Industry
9 min read

UAE Healthcare Website Compliance: DHA, DOH & HAAD Guide (2026)

A healthcare website in the UAE operates under layered regulatory requirements depending on emirate, facility type, and services offered. Getting this wrong exposes your facility to regulatory action from DHA, DOH, or MOHAP and more seriously, erodes patient trust. This guide covers the specific compliance requirements your website must meet.

UAE Healthcare Website Compliance Guide

Requirements by regulatory authority

DHA Dubai Health Authority

Dubai

  • Display DHA facility licence number on the website
  • List all DHA-registered practitioners with their licence numbers
  • No medical advice that could be interpreted as a consultation without DHA telehealth approval
  • Patient testimonials must not make clinical claims not endorsed by DHA
  • NABIDH data integration required for facilities sharing patient records

DOH Department of Health, Abu Dhabi

Abu Dhabi

  • Display DOH facility licence number prominently
  • Healthcare professional profiles must include DOH licence number and specialty
  • Telemedicine services require specific DOH telehealth facility approval
  • Patient rights must be displayed (available from DOH)
  • Arabic language content required for all mandatory disclosures

MOHAP Ministry of Health & Prevention

Other Emirates

  • MOHAP facility registration number must be displayed
  • Practitioner MOHAP licence numbers listed on profile pages
  • Pharmaceutical advertising requires MOHAP pre-approval
  • Medical device claims on website must comply with MOHAP medical device guidance

Patient data and privacy requirements

DIFC Data Protection Law (2020)

Healthcare facilities operating in or serving DIFC must comply with the DIFC Data Protection Law one of the most comprehensive data protection frameworks in the region. This means having a clear Privacy Policy, appointing a Data Protection Officer if processing health data at scale, patient consent mechanisms, and data subject rights (access, rectification, erasure) accessible via the website.

NABIDH integration (Dubai)

NABIDH (National Backbone for Integrated Dubai Health) is DHA's health information exchange. Healthcare providers in Dubai who share patient records are required to connect to NABIDH. Your website's patient portal or booking system should be designed with NABIDH compatibility in mind particularly the data fields captured at booking that feed into a patient's health record.

Patient consent for digital communications

Collecting a patient's email address or mobile number for appointment reminders, health newsletters, or marketing requires explicit consent under UAE data regulations. Website contact forms and booking systems must include a clear opt-in checkbox (not pre-ticked) for marketing communications, separate from operational appointment-related messages.

Telemedicine website compliance

Telemedicine in the UAE is separately regulated. In Dubai, telemedicine facilities require a specific DHA Telehealth Facility Licence. In Abu Dhabi, DOH has issued a Telehealth Policy that sets requirements for platform security, practitioner identification, and patient consent. Your website must not advertise telemedicine services or allow online consultations without the appropriate licence.

The key website requirements for licensed telemedicine platforms include: clearly identified practitioner credentials visible before consultation, a patient consent acknowledgement before any clinical interaction, technical security standards for video consultation platforms (encryption at rest and in transit), and clearly displayed practitioner DHA/DOH licence numbers accessible from the consultation interface.

Common compliance questions

What is the difference between DHA, DOH, and HAAD?

DHA (Dubai Health Authority) regulates healthcare in the Emirate of Dubai. DOH (Department of Health) regulates healthcare in Abu Dhabi and has subsumed HAAD (Health Authority – Abu Dhabi), which was its predecessor. Other emirates (Sharjah, Ajman, etc.) fall under the Ministry of Health and Prevention (MOHAP). Your healthcare website must display the credentials of the regulator covering your emirate of operation.

Is online medical advice allowed on UAE healthcare websites?

General health information is permitted. However, specific medical advice, diagnosis, or treatment recommendations must be provided only by licensed practitioners under appropriate supervision. Telemedicine consultations are regulated by DHA and DOH telehealth frameworks and require separate licensing. All clinical content published on your website must be reviewed and approved by a licensed medical professional.

What patient data laws apply to UAE healthcare websites?

Facilities in DIFC are subject to the DIFC Data Protection Law 2020. Facilities in mainland Dubai and Abu Dhabi must comply with DHA/DOH patient confidentiality regulations, which include data storage requirements under UAE law. NABIDH (National Backbone for Integrated Dubai Health) in Dubai requires patient data to be stored and accessible in a standardised format.

Related reading

Build a compliant UAE healthcare website

TheWebBrew builds DHA and DOH-compliant healthcare websites for UAE clinics, hospitals, and telehealth platforms with proper licence display, patient consent flows, and NABIDH-aware booking systems.

Discuss Your Healthcare Website