How we collect, host, retain and protect your medical record, and how this meets UAE health data law.
Last updated: 11 July 2026
Contents
This Policy explains how Seven Dimensions Medical Centre, trading as 7 Dimensions Medical Centre / 7DMC (“7DMC”), DHA License No. 3339141, collects, hosts, retains and protects patient health data in its Electronic Medical Record (EMR) system, and how this complies with UAE health data law. It should be read together with our Privacy Policy and Data Protection & Security Policy.
This Policy is prepared with reference to Federal Law No. 2 of 2019 concerning the Use of Information and Communications Technology in the Health Fields (“Health Data Law”), which governs health data in the UAE specifically — rather than the general UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), which excludes health data governed by its own legislation. 7DMC’s DHA licence (No. 3339141) and MOH website approval (No. UX12361) also carry patient-confidentiality obligations that apply alongside the Health Data Law.
Our EMR may contain:
Health data is entered into the EMR by our clinical and administrative staff at the point of registration and during consultations, diagnosis, treatment and follow-up care. It is not collected through our public website, marketing forms or advertising platforms, which are limited to identity, contact and appointment-request data.
Your medical record is currently maintained in Capsule, our clinic’s electronic medical record (EMR) system, provided and hosted by TenderCare FZE, a Dubai-based healthcare technology company (Dubai Silicon Oasis, Dubai), on TenderCare’s own hosting infrastructure within the UAE.
7DMC is planning to migrate to a new EMR environment hosted on Amazon Web Services within the UAE (AWS me-central-1), as part of our ongoing digital transformation programme with Ci CORP Digital. This Policy will be updated to reflect the new hosting arrangement once that migration is complete. Our separate Odoo platform, used for business and enquiry data rather than clinical records, is already hosted on AWS within the UAE.
This approach reflects the data-localisation requirement in Article 13 of the Health Data Law: health data relating to health services provided in the UAE may not be stored, processed, generated or transferred outside the UAE, except where an exception has been approved by the relevant health authority. Keeping our EMR hosted within the UAE — with TenderCare today, and on AWS following our planned migration — is a compliance requirement for 7DMC, not only good practice.
Appointment reminders sent by SMS, WhatsApp and email are limited to scheduling information — such as your appointment date and time — and never include diagnosis, treatment details or other clinical content. Only your treating clinical team and authorised staff can access the clinical content of your medical record itself, which remains hosted on our UAE-based EMR system at all times.
In line with Article 20 of the Health Data Law, we retain health data for a minimum of 25 years from the date of your last health procedure at 7DMC. This period may be longer where required by another applicable law. Health data is not deleted before this minimum period expires, even upon patient request, because the retention requirement is a legal obligation on 7DMC rather than a matter of patient preference.
| Role | Access |
|---|---|
| Treating doctor / clinical team | Full access to the relevant patient’s record, for the purpose of providing care |
| Authorised administrative/reception staff | Access limited to appointment, contact and billing information needed to manage your visit |
| TenderCare FZE (EMR provider) | Hosting and technical platform support for Capsule, under TenderCare’s own confidentiality and data protection terms as our EMR vendor |
| Ci CORP Digital (technology partner) | No current access to clinical EMR data; supports 7DMC’s website, app and Odoo platform, and is leading the planned migration project — will have defined, confidentiality-bound access only once the new AWS-hosted EMR environment is implemented |
| Marketing team / Odoo CRM users | No access to clinical/EMR records — marketing systems are kept separate from clinical data |
| Insurance partners (Nextcare, Al Madallah, MSH) | Only the specific clinical and billing information required to process a claim you have authorised |
In line with the Health Data Law, all staff, TenderCare FZE as our EMR provider, and Ci CORP Digital as our technology partner, are bound by confidentiality obligations covering health data they may access in the course of their role. This includes not amending health data other than as permitted, not disclosing health data other than for authorised purposes, and maintaining the security and integrity of the EMR system.
Health data is processed for the purpose of providing your care, based on the consent you provide at registration and during treatment, consistent with the Health Data Law’s consent requirements. Separate, explicit consent is obtained before health data is used for any purpose beyond your direct care, such as clinical research. We do not use EMR/clinical data for marketing purposes; our marketing activity uses only the identity, contact and appointment-request data held in Odoo, which is kept separate from clinical records.
Where you are covered by Nextcare, Al Madallah or MSH, we share the specific clinical and billing information required to process your insurance claim, consistent with your policy and the authorisation you provide as part of using your insurance at 7DMC.
You may request access to your own medical record and request correction of inaccurate information. Because of the 25-year minimum retention requirement under Article 20 of the Health Data Law, we are not able to delete your medical record before that period expires, even upon request. To make a request, contact marketing@7dmc.ae.
We protect EMR data through:
If a breach affecting health data occurs, 7DMC will assess the risk and notify the relevant health authority (DHA) and affected patients as required by law, in coordination with TenderCare FZE and Ci CORP Digital for technical investigation and containment.
This Policy is reviewed at least annually, or sooner where there is a material change to how 7DMC collects, hosts or shares health data, or where UAE health data law changes.
Seven Dimensions Medical Centre (7DMC)
Diamond Business Centre A, 1st Floor, Arjan, Al Barsha, Dubai, UAE
Data Protection Contact: Altaf Hussein — marketing@7dmc.ae