The Dubai Health Authority has refreshed the rulebook for remote care. Its Standards for Telehealth Services Version 4 raise the bar on licensing, data residency, security, and interoperability, and they are already in force. This guide explains what changed and the operational changes telehealth providers should plan for.
What the Version 4 standards are
The DHA Standards for Telehealth Services Version 4 were issued on 26 September 2025 and took effect on 26 November 2025. They apply to telehealth providers operating under the Dubai Health Authority in Dubai, and the next revision is due in 2030. In short, this is the framework that will govern remote consultations, virtual clinics, and connected care in Dubai for the next several years.
The standards bring together provider licensing and eligibility alongside clinical, interoperability, and data-protection requirements. That breadth is the point: telehealth is treated as a regulated mode of care delivery, not a lighter-touch alternative to in-person services. Providers should read the standards as the baseline that licensing, audits, and inspections will be measured against.
Licensing and provider eligibility
The first practical implication is that telehealth is a licensed activity. Providers need to confirm that their licence covers the telehealth services they intend to deliver and that the clinicians working through their platform are eligible to practise. If you are planning to launch a virtual clinic, expand an existing service line, or partner with an external platform, eligibility and scope should be settled before any patient-facing service goes live.
For groups entering Dubai from outside the Emirate, this means mapping your service model against the DHA framework early. The cleanest path is to align licensing, clinical governance, and technology decisions together rather than treating each as a separate workstream.
Data residency and security
One of the most consequential requirements is data residency: patient data must be stored inside the UAE. For providers relying on cloud services or platforms hosted abroad, this can require real architectural changes, including where databases sit and how backups and disaster-recovery copies are handled.
Alongside residency, the standards call for technical safeguards. Providers should plan for measures such as the following.
Technical safeguards to plan for
- Patient data stored inside the UAE
- Encryption of data in transit and at rest
- Multi-factor authentication for access to clinical systems
- Use of approved communication tools for consultations
- Integration with NABIDH, Dubai's health information exchange
NABIDH integration and interoperability
Interoperability sits at the centre of Version 4. Providers are expected to integrate with NABIDH, Dubai's health information exchange, so that records generated during remote consultations flow into the wider health system. This is not a one-off connection: it shapes how clinical data is captured, structured, and shared on an ongoing basis.
For many providers the practical work here is in the back end, making sure the platform can exchange data in the expected formats and that the right records reach NABIDH reliably. Building this in from the start is far simpler than retrofitting it after launch.
Clinical coding and records
Clinical documentation must speak the same language as the rest of the system. Clinical records should use DHA-approved coding, such as ICD-10 for diagnoses and SNOMED-CT for clinical terms. In practice that means your electronic medical record and any coding workflows need to support these standards, and that clinicians and coders are working to them consistently.
Consistent coding is also what makes interoperability meaningful. Records that are properly coded are the records that can be shared, audited, and acted on across the health system.
Prescribing controlled medicines
Prescribing through a remote consultation carries extra care. Controlled-medicine prescribing via telehealth is subject to specific rules, and providers should confirm what is permitted before building it into a service. If controlled substances are part of your clinical model, treat the prescribing pathway as a distinct compliance question rather than assuming it follows the same rules as a routine prescription.
What providers should do now
Because the standards are already in force, the sensible response is a structured review rather than a wait-and-see approach. A practical starting point is to map your current service against the licensing, data-residency, security, NABIDH integration, and coding requirements, then close the gaps in priority order. For groups planning to enter or expand in Dubai, aligning these decisions early avoids expensive rework later. You can read more about how we support remote care providers on our telehealth services page.
Frequently asked questions
When did the DHA Telehealth Standards Version 4 take effect?
Who do the standards apply to?
Where must telehealth patient data be stored?
What clinical coding should telehealth records use?
Can controlled medicines be prescribed via telehealth?
This guide is general information, not regulatory or legal advice. Telehealth requirements can change, so confirm current rules with the Dubai Health Authority (DHA) or your regulatory partner before acting. Related: telehealth services.