What Is NABIDH (National Backbone for Integrated Dubai Health)? The DHA Patient Records system

Note: This article is for informational purposes only and does not constitute legal, tax, or professional advice. Please consult official government websites or professionals for reliable information.

Table of Contents

NABIDH (National Backbone for Integrated Dubai Health) is an official Health Information Exchange (HIE) system in Dubai, which is managed by the Dubai Health Authority (DHA). It was launched on November 29, 2020, to connect patients to healthcare facilities throughout Dubai, whether they are in the public or private sectors. It is operated by the DHA following Dubai Health Data Law No. 11 of 2018 and Federal Law No. 2 of 2019, ensuring full compliance with privacy and data protection standards.  

The main purpose of NABIDH is to reduce duplicate tests, improve care coordination, and increase operational efficiency by providing clinicians with real-time access to comprehensive patient histories, as per the announcement was made by His Excellency Awadh Seghayer Al Ketbi, Director General of DHA, during the launching ceremony. However, the access is tied to strict criteria, provided you are authorized by the DHA. 

All healthcare facilities are legally required to integrate with NABIDH, while patients are automatically included but can opt out through DHA’s consent policy. Up till 27 April 2025, the system securely connects over 1,500 facilities and consolidates more than 9.5 million medical records, helping the healthcare ecosystem to make decisions based on Facts and figures as per the DHA official portal.

The registration process is easy. You need to connect your approved EMR system using the Sheryan ID, fill out the Facility Onboarding Template (FOT), and set up HL7 integration. Once approved, you are allowed to access the entire database of patient records. However, as data sharing is encrypted (AES-256, TLS 1.2) and governed by strict access control. Only verified healthcare professionals have access to medical records for that specific patient’s case as per the genuine requirement.

The system supports standardized data formats such as HL7, C-CDA, and FHIR APIs, with features like audit trails, role-based access, and emergency “Break-the-Glass” access for saving patients’ lives. The data remains encrypted, validated, and stored for a lifetime. To keep data accurate and maintain better linking across facilities, NABIDH assigns a Unique Health Identifier (UHID) to each patient, which is listed on NABIDH’s system. 

To track and save all the data, NABIDH has approved some EMR systems. These include Cerner, Epic, InterSystems TrakCare, and HealthConnect. However, operating this sometimes feels overwhelming, and for this reason, to help you understand the system, the DHA has launched a 50-minute online NABIDH training course for healthcare professionals, enhancing their ability to access, manage, and utilize unified patient records efficiently.

What is NABIDH?

NABIDH (National Backbone for Integrated Dubai Health) is Dubai’s Health Information Exchange (HIE) system, led by the DHA to unify patient records across public and private healthcare facilities for enabling secure data sharing, reducing duplicate tests, improving care coordination, and empowering patients to access their health information while ensuring compliance with DHA privacy and security standards. It connects more than 1,500 healthcare facilities successfully and unifies 9.53 million medical records securely with active engagements of 82% of Dubai’s medical workforce, as per the DHA official portal.

NABIDH Full Form: NABIDH stands for National Backbone for Integrated Dubai Health, while DHA stands for Dubai Healthcare Authority

When was the NABIDH launch in Dubai?

The Dubai Health Authority (DHA) introduced phase one of NABIDH on November 29, 2020, as a digital platform that connects medical records from public and private facilities, giving healthcare providers secure access to complete patient histories. The information security of the NABIDH improves with the Patient Privacy Intelligence (PPI) system for healthcare services across Dubai.

What is the purpose of NABIDH DHA?

The purpose of NABIDH DHA is to unify patient records, reduce duplicate tests, and improve care coordination and efficiency by securely sharing electronic health records (EHRs) and medical histories through a central health information exchange hub in Dubai, connecting all public and private healthcare facilities. The system is digitizing and unifying patient records in compliance with DHA privacy and security standards. 4 key purposes of the NABIDH DHA are:

  1. Reducing duplicate tests,
  2. Providing clinicians with a comprehensive view of medical history,
  3. Enhancing care coordination,
  4. Improving operational efficiency

Who regulates NABIDH?

Dubai Health Authority (DHA)  regulates NABIDH under Dubai Health Data Law No. 11 of 2018, Federal Law No. 2 of 2019, and related DHA data protection and confidentiality policies. It oversees its implementation, policies, and standards. DHA ensures that all public and private healthcare facilities in Dubai securely exchange electronic health records (EHRs) and patient data, maintain compliance with privacy and security regulations, and adhere to established health information exchange protocols to enhance care quality and operational efficiency across the healthcare system.

Is NABIDH implementation in the UAE compulsory for everyone?

No, NABIDH implementation is not mandatory for everyone; it is compulsory for all healthcare facilities in Dubai under Dubai Health Data Law No. 11 of 2018, while patients are automatically included but may opt out under DHA’s Consent Policy. Healthcare providers must integrate with the system to securely exchange patient health information and comply with DHA regulations. Patients have their data stored in NABIDH and retain control over access, granting permission to authorized professionals. Residents cannot opt out of the system entirely, as it underpins healthcare services across public and private facilities.

What are the rules and regulations of NABIDH?

NABIDH follows Dubai Health Data Law No. 11 of 2018, Federal Law No. 2 of 2019, and Cabinet Decision No. 32 of 2020, supported by DHA’s policies on Health Data Protection, Information Sharing, Consent and Access Control, and Data Classification to ensure security, privacy, and interoperability. For instance, Facilities must use compliant EMR systems, follow coding standards like ICD-10-CM and CPT-4, and store patient data within the UAE while adhering to national data protection laws. Below, I have provided regulations for every healthcare entity as per  DHA Policies and Standards. 

Before we proceed to the core regulation, 4 points to keep in mind are:

  • DHA shall oversee the implementation
  • NABIDH shall maintain compliant Authentication and Authorization
  • Healthcare facilities have to follow the regulations
  • The subject of Care has to follow the proper verification process for the portal

General Regulatory Instruction:

  • Only approved personnel and verified applications can access the system.
  • Access levels are assigned based on job role and responsibilities.
  • User activity is monitored, and access is reviewed periodically to ensure compliance.
  • Emergency access is permitted but must be recorded and reported to ensure accountability.

Rules of NABIDH For Facility:

  • Confirm identities of all authorized users.
  • Provide required training before granting access to the system and refresh annually.
  • Make sure systems meet DHA security and data protection standards.
  • Immediately remove access for employees or contractors who leave or misuse data

Rules of NABIDH For Patients:

  • Patients can securely access their information and control who sees it.
  • They can choose to opt out of data sharing when allowed.
  • Any security issues or breaches must be reported promptly.

How to get registered with NABIDH DHA?

To get registered with NABIDH under the Dubai Health Authority, you need to handle a few preparations. Submit the required documents, complete the FOT, and make sure HL7 integration is in place. After DHA review and approval, clinics configure message triggers, ensuring secure, error-free patient record sharing. Final approval usually takes two to four working days. Below is the complete process of how a healthcare facility links to NABIDH using Sheryan is explained below.

Connect EMR systems to NABIDH through the Sheryan ID.

First of all, you have to connect with a NABIDH-compatible EMR system to start your facility’s onboarding process. This account helps you manage communication, document uploads, and progress tracking during DHA’s NABIDH registration and integration stages.

Gather Required Information

Prepare all necessary details about your facility, including Facility ID, address, contact numbers, and license copies. Collect additional supporting documents if required for the organization’s operational and regulatory eligibility verification.

Submit Onboarding Request

Log in to the NABIDH platform. Complete the onboarding submission form. Carefully upload all requested documents and verify the accuracy of your data before you send the application for DHA’s initial review.

Fill Templates and DHA Agreement

Download the Facility Onboarding Template (FOT) from the NABIDH portal. Fill it. Complete the DHA participation agreement. Upload both documents for verification.

Wait for Approval

After submission, your facility will enter the DHA evaluation phase. It will be assigned to an onboarding batch, and DHA representatives will contact you with feedback or approval once the initial verification is complete.

Begin Integration

Start integration after getting DHA approval through your technical team or software vendor. Configure HL7 message triggers, APIs, and secure data channels to connect your Electronic Medical Records (EMR) system with NABIDH’s central database.

Test and Monitor

Perform thorough system testing with DHA supervision. Exchange sample medical data to confirm that patient information transfers accurately. Identify and fix issues before you get final approval.

Receive Final Approval

Once sample testing is successful, DHA issues an official completion certificate. You will receive a Go-Live email. This email authorizes your facility to operate fully in accordance with NABIDH compliance standards.

Start Using NABIDH

Your facility is now connected to the NABIDH health information exchange for sharing, viewing, and accessing patient records across all connected facilities.

How can patients get the NABIDH Opt-Out  Form?

Patients can get the NABIDH Opt-Out Form directly from their healthcare service provider in Dubai. They need to fill out and return the completed form to the same provider who manages their medical records, as patients in Dubai are automatically enrolled in NABIDH when they receive care at any connected facility. However, they can choose to opt out of the data exchange if they do not wish to share their medical records across providers.

How to obtain opt-out forms:

  1. Visit your healthcare facility in Dubai and ask for the NABIDH Opt-Out Form.
  2. Go through the form carefully to understand what opting out means for your medical data and care access.
  3. Choose one of the available options:
    1. Facility Opt-Out: Stops data sharing only from that specific facility.
    2. Global Opt-Out: Blocks your data from being shared across all NABIDH-connected facilities.
  4. Fill out all the required information, including your name, Emirates ID, date of birth, address, city, phone number, and email.
  5. If you are below 18 years of age, your parent or legal guardian must complete and sign the form.
  6. Sign and date the form yourself (or your guardian, if applicable).
  7. Return the filled form to your healthcare provider for processing.
  8. The healthcare provider will forward your form to the Dubai Health Authority (DHA) for approval.
  9. The request is usually processed within two to five working days. During this period, your medical information will gradually stop being shared within NABIDH.
  10. Once processed, your health records will no longer be visible to other NABIDH-connected facilities, even in emergency cases. Make sure your doctor knows your medical history and medications.
  11. If you wish to rejoin later, fill out an NABIDH Opt-In Form at your healthcare facility to restore access to your data.

What is the Validity Period of NABIDHA Consent?

Patient consent in NABIDH remains valid until revoked or updated. Once a patient opts in, their consent continues indefinitely unless they submit a written opt-out request. If a patient changes their decision, they can re-consent at any time using the same process.

What is NABIDH Compliance Gap Analysis?

NABIDH Compliance Gap Analysis is an assessment process that helps healthcare facilities identify gaps between their current systems, processes, and the requirements set by the Dubai Health Authority (DHA) for NABIDH integration. It checks EMR compliance, identifies policy and training gaps, ensures DHA data standards, reduces penalties, improves security, and streamlines integration for smooth DHA approval, meeting all technical, operational, and legal requirements.

Process:

  1. Review existing EMR capabilities and data exchange practices.
  2. Compare against NABIDH’s Minimum Data Set and authentication standards.
  3. Generate a report highlighting areas needing improvement.
  4. Implement corrective actions and track compliance until all gaps are resolved.

What are the Benefits of NABIDH DHA?

The benefits of NABIDH are different for facilities, professionals, and patients. Facilities get instant data from one another, whether it is in the private or public sector. Patients benefit from unified records, faster diagnoses, and control over their data. Healthcare professionals gain instant access to complete patient histories, reducing errors and duplicated tests. Overall, NABIDH increases patient safety, care quality, and coordination while supporting Dubai’s digitized, smart healthcare ecosystem.

Benefits for Facilities

  • Less paperwork
  • Data-driven decisions
  • Aggregated data helps with clinical studies and analysis

Benefits for Patients

  • Complete medical history in one place
  • Faster and accurate diagnoses 
  • Patients can manage access and opt out if desired

Benefits for Healthcare Professionals

  • View patient records across facilities in real time
  • Comprehensive data reduces misdiagnoses
  • Digital records save time for clinical tasks

What are the Technical Features of the NABIDH DHA Portal?

NABIDH provides technical features for developers, including APIs, technical documentation, and sandbox testing for EMR vendors to ensure real-time data synchronization with Malaffi, and supports secure record exchange. Five main technical features of the NABIDH DHA portal are:

  1. HL7 v2.5 and C-CDA v2.1 support for standardized data exchange between different EMR systems.
  2. FHIR-based APIs for secure, real-time communication with healthcare applications.
  3. Data encryption (AES-256 and TLS 1.2) to protect patient information during storage and transfer.
  4. Role-based access control (RBAC) with authentication through DHA identity management.
  5. Audit and monitoring tools that track data access, integration errors, and system activity in real time.

What Is the Unique Patient Identifier?

Every patient in NABIDH is assigned a unique health identifier (UHID) linked to their Emirates ID. This ensures each record corresponds to one individual, even if they visit multiple healthcare providers. The UHID enables accurate tracking, updates, and retrieval of medical histories across facilities.

How does NABIDH handle Data?

NABIDH ensures strict privacy, encryption, and access control for all patient data, including VIP records. Only authorized healthcare professionals can access medical information for treatment. Insurance companies cannot access records. 

Data remains encrypted, validated, and securely stored for life. The system uses multi-layered security, unique identifiers, and emergency “Break-the-Glass” access for urgent care.

Who Can Access Data?

Authorized healthcare providers and persons involved in a patient’s treatment who are allowed by the DHA can access NABIDH data. However, they also need to log in through secure authentication, as per DHA’s access control policy. Only clinical staff for patient care purposes are permitted to view patient records. Administrative or non-clinical personnel cannot access medical data without explicit authorization.

What Types of Clinical Data Are Shared by NABIDH?

Clinical data, such as patient demographics, diagnoses, treatment history, lab and imaging results, medication and allergy lists, immunization records, and hospital admission or discharge summaries, are shared by NABIDH. Shared data includes:

  • Demographic details (name, age, gender, ID)
  • Diagnoses and treatment history
  • Laboratory results and imaging reports
  • Medication and allergy lists
  • Immunization records
  • Hospital admissions and discharge summaries

Can Insurance Companies Access Patient Data?

No, insurance companies cannot access NABIDH data directly. The platform is for clinical use only and not for administrative or commercial purposes. Insurers may receive health-related details only with patient permission or through authorized DHA-approved processes.

How Does NABIDH Handle Missing or Incorrect Data?

NABIDH uses data validation and feedback mechanisms to detect inconsistencies. Facilities are notified of missing or incorrect records. After which, it is corrected in their local EMR system. Updates are then automatically synchronized.

What Is NABIDH Data Mapping?

Data mapping is the process of aligning medical data from different systems into NABIDH’s unified structure. It converts various coding formats and terminologies into standardized classifications such as ICD-10-CM for diagnoses and CPT-4 for procedures, ensuring consistent interpretation and exchange.

How Long Is Patient Data Retained?

Patient data in NABIDH is retained for the lifetime of the patient, in compliance with DHA regulations. Records remain securely stored for clinical continuity, legal compliance, and historical reference. Even after death or opt-out, data may be archived under strict access controls for authorized medical, legal, or research purposes.

Is NABIDH DHA Secure?

Yes. NABIDH is built under the Dubai Health Authority’s (DHA) Health Information Security Standards (HISS), which follow UAE federal laws for data protection. It ensures that every exchange of medical information is encrypted, monitored, and traceable. Access to the system is role-based, meaning only authorized users can view or update data relevant to their job.

The system maintains complete audit trails, so every access or modification of data is recorded. This traceability ensures accountability and transparency within the healthcare network.

What is the Level of Information Security?

NABIDH maintains a high level of information security, following global and local best practices. The platform uses a multi-layered security framework that ensures that medical data remains confidential and tamper-proof.

  • End-to-end encryption for all data transfers between healthcare facilities
  • Multi-factor authentication for users accessing the portal
  • Automatic session timeouts after periods of inactivity
  • Regular vulnerability assessments and penetration testing
  • Access monitoring and periodic audits to detect unauthorized attempts

How Is Patient Information Protected?

Yes, Patient information is protected within NABIDH through strict authorization and consent controls. Healthcare facilities must verify user identities before granting access. Along with this, patients also have the right to opt out or limit access to their records if they wish to.

Protection measures include:

  • Unique user IDs and secure passwords
  • Data encryption at rest and during transmission
  • Role-based access depending on job functions
  • Secure authentication for remote access
  • Patient notification in case of unusual or emergency access

What is Break-the-Glass Access? Is that allowed?

“Break-the-Glass” is a controlled emergency feature in NABIDH that allows doctors to access a patient’s data without prior consent for urgent medical care, but only in life-threatening situations.

When this access is used:

  • It is automatically logged in the system
  • A notification is sent to the patient and the DHA Data Privacy Officer
  • The event undergoes a post-access audit review to verify legitimacy

How does NABIDH handle VIP Data?

NABIDH applies maximum privacy and security protocols for VIP or high-profile individuals. Access to such data is limited to authorized personnel only, using strict authentication controls.

  • All VIP records are encrypted and monitored for unauthorized access.
  • Any access attempt triggers an audit alert.
  • DHA maintains a confidential data management policy for sensitive records.

What is the NABIDH-approved software System?

NABIDH-approved software refers to Electronic Medical Record (EMR) systems that meet the Dubai Health Authority’s (DHA) technical and data exchange standards. These systems are authorized to connect with NABIDH for secure sharing of patient health data.

Approved EMR systems must comply with NABIDH integration, interoperability, and security standards, ensuring accurate data exchange between hospitals, clinics, and laboratories in Dubai.

Common NABIDH-approved software includes:

  • HealthConnect
  • InterSystems TrakCare
  • Cerner Millennium
  • Epic Systems
  • ezCARETECH HIS
  • Malaffi-compatible EMR platforms
  • DXC Technology EMR solutions

Each of these software platforms supports structured data sharing, role-based access, and patient consent management, all aligned with DHA policies.

How can patients get support for login or portal issues?

Patients accessing the NABIDH portal can get help through multiple support channels provided by the Dubai Health Authority (DHA):

  • Dial 800 DHA (800 342) for direct assistance with login problems, password resets, or general portal queries.
  • Contact info@dha.gov.ae with detailed information about the issue. Include your full name, Emirates ID, and a description of the problem.
  • Patients can submit support tickets via the official NABIDH portal for technical guidance or account-related concerns.
  • Healthcare facilities integrated with NABIDH can guide portal access, including password resets and step-by-step instructions.
  • Use “Forgot Password” or account recovery options on the portal to regain access independently.

Why Is NABIDH Important in the Dubai Healthcare System?

NABIDH plays a central role in unifying healthcare data across Dubai. It ensures that all healthcare providers, public or private, can securely access and share a patient’s medical history. In short, NABIDH ensures data-driven, secure, and efficient healthcare delivery, forming the backbone of Dubai’s smart health ecosystem. The Key reasons NABIDH is important:

  • Improved patient safety: Doctors can view complete medical records, reducing diagnostic errors.
  • Continuity of care: Patient data follows them across different hospitals or clinics.
  • Faster treatment decisions: Real-time data sharing enhances emergency care and coordination.
  • Stronger data protection: The platform follows strict DHA and UAE data privacy regulations.
  • Research support: Aggregated data helps in healthcare planning and research projects.

Is there any role of NABIDAH in the DHA License Process?

NABIDH is not directly part of the DHA licensing process, but it becomes mandatory after approval. Licensed healthcare facilities must integrate their EMR systems with NABIDH to ensure data sharing, patient safety, and compliance with DHA regulations. NABIDH integration is also reviewed during facility inspections and license renewals.

Disclaimer: The information provided in this article is intended for general informational purposes only and does not constitute legal, tax, or professional advice. While we strive to ensure accuracy, regulations may change. Readers are encouraged to verify information with official government sources or consult qualified professionals for personalized advice. Happich Consulting assumes no liability for decisions made based on this content.

Related Articles
GET IN TOUCH
Get Expert Advice By FELIX HAPPICH CONSULTANCY
Get in Touch
GET IN TOUCH