse health data at a state level in the UAE.

One of the most impactful provisions of the ICT Health Law was that it mandated that health information and data related to services provided in the UAE could only be processed, generated, or transferred outside of the UAE in cases prescribed by virtue of a decision issued by a local Emirate health authority, in coordination with MOHAP.

In April 2021, the MOHAP issued a Ministerial Resolution that introduced several clarifications and exceptions to the data localisation restriction in ICT Health Law (Resolution). The Resolution defines the phrase ‘health services provided within the [UAE]’ as ‘any health work or procedure carried out by a health facility operating within the [UAE], whether it is within the scope of diagnosis, prevention, treatment, rehabilitation or health monitoring’. Generally, the default position remains that health information and data may not be stored or transferred outside of the UAE. However, the Resolution expressly provides for 10 circumstances wherein the transfer of health information and data outside of the UAE may be permissible.

Additionally, the DHA issued a new policy concerning healthcare data quality. The policy is intended to cover all patient information that is recorded within the healthcare facility. The principle emphasis of the policy is on electronic medical records (‘EMR’), the documents used to populate those electronic systems, and the data extracted from them.

The policy must be followed by all healthcare facility staff involved in the collection, recording, storage, processing, or use of patient-related data, regardless of their role within the healthcare facility. All digital solutions that manage medical records/patient administrative data (e.g. EMRs, revenue cycle management) must be certified by DHA to ensure that it has the required functionality and security. Patient data covers anything that relates to health interventions, including administrative information, demographic data, diagnosis, treatment, prescribed medication, laboratory tests, physiologic monitoring
data, hospitalisation, insurance, etc.

Hospital Accreditation

In line with the Dubai Health Sector Strategy 2021 – 2071, the DHA issued a new hospital accreditation policy. It requires that all DHA licensed hospitals are accredited by an International Society for Quality in Healthcare (ISQua) International Accreditation Programme approved accreditor within 24 months from the point of licence activation.

Hospitals should fulfil the standards for operation as a hospital including, but not limited to, outpatient, inpatient services, operating theatre, and pharmacy. In addition to hospital accreditation, accreditation for other specific units, services, and/or specialised services is required – such as laboratory services – stipulated in other policies, standards or circulars issued from DHA. Evidence of maintaining accreditation must be submitted annually during facility licensure through the online Sheryan licensing system.

Further, all hospitals operating within the jurisdiction the DHA must ensure that they are onboard to the NABIDH platform as a pre-requisite to applying for a new or renewed hospital licence, effective 31/12/2021. All hospitals should have an electronic medical record (EMR) that complies with the NABIDH Minimum Data Set and standards. Hospitals have the right to choose any EMR in the market that complies with NABIDH requirements.

As the regulations in the region continue to rapidly progress, and the doors to doing business in the Middle East become more agile, we continue to anticipate promising opportunities to enter the market or expand existing businesses.