UAE health data compliance, NABIDH and Malaffi, done right.
Operating a health platform in the UAE means connecting to the emirate health information exchanges and meeting their data, consent and residency rules. We architect for DHA, DoH and MOHAP compliance from the start.
Three exchanges, three regulators — one architecture
The UAE runs health information exchange at the emirate level. Where you operate determines which you connect to — and we build to all of them.
NABIDH
Dubai · DHAThe Dubai Health Authority's exchange. Every Dubai provider must connect and submit clinical data to NABIDH standards.
Malaffi
Abu Dhabi · DoHAbu Dhabi's health information exchange, run by the Department of Health. Mandatory for providers across the emirate.
Riayati
Federal · MOHAPThe national platform under the Ministry of Health and Prevention, covering the Northern Emirates and federal facilities.
Healthcare engineers who actually work in the region
The clinical-systems depth of a healthcare engineering firm, paired with hands-on familiarity with the UAE's exchanges and rules.
Deep clinical-systems experience, now applied to the UAE's specific exchange, consent and residency rules.
NABIDH, Malaffi and Riayati — not just whichever one you happened to start with.
The exchanges are FHIR-based, and FHIR interoperability is core to how we build everything.
A partner who works in the region and your time zone — not one parachuting in from elsewhere.
How a UAE compliance engagement works
From assessing your platform against the right exchange to a tested, compliant go-live — we own the integration and the residency work.
Start a conversation
01Compliance assessment
We assess your platform against the relevant emirate's standard — NABIDH, Malaffi or Riayati — and map the gaps between where you are and connected.
- Standard mapping
- Gap analysis
- Consent & residency review
- Onboarding plan
02HIE integration
We build the integration that submits clinical data to the exchange in the format, terminology and cadence it requires — and handles the errors it returns.
- FHIR / HL7 interfaces
- Clinical data submission
- Terminology mapping
- Validation & error handling
03Consent & data residency
We implement the patient-consent model and the in-country data-residency controls that UAE health regulation requires — by design, not bolted on.
- Patient consent model
- UAE data residency
- PHI safeguards
- Access controls
04Onboarding & certification
We take you through the authority's onboarding and conformance testing, remediate what it flags, and stand with you through go-live.
- Authority onboarding
- Conformance testing
- Issue remediation
- Go-live support
What the exchanges actually expect of you
HIE connectivity
A live connection that submits clinical data to the exchange you fall under.
- Exchange onboarding
- Data submission
- Acknowledgements
- Uptime & retries
Data standards
Conformance to the exchange's FHIR profiles and terminologies.
- FHIR profiles
- Coding systems
- Dataset completeness
- Versioning
Patient consent
Capturing and enforcing consent the way the regulator requires.
- Consent capture
- Enforcement
- Withdrawal
- Audit of access
Data residency
Protected data held in-country, under UAE handling rules.
- In-country hosting
- Residency controls
- Cross-border rules
- Backups in-region
Security & PHI
The safeguards expected of any system holding health data.
- Encryption
- Access control
- Audit logging
- Incident response
Conformance testing
Passing the authority's test suite before you go live.
- Test scenarios
- Validation
- Defect fixes
- Sign-off
Whoever the exchange rules apply to
Providers operating in the Emirates, digital health products entering the market, and the vendors who serve them — connectivity is a condition of doing business here.
Clinics, hospitals and labs in the Emirates
If you deliver care in Dubai, Abu Dhabi or the Northern Emirates, exchange connectivity isn't optional — it's a condition of operating. We get you connected and compliant.
- Mandatory connectivity
- The right exchange
- Consent & residency
- Go-live support
Platforms expanding into the region
Bringing a product into the UAE means meeting local exchange and residency rules that don't exist in your home market. We bridge that gap without a rebuild.
- Market-entry assessment
- Integration, not rebuild
- Residency design
- Local conformance
Software serving UAE providers
Your customers have to connect to NABIDH, Malaffi or Riayati. We make that a feature of your platform rather than the blocker that stalls your regional deals.
- Built-in connectivity
- Multi-emirate support
- Customer onboarding
- Conformance-ready
Why a region-aware partner beats an offshore build
UAE compliance is mostly about knowing the local rules before you write code. That knowledge is the difference between months saved and months lost.
A team that's never connected to NABIDH or Malaffi, learning the exchange rules on your timeline and your budget — and discovering residency requirements late.
- Learning on your dime
- Time-zone lag
- No regulator familiarity
- Residency as a surprise
A team that knows the exchanges, the FHIR standards and the residency rules, and designs to them from the first sprint instead of retrofitting at the end.
- Knows the exchanges
- Works in the region
- Residency designed in
- Faster to conformance
From scope to a compliant go-live
Which emirate, which exchange, which obligations.
Gap analysis against the exchange standard.
FHIR integration and the consent model.
Data residency and security, in-country.
Conformance testing with the authority.
Onboard, submit and support in production.
Compliance principles we build by
The convictions that get you connected and conformant the first time, without a residency surprise at the finish line.
Build to the right exchange
Dubai, Abu Dhabi and the federal platform differ — we build to the one(s) you actually fall under, not a generic guess.
FHIR-native
The exchanges speak FHIR; so do we, natively, rather than through a brittle adapter bolted onto a legacy stack.
Residency by design
Data-in-country isn't a setting you flip at the end — it's an architecture decision made up front.
Consent that holds up
A patient-consent model that satisfies the regulator and survives an audit, not a checkbox.
Conformance, not hope
We test against the authority's conformance suite before go-live, not after a rejection sends us back.
On the ground
A partner present in the region, aligned to your working hours and your regulators.
DHA / NABIDH compliance FAQ
What's the difference between NABIDH, Malaffi and Riayati?
They're emirate-level health information exchanges. NABIDH is Dubai (regulated by the DHA), Malaffi is Abu Dhabi (Department of Health), and Riayati is the federal platform under MOHAP covering the Northern Emirates and federal facilities. Which one applies depends on where you deliver care.
Do we have to connect to all three?
Only the one(s) covering where you operate. A single-emirate provider connects to one; a group operating across emirates may connect to more than one. We scope exactly what your footprint requires.
Does our data have to stay in the UAE?
UAE health-data regulation imposes residency and handling requirements, so we design for in-country data residency and the associated safeguards rather than treating it as a late configuration change.
We already have a US- or EU-built platform — can it comply?
Usually yes, with integration and residency work rather than a rebuild. We assess the gap, build the exchange connectors and consent controls, and put the residency architecture in place around your existing product.
How long does onboarding take?
It depends on the exchange and your current state, with the authority's conformance testing as a fixed step in the middle. We give you a scoped timeline after the assessment rather than a number up front.
Expanding into the UAE health market?
Tell us which emirate and what you're building. We'll map the exchange, consent and residency obligations — and the path to go-live.
Talk to our team