The UAE Department of Health Abu Dhabi has formally launched its audit program to assess the compliance of licensed entities and professionals with its suite of data privacy and information security standards, including the Abu Dhabi Healthcare Information and Cyber Security Standard. As well as allowing the Department of Health to identify areas for improvement, such audits also increase the risk of penalties for regulated entities who are yet to embed these standards in their operations.

Digital service providers should be ready to demonstrate that their services comply with the law and to answer more specific questions linked to the security features of their services, including authentication processes, levels of encryption and vulnerability and incident management processes. Data localisation will, in many cases, be a more sensitive issue but must be addressed as we can also expect to see an increase in the number of requests to configure (or reconfigure) digital services so that health data does not leave the UAE.