AI in Healthcare: Legal and Ethical Challenges and Opportunities in the UAE
Healthcare & Life Sciences Focus
Andrea TithecottPartner, Head of Healthcare & Life Sciences
Andrew FawcettPartner,Digital & Data
Artificial intelligence (AI) is transforming the healthcare sector, offering new possibilities for diagnosis, treatment, prevention, and research. AI can enhance the quality, efficiency, and accessibility of healthcare services, and enable personalised and precision medicine. However, AI also poses significant legal and ethical challenges, such as in relation to data protection, privacy, consent, accountability, liability, and human rights. These challenges require a balanced and effective legal framework that respects and protects individual and communal rights and enables the beneficial use of health data for societal benefit.
In this article, we will examine the current and emerging laws and regulations concerning health data, genomic data, and the use of ICT in health fields in the UAE and explore the challenges and opportunities for collaboration and innovation in the AI and healthcare sector between the UAE and across sovereign boundaries.
The UAE has enacted several laws and regulations concerning health data, genomic data, and the use of information communication technology (ICT) in health fields, which are relevant for the use of AI in healthcare. The Federal Law No. 2 of 2019 on the Use of ICT in Health Fields regulates the collection, processing, storage, use, access, sharing, and disposal of health data and information in the UAE, including the free zones. The law aims to ensure the optimal use of ICT in health fields, the compatibility of the approved standards and practices with the international standards, the collection and analysis of health information at the state level, and the security and safety of health data and information. The law also establishes a central system for the exchange and collection of health data and information and sets out the obligations and prohibitions of using the central system, the health data, and the health information.
The Federal Decree by Law No. 49 of 2023 regulates the use of the human genome in the UAE and aims to ensure the safe use of the human genome, protect the confidentiality of genetic and genomic data and information, promote the protection of public health and scientific research, and utilise the genomic data of the state citizens, in addition to and analysing it to develop the Emirati Genome Reference. The law applies to all uses related to the human genome in the UAE, and prohibits human cloning, modifying the human traits of persons and embryos, and using the human genome for purposes inconsistent with the principle of respecting basic human rights and dignity. The law also establishes a National Genomic Database, where genomic and genetic data and information shall be stored, and the Emirati Genome Reference, which is a digital DNA sequence that serves as a reference for personalised medicine and disease prevention.
The Department of Health Abu Dhabi (DOH) Policy on AI in Healthcare provides a framework for the ethical management, protection, and use of health data, emphasising the balance between individual privacy rights and the collective benefits of health data utilisation. The policy sets out the vision, goal, and guiding principles for the use of AI in healthcare, such as transparency, user assistance, safety and security, privacy, ethics, and accountability. The policy also outlines the roles and responsibilities of relevant stakeholders, such as the DOH, the healthcare providers, the healthcare end-users, and the insurers, in relation to the use of AI in healthcare.
The Model Law on Health Data Governance lead through Transform Health is a draft law that aims to provide legislative guidance and reference text for countries aiming to integrate its principles and standards into their existing national legislation or develop new laws where and if needed. The model law seeks to create a balanced and effective legal framework for health data governance that respects and protects individual and communal rights and enables the beneficial use of health data for societal benefit. The model law covers various aspects of health data governance, such as data protection, individual and community rights, controller obligations, reporting requirements, audit procedures, and penalties for non-compliance. The model law also addresses the challenges and opportunities presented by emerging technologies, such as AI and machine learning, and ensures that innovation in health data use does not come at the expense of fundamental human rights. The model law also establishes the Health Data Equity Tribunal, which is empowered to hear cases, make determinations, order remedial actions, impose penalties, and take any other actions deemed necessary to enforce the provisions of the model law.
AI is transforming the healthcare sector, offering new possibilities for diagnosis, treatment, prevention, and research
While the UAE seeks to bolster its regulatory framework in this space, align with international best practice, there are several opportunities to foster a harmonized approach to health data governance that respects the diverse legal, ethical, cultural, and societal landscapes across boundaries. Areas where regulation is being improved, harmonised, or could be adopted are:
The establishment of a central system for the exchange and collection of health data and information, and the development of a national genomic database and reference, which can facilitate interoperability, data sharing, and personalised medicine across borders;
The protection of the confidentiality, integrity, and security of health data and information, and the prevention of unauthorised access, use, disclosure, alteration, and destruction of such data;
The promotion of transparency and accountability in the collection, processing, and use of health data and information, and the provision of clear and understandable information and consent to individuals and communities regarding the use of their health data in AI and healthcare;
The respect for the rights and interests of individuals and communities in relation to their health data, including the right to access, correct, control, and port their health data, and the right to participate in the decision-making and benefit-sharing of their community health data;
The creation of effective governance structures and oversight mechanisms to ensure that health data is managed in accordance with the duties and obligations set forth in the law, and to address any violations or challenges that arise;
The adoption of ethical principles and standards for the use of AI in healthcare, such as user assistance, safety and security, privacy, ethics, and accountability, and the mitigation of biases and risks that could lead to disparities or harm in health outcomes;
The encouragement of health data literacy and awareness among the public and stakeholders, and the support for health research and innovation, by providing clear rules and guidelines for the ethical use of health data in research, development, and scientific endeavours.
The use of AI in healthcare also poses some regulatory, privacy, and data law issues that may either strengthen or weaken opportunities for collaboration, create potential regulatory barriers, or hinder innovation. Some of these issues are:
The compatibility and harmonisation of the legal frameworks and standards across boundaries;
The balance between the protection of individual and communal rights and the facilitation of health data use for the greater public benefit, and the resolution of any conflicts or disputes that may arise from such use;
The compliance with the applicable laws and regulations regarding the storage, processing, transfer, and disposal of health data and information, especially across borders, and the management of any data breaches or incidents that may occur;
The ethical and social implications of using AI in healthcare, such as the impact on human dignity, autonomy, and diversity, and the potential for discrimination, stigmatisation, or exploitation of vulnerable groups or individuals;
The quality and reliability of the health data and information, and the AI and machine learning models, and the validation and evaluation of their accuracy, robustness, and effectiveness;
The allocation of responsibility and liability for any harm or damage caused using AI in healthcare, and the availability of remedies and redress for the affected parties.
In conclusion, AI in healthcare offers tremendous opportunities for improving health outcomes and advancing scientific knowledge, but also raises complex and novel legal and ethical challenges that require careful and collaborative consideration. The UAE has taken significant steps to develop a legal framework that regulates the use of health data, genomic data, and ICT in health fields, and to promote the ethical and responsible use of AI in healthcare and serves as a platform for dialogue and cooperation with other partners and sovereign states, and for identifying and addressing the common and specific issues that affect the AI and healthcare sector.
For further information,please contact Andrea Tithecott, and Andrew Fawcett
Published in January 2025
