The Abu Dhabi Department of Health (DoH) has launched the Abu Dhabi Healthcare Information and Cyber Security (ADHICS) Standard — a comprehensive mandatory framework governing information security and cyber security across all regulated healthcare entities.
What is ADHICS?
ADHICS is designed to enhance healthcare cyber security in the UAE to international levels — aligning with ISO 27001, HIPAA, NIST, and HL7 FHIR best practices, calibrated to the Abu Dhabi regulatory context and the particular data sensitivity of the healthcare sector.
Who Is in Scope?
- Hospitals, specialist medical centres, clinics, and licensed medical facilities
- Third-party partners with access to healthcare data
- Healthcare software solution providers (EMR, HIS, PACS vendors)
- Server infrastructure and cloud service providers hosting healthcare data
The 10 Security Control Domains
- Human Resources Security
- Asset Management
- Physical and Environmental Security
- Access Control
- Operations Management
- Communications and Health Information Security
- Third-Party Security
- Acquisition, Development and Maintenance of Health Information Systems
- Information Security Incident Management
- Information Security Continuity Management
The Three-Year Audit Cycle
- Year 1 — Compliance Audit: Full audit by an approved TRBA with ADHICS certification awarded on success
- Year 2 — Surveillance Audit: Targeted assessment of selected controls; certification maintained
- Year 3 — Surveillance Audit: Further targeted assessment before the cycle repeats
How Synergy Consulting Can Help
Synergy Consulting provides comprehensive ADHICS compliance advisory including gap assessment, cyber risk evaluation, policy development, security testing, staff awareness training, technology implementation, and internal audit support to prepare for TRBA assessments.
