The Abu Dhabi Department of Health (“DoH”), being the regulator of healthcare sector in Abu Dhabi, has published a Circular (DoH Circular No. (71) of 2020) which states that it will be initiating an audit program to ensure that all healthcare entities in the Emirate of Abu Dhabi are complying with the Abu Dhabi Healthcare Information and Cyber Security Standards (“ADHICS Standards”) making IT Audit for Healthcare institutes in Abu Dhabi mandatory.

What is ADHICS?

ADHICS standard intends to enhance the healthcare cyber security in UAE to the next levels by meeting international healthcare cyber security and privacy practices. ADHICS also helps healthcare sector meet the compliance with UAE Information assurance standards. It is the first-of-its-kind standard that aims to provide a comprehensive guide to healthcare entities and professionals for the regulation of the healthcare data in Abu Dhabi.

What is the Scope of ADHICS?

The Scope of ADHICS covers all DoH regulated health care entities, vendors and services which includes:

  • Hospitals
  • Clinics
  • Medical Facilities
  • Third Party Partners
  • Healthcare Software Solution Providers
  • Healthcare Vendors
  • Server Infrastructure Providers

What are the Health Information and Cyber Security Requirements within the ADHICS Standards?

The healthcare information and cyber security requirements within ADHICS Standards includes the following:

  • Human Resources Security
  • Asset Management
  • Physical and Environmental Security
  • Access Control
  • Operations Management
  • Communications, Health Information and Security
  • Third Party Security
  • The Acquisition, Development and Maintenance of Health Information Systems
  • Information Security Incident Management
  • Information Security Continuity Management

How will the audit program be conducted?

The audit program will be conducted in three year cycles, where in the first year of the cycle, there will be an audit conducted by TRBA to check for compliance with ADHICS, where a conformance certificate will be awarded.

In the second and third year of the cycle, there will be a surveillance audit to check for compliance with ADHICS, but no certification is provided for surveillance audits.

Synergy Consulting, one of the leading cybersecurity service provider, helps Small, Medium and Large Healthcare sector entities – Hospitals, Clinics, Pharmacy’s, Healthcare software solution providers and Healthcare vendors meet the ADHICS Compliance and Audit Requirements and help them comply to it. We can help you with the following:-

  • ADHICS Gap Assessment
  • Cyber Risk Assessment
  • Risk Treatment Plan
  • Policies & Procedures
  • Security Testing
  • Security Awareness
  • Technology Implementations
  • Implementation Reviews
  • ADHICS Internal Audits

Reach out to us for our end-to-end ADHICS compliance queries at:

Call us: +971 4 5139095

Whatsapp: +971 52 2215052


To know more, click here