HIPAA Compliance & Data Protection

Last Updated: January 15, 2025

1. Our Approach to Health Data Privacy

Arab MedTechAI Organization takes health data privacy seriously. While our platforms are governed primarily by UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection, we apply HIPAA-equivalent principles to all health information handling as a best-practice standard for our tools used by healthcare professionals globally.

2. What Is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law establishing national standards for protecting sensitive patient health information (PHI). While our organization operates under UAE law, we recognize HIPAA as a global benchmark for health data protection and align our practices accordingly.

3. How Our Platforms Handle Health Data

3.1 AI Query Processing

When you use our AI medical tools, your queries are processed in real-time by AI APIs (Groq, Gemini, or OpenRouter) and are not stored with personally identifiable information. All queries are transmitted over HTTPS-encrypted connections only.

3.2 No PHI Storage

Our tools operate in a stateless manner. We do not build or maintain individual health profiles. Drug names, symptoms, or lab values you enter are processed to generate AI responses and are not retained in personally identifiable form after the session ends.

3.3 No Third-Party PHI Sharing

We do not sell, trade, or share any health-related user inputs with third parties for commercial or advertising purposes.

4. UAE Legal Framework

Our primary legal obligations are under UAE law:

  • UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL)
  • UAE Federal Law No. 2 of 2019 on the Use of ICT in Health Fields
  • UAE MOHAP Guidelines on health technology platforms
  • Abu Dhabi ADHA digital health framework

5. Security Measures

  • Encrypted All platform traffic served over HTTPS (TLS 1.2+)
  • Protected No plaintext credential storage — API keys stored as server environment variables only
  • Restricted Administrative infrastructure access is restricted and audited
  • Minimal No registration or personal data required to use our AI tools

6. Platforms Covered

  • medtechai.net — main organizational portal and AI tools
  • pharmacy.medtechai.net — AI Pharmacy Platform
  • med.medtechai.net — Medical AI Platform
  • quran.medtechai.net — Quran AI Platform

7. User Rights

Under UAE PDPL and HIPAA principles, you have the right to know what data we hold, request correction or deletion, object to processing, and lodge a complaint with the UAE Data Office.

8. Breach Notification

In the event of a data security incident involving personal health information, we will notify affected users and UAE regulatory authorities within 72 hours of becoming aware of the breach where feasible.

9. For Healthcare Institutions

If you are a hospital, clinic, or healthcare institution requiring a formal data processing agreement or Business Associate Agreement (BAA) equivalent, please contact us at contact@medtechai.net.

10. Contact for Privacy Inquiries

Arab MedTechAI Organization
Abu Dhabi, United Arab Emirates
Email: contact@medtechai.net
Phone: +971 52 539 7947