15 NABIDH Data Management Policy

15.1. Purpose:
15.1.1. To define permissible uses of the NABIDH data such as Primary Use (Subject of care Care) and Secondary use (Research, Public Health, Quality Improvement and Safety Initiatives.).
15.1.2. To ensure data is used and accessed only as permitted by applicable UAE Laws and DHA regulations.

15.2. Scope/Applicability:
This policy applies to everyone involved in the protection of PHI including:
15.2.1. Dubai health authority and their Business Associates or any subcontractors, who is responsible for oversight of NABIDH platform.
a. Dubai health authority Public Health and their Business Associates or any subcontractors who is responsible for exchange of PHI.
b. NABIDH and their Business Associates or any subcontractors who is responsible for exchange of PHI.
c. Healthcare Facilities or Their Business Associates or any subcontractors who is responsible for submission, collection and use of PHI
d. Subject of Care or the Subject of Care Agent who is responsible for providing appropriate consent to their data.
e. All parties requesting to use the NABIDH managed information for secondary use.

15.3. General Use and Disclosure:
Primary use of PHI is defined as exclusive use by the organization that acquired the data, in providing direct care to the subject of care. Secondary uses are those that are used for health system planning, management, quality control, public health monitoring, program evaluation, and research. Some secondary uses directly complement the needs of primary use. Examples include medical billing, hospital administrative, and management operations. While some secondary use
includes usage that support medical research and public health, organization sales, marketing, and financial gain. Secondary use regularly occurs without the subject of care’s knowledge or consent.

15.4. Compliance with Law
All disclosures of PHI through the NABIDH and the use of information obtained from the NABIDH shall be consistent with all applicable UAE ICT laws and DHA regulations and shall not be used for any unlawful discriminatory purpose. If the UAE ICT law requires that certain documentation exist or that other conditions be met prior to using or disclosing PHI for a particular purpose, the requesting Participant shall ensure that, it has obtained the required documentation or met the requisite conditions and shall provide evidence of such at the request of the disclosing Participant.