Dubai: Insights on AI and Data Protection from the DHA Circular

The Dubai Health Authority (DHA) has issued a comprehensive circular outlining the regulatory framework for the use of Artificial Intelligence (AI) in healthcare. The circular provides valuable insights into the intersection of AI and data protection, particularly in the context of healthcare services in Dubai. Below, we explore the key aspects of AI implementation and data protection as highlighted in the circular and consider the implications of Article 10 of the DIFC Data Protection Law.

• Purpose and Scope: The circular aims to establish regulatory and ethical requirements for AI solutions in healthcare, articulating the vision for AI in Dubai and outlining the roles and responsibilities of stakeholders. It applies to all healthcare facilities and professionals licensed by the DHA, AI developers using Dubai-based data, and UAE-based pharmaceutical manufacturers and health insurers utilising AI solutions.
• Ethical Considerations: AI solutions must conform to international, UAE federal, and Emirate of Dubai laws, ensuring they are fair, free of bias and beneficial to society. The emphasis on ethics underscores the importance of aligning AI technologies with human values and patient rights.
• Accountability and Transparency: The circular mandates accountability for AI outcomes among designers, developers and end users, with built-in appeals procedures for challenging significant decisions. Transparency is crucial, requiring developers to disclose AI-enabled functions, validation processes, data sets used and the role of healthcare professionals in decision-making.
• Safety, Security, and Privacy: AI solutions must be safe, secure, and adhere to relevant laws and standards. They should be designed to allow for human intervention and reversal of decisions if necessary. Privacy is a critical concern, with AI solutions required to comply with data governance and personal data protection laws.
• Data Confidentiality and Privacy: The circular highlights the importance of confidentiality and privacy, emphasising controlled access to patient information and protection against unauthorised access. This aligns with the basic principles of data protection, ensuring that health information is properly safeguarded while allowing necessary data flows for healthcare provision.
• Implications of Article 10 of the DIFC Data Protection Law: Article 10 of the DIFC Data Protection Law pertains to the processing of personal data that is conducted through “autonomous and semi-autonomous systems”, requiring that it be conducted fairly, lawfully, and transparently. For example, a clear and explicit notice must be provided upon the initial use or access to the AI system, which alerts users to any underlying technology and processes comprising the system that may process personal data that is not “human-initiated, controlled or directed”. The DHA circular's emphasis on transparency, accountability, and privacy in AI solutions reflects these principles, ensuring that AI technologies in healthcare are implemented in a manner that respects data subjects' rights and maintains data integrity. Article 10 is one of the first pieces of legislation regulating compliance of AI in the region as the DIFC seeks to further establish its credentials as a hub for fintech and innovation.

In summary, the DHA circular provides a robust framework which is crucial for ensuring that AI technologies are used responsibly and effectively, safeguarding rights and privacy of patients. The alignment with Article 10 of the DIFC Data Protection Law further reinforces the commitment to maintaining high standards of data protection in the healthcare sector. 

Navigating this intricate landscape comes with its own set of challenges and risks. By partnering with us, you gain access to tailored solutions that are designed to meet your unique needs. Our expertise and experience equip us to anticipate potential pitfalls and address them proactively, ensuring that you are not only compliant but also resilient in the face of evolving threats. If you need support to guide you through these complexities, please contact Simon Shooter, Nick O’Connell or Nona Keyhani.