Before and After: Healthcare Users and Professionals Perceptions on Implementation of eHealth Privacy Protection Laws in United Arab Emirates

Immanuel Azaad Moonesar, Fatima Mohamed AlMarzooqi and Jawahitha Sarabdeen

United Arab Emirates National Agenda and Dubai Strategic Plan 2021 aims to make the United Arab Emirates among the best countries by providing world-class healthcare in collaboration and partnership with stakeholders of public and private sectors. E-health has become of paramount importance over the last two decades, where the overall reduce the cost of provision of healthcare, improve quality of care, and reduce medical errors. In the United Arab Emirates, Dubai Healthcare City maintains its data protection system (Regulations No. 7 of 2013). The DHCC is a free zone and the healthcare hub of Dubai, where it hosts a group of international healthcare professionals and service providers. If the patients are reluctant or refuse to participate in the health care system due to a lack of privacy laws and regulations, the benefit of the full-fledged e-health care system cannot be materialized. The most significant problem is the protection of patients’ data privacy. Medical records form an essential part of patient management that includes a variety of patient information that might have sensitive patient data. Therefore, the major challenge is maintaining electronic medical records data privacy. Studies to measure user’s perceptions of such technologies are limited in the Eastern Meditteranean region. In February 2019, the President of the UAE issued Federal Law No 2 of 2019 (Health Data Law), which regulates the use of information technology and communications (ITC) in the healthcare sector and the Cabinet resolution no. (40) of 2019 Concerning the Executive Regulation of Federal Decree-Law No. (4) of 2016 on Medical Liability. These laws are the first piece of federal legislation in the UAE that directly addresses data protection principles. The laws introduce familiar data protection concepts such as purpose limitation, accuracy, security measures, and consent to the disclosure, similar to the GDPR.