Team Karm, was proud to advise and represent our start-up client that built the 'Hayat' app. The Hayat app will use blockchain technology to create a database, allowing both nationals and expatriates to express their wish to donate organs after their death, by registering for the programme. His Highness Shaikh Mohammad Bin Rashid Al Maktoum, Vice-President and Prime Minister of the UAE and Ruler of Dubai, launched the ‘Hayat’ registry at the Ministry of Health and Prevention (MoHP) pavilion of the Arab Health forum on January 30, 2019.

Team Karm also advised another HealthTech solution targeted towards creating repository of medical records. In this month’s Newsletter we bring to you, a brief outline of the scope and ambit of the major federal laws and regulations in force for HealthTech sector; and data protection laws applicable to the healthcare sector, as they currently stand in UAE.

PART 1 of the Newsletter discusses the regulations on Organ Transplant and PART 2 of the Newsletter discusses the extant data protection laws applicable to the healthcare sector at the Federal, Emirate and Freezone level.

[Note:-The licensing regime for HeathTech sector is beyond the scope of this Newsletter. Please feel free to reach out to our team members for more information.]






As a precursor, a Healthtech solution intending to launch in UAE, requires an appropriate license to be able to set-up. At the same time, depending upon the nature of activities, the license holder shall also have to take cognizance of the applicable healthcare laws. Some of them are outlined below:

  1. Organ transplant
    In the UAE the transplantation of human organs and tissues from both living donors and the deceased is allowed in accordance with the provisions of the Federal Decree Law No. 5 of 2016 on ‘Regulation of Human Organs and Tissue Transplantation’ (“Organ Transplant Law”). The Organ Transplant Law came into force in March, 2017 and officially annulled the ‘Federal Decree Law No. (15) of 1993’ ‘Regulating the Human Organs and Tissue Transfer and Transplant’. The following are the key factors governing the organ transplant and donation as per the Organ Transplant Law.
    • The Organ Transplant Law defines ‘Donation’ to mean that “a living individual legally accepts to donate, during his lifetime or after death under a legal will left for his heirs or permitted successors to donate with no compensation the whole or part of any of his body organs or tissues to someone by way of transplantation operation.” As per Article 3 of the Organ Transplant Law, the provisions therein are applicable to human organs and tissues transplantation operations performed within UAE (including the free zones). Operations of transplanting stem cells, blood cells and bone marrow are specifically excluded.
    • Prohibitions - Article 5 of the Organ Transplant Law prohibits the following acts/ activities: (i) Buying or selling the whole or part of human organs or tissues by any means or receiving any return for it; (ii) Performing surgeries of transplanting or sharing the whole or part of any human organ or tissue if in violation with the Organ Transplant Law; (iii) Propaganda, advertisement, promotion or brokerage for impermissible unlicensed operations of transplantation of the whole or part of any human organ or tissue (iv) Financing surgeries of whole or part of human organs and tissues transplantation.
    • Trafficking of human organs is also prohibited as per Federal Law No. 51 of 2006 on Combating Human Trafficking Crimes (“Anti-Trafficking Law”). Under Article 1 of the Anti-Trafficking Law any person who for the purposes of ‘exploitation’ commits any of the acts mentioned therein, shall be deemed to have committed a ‘human trafficking crime’. The term exploitation shall be deemed to include ‘human-organ trafficking’ as per Article 1(3) of the Anti-Trafficking Law.







Federal Law

Emirate of Abu Dhabi

Health Authority of Abu Dhabi ("HAAD") Data Standards and Procedures, of January 2008, as revised by the April 2014 version outlines the policies and procedures which must be followed when handling Confidential Health Information ("CHI") focusing on four areas: the necessary and authorised access to CHI; the unauthorised access to CHI; the storage of CHI; and the transmission of CHI. It further provides regulations relating to health insurance fraud. The HAAD has created a Data Standards Panel whose role is to "review and recommend to HAAD changes and additions to electronic data exchange standards, such as transactions, codes and business rules".

Emirate of Dubai

Dubai Health Authority (DHA) has issued a code of conduct for healthcare professionals licensed to practice under the jurisdiction of DHA. As per Clause 7 of the code, all healthcare professionals are required to keep patient’s records confidential, and use the information obtained in the course of the professional practice only for the purposes for which it was given, or where it is otherwise lawful. The licensed professionals are also required to ensure that there is no disclosure of any patient information without consent, except where it is required or permitted by law or if it is required to protect your patient or others from harm. The professionals are also required to ensure at all times that there is no unauthorized access use or accidental disclosure of patient’s information.




Dubai Healthcare City (DHCC)

DHCC is the only healthcare freezone to have a dedicated data protection regulation. The regulation applies to all licensees who manage the patient health information. The patient health information includes (a) information about the health of a Patient, including his medical history; (b) information about any disabilities that Patient has, or has had; (c) information about any healthcare services that are being provided, or have been provided, to that patient; (d) information provided by that Patient in connection with the donation, by that Patient, of any body part or any bodily substance of that Patient, or derived from the testing or examination of any body part, or any bodily substance of that Patient; or (e) information about that Patient which is collected before, or in the course of, and incidental to, the provision of any Healthcare Service to that Patient.




There are myriad of laws governing the Healthcare sector in UAE. In our experience the authorities have been extremely supportive of innovative HealthTech solutions and we are looking forward to working with more ideas and solutions in this space soon.



Authored by Akshata Namjoshi (Senior Associate) and Cherry Bhatnagar (Senior Associate) with inputs from Kokila Alagh (Founder).

To stay updated,

subscribe to our newsletter