Does using a NABIDH compliant EMR software ensure 100% NABIDH compliance for my medical centre?

NABIDH compliance requirements for all medical centres were published by Dubai Health Authority (DHA) in September 2020 and subsequent to that through various circulars, DHA has made it mandatory for medical centres/clinics (healthcare facilities) to adopt NABIDH.

Policies in NABIDH

There are various policies defined under NABIDH such as:

  • Subject of Care Policy
  • Consent and Access Control Policy
  • Incident and Breach Notification Policy
  • Audit Policy
  • Data Management Policy
  • Identity Management Policy
  • Authentication Policy
  • Information Security Standards
  • Clinical Data and Coding
  • Interoperability and Data Exchange
  • Technical and Operational Standards

The full list is available at 

Choosing the right NABIDH compliant EMR

In each policy, there are numerous activities to be handled by the EMR, by the healthcare facility management and others such as the healthcare practitioners, administrative staff, the IT team as well as the Information Security Officer.

If you are not sure about which EMR software to use, this article may be useful: What are the NABIDH compliant EMRs and how to choose one for my medical centre? 

NABIDH Compliance not handled by the EMR

While many of the procedures mentioned in the policies are addressed by NABIDH compliant EMR softwares, to be fully compliant with NABIDH, the health care facility should ensure they also take care of those requirements defined in NABIDH, that are not handled by the EMR.

Some examples of NABIDH policies and procedures not handled by the EMR are given below:

  1. Preparation of policies and procedures specific to the healthcare facility as defined in NABIDH.
  2. Periodic training to be given to the healthcare facility staff related to NABIDH related topics such as secrecy of patient data, what to do in case of a breach, how to report issues etc. 
  3. Verification of subject of care (patients) as well as staff (healthcare professionals, administrative staff etc)
  4. When there is a breach of patient data, as per NABIDH, the communication has to be made with the impacted individuals (and sometimes public announcements have to be made). This is not handled by the EMR.
  5. Assigning an Information Security Officer to coordinate with NABIDH Information Security Officer on a periodic basis.

There are many such scenarios which are out of scope of the EMR.

To Medical Centres / Healthcare Facilities:

  1. Please feel free to take the Airtabat NABIDH Readiness test to get an idea of where your medical centre stands with respect to NABIDH compliance.
  2. If you are not sure about which EMR to choose, please feel free to reach out to NABIDH readiness experts at Airtabat and we will be happy to guide you.

To EMR Providers:

  1. If your EMR is listed above and you would like to be included in Airtabat NABIDH Readiness Tool, please reach out to us.
  2. If your EMR is not listed above and you would like it to be included here, please reach out to us.

For all NABIDH related queries please reach out to [email protected] .