Telemedicine Services Agreement (UAE)

A Telemedicine Services Agreement in the United Arab Emirates is a commercial contract governing the delivery of remote clinical consultations and healthcare services through digital technology platforms by a licensed telemedicine provider to a corporate client — typically an insurer, employer, managed care organisation, or healthcare group — in exchange for a fee. The agreement regulates the clinical scope, the technology platform, the availability standards, the data protection obligations, and the allocation of regulatory and medical liability responsibilities under UAE healthcare law.

Telemedicine in the UAE is regulated at the emirate and federal levels. The Dubai Health Authority (DHA) issued its Telemedicine Policy in 2020 and requires telemedicine providers in Dubai to hold a facility licence with a telemedicine endorsement and to comply with platform security, patient consent, and clinical standards specific to remote delivery. The Department of Health Abu Dhabi (DOH) regulates telemedicine in Abu Dhabi through its own standards framework. The Ministry of Health and Prevention (MOHAP) has published federal telemedicine guidelines that apply across the other emirates. Each authority specifies which clinical services may be delivered remotely, the patient consent process required before a telemedicine consultation, the e-prescription rules, and the technical standards for platform security and data handling.

The contractual framework rests on the UAE Civil Code (Federal Law No. 5 of 1985): Article 125 on contract formation, Article 246 on good-faith performance, Article 257 making the contract the law of the parties, and Articles 282 and 389 on compensation for breach. Medical Liability Federal Law No. 4 of 2016 applies to telemedicine consultations on the same basis as in-person consultations, holding practitioners to the standard of care of a reasonably competent practitioner in the same specialty and making the licensed facility jointly liable for harm caused on its watch.

Patient health data — the content of telemedicine consultations, diagnoses, prescriptions, and clinical notes — is sensitive personal data under the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), administered by the UAE Data Office. The law imposes heightened obligations on the processing of health data, including a requirement for a lawful basis, explicit consent in most healthcare contexts, appropriate security, breach notification within 72 hours, and restrictions on cross-border transfer. For parties in the DIFC, the DIFC Data Protection Law (DIFC Law No. 5 of 2020) applies instead.

VAT treatment under the VAT Law (Federal Decree-Law No. 8 of 2017), administered by the Federal Tax Authority (FTA), is complex: clinical telemedicine services may qualify as zero-rated healthcare supplies under Cabinet Decision No. 52 of 2017, while technology, platform, and administrative services are likely standard-rated at 5%. The agreement must address each category of supply separately. Electronic execution is valid under the Electronic Transactions and Trust Services Law (Federal Decree-Law No. 46 of 2021).

A Telemedicine Services Agreement in the United Arab Emirates is needed whenever a licensed telemedicine platform provider enters a commercial arrangement with a corporate client to deliver remote healthcare services at scale, and both parties need enforceable terms under UAE law.

Health insurance and managed care is the largest use case. Insurers operating under the UAE's mandatory health insurance regime — implemented in Dubai under DHA regulations and in Abu Dhabi through the Abu Dhabi Health Services Company (SEHA) and the DOH — engage telemedicine providers to offer virtual GP consultations, urgent care triage, and chronic disease management as part of the insured member's benefit plan. The Telemedicine Services Agreement governs the fee per consultation, the referral and pre-authorisation protocols, the data flows between the telemedicine platform and the insurer's member management systems, and the quality standards the provider must meet.

Corporate employee wellness programmes drive a growing segment of telemedicine agreements. Employers across Dubai and Abu Dhabi, and in the free zones of the DIFC and the ADGM, offer telemedicine access as an employee benefit. The agreement with the telemedicine provider covers access for a defined employee population, the consultation fee structure, availability standards, and the data handling rules required by the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021).

Government and semi-government bodies partner with telemedicine providers to deliver healthcare services to remote workforces, construction sites, and underserved communities across the UAE. These arrangements require agreements compliant with MOHAP standards and the federal telemedicine guidelines, with reporting obligations to the relevant health authority.

Healthcare groups and hospital networks use telemedicine agreements to extend their clinical reach digitally, offering specialist follow-up consultations and chronic disease management via accredited platforms. A written Telemedicine Services Agreement in every case protects both parties by fixing the scope of services, the regulatory compliance obligations, the data protection measures under the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), and the forum for resolving disputes.

A UAE Telemedicine Services Agreement compliant with DHA/DOH/MOHAP telemedicine regulations, Medical Liability Federal Law No. 4 of 2016, and the UAE Civil Code (Federal Law No. 5 of 1985) must contain the following elements. The forms-legal.com UAE Telemedicine Services Agreement template addresses each component in a structure accepted by the Dubai Courts, the Abu Dhabi Judicial Department, and free-zone tribunals.

Party identification must record the full legal name of the telemedicine provider and the client, the provider's telemedicine facility licence number from the Dubai Health Authority, the Department of Health Abu Dhabi, or the Ministry of Health and Prevention, and the registered address of each. The client's trade licence or Emirates ID confirms its identity.

Scope of telemedicine services must describe precisely the clinical services the provider will deliver remotely — GP consultations, chronic disease management, mental health, triage, prescription services — within the scope permitted by the applicable health authority's telemedicine policy. Services requiring in-person examination must be expressly excluded.

Technology platform and standards must describe the digital platform, its compliance with the DHA, DOH, or MOHAP technical requirements for telemedicine, and the security standards applied — encryption, access controls, audit trails, and availability.

Service levels must set measurable standards — response time from request to consultation, uptime percentage, prescription turnaround, referral processing time — and define consequences for failing to meet them.

Fees and VAT treatment must state the fee per consultation, the minimum monthly commitment in AED, and the VAT treatment of each service category, distinguishing zero-rated clinical supplies from standard-rated technology and administrative services. Compliant tax invoices meeting Federal Tax Authority (FTA) requirements must be issued for all taxable supplies.

Regulatory compliance obligations must require the provider to maintain the telemedicine facility licence, ensure all practitioners hold valid telemedicine-endorsed practice licences from the relevant health authority, maintain professional indemnity insurance under Medical Liability Federal Law No. 4 of 2016, obtain patient consent in the form required by the applicable authority, and notify the client of any regulatory investigation or licence issue immediately.

Data protection must identify the data controller and processor, impose PDPL-compliant processor obligations on the provider under the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), address patient consent for health data processing, prohibit cross-border transfer without consent and safeguards, and set obligations for breach notification and data return or deletion on termination.

Liability must preserve both parties' obligations under Medical Liability Federal Law No. 4 of 2016 and Articles 282 and 389 of the UAE Civil Code. No clause may exclude medical negligence liability that cannot be waived under Federal Law No. 4 of 2016.

Termination must provide for notice-based termination for convenience, immediate termination on licence suspension or revocation, termination for material breach, and post-termination obligations for patient data extraction, handover, and deletion.

Completing a Telemedicine Services Agreement for the United Arab Emirates requires the parties to align on the regulatory framework, the clinical services in scope, the technology platform, and the data protection model before completing the template.

Begin with the parties. Enter the provider's full legal name and telemedicine facility licence number from the Dubai Health Authority, the Department of Health Abu Dhabi, or the Ministry of Health and Prevention. Enter the client's full legal name and trade licence or Emirates ID. Record the registered address of each party.

Enter the date of the agreement in DD/MM/YYYY format.

Describe the telemedicine services precisely. List each clinical service type — GP consultations, chronic disease management follow-ups, mental health consultations, triage, prescription renewal — and confirm that each service is within the scope permitted by the applicable health authority's telemedicine policy. Exclude services that require in-person examination.

Describe the technology platform. Identify the application or web portal, state the security standards applied, and confirm compliance with the DHA, DOH, or MOHAP technical requirements for telemedicine platforms.

Set the availability standards: the hours during which consultations are available, the response time from booking to consultation, and the uptime target.

Set the start date and term. State the duration and whether the agreement renews automatically or requires written agreement.

Complete the fees. Express the fee per consultation and any minimum commitment in AED. Determine the VAT treatment for each service category and require the provider to issue compliant tax invoices.

Select the applicable regulatory authority — DHA, DOH, or MOHAP — from the dropdown to ensure compliance clauses reference the correct body.

Set the termination notice period and include the immediate termination trigger for licence revocation.

Select the governing courts and arrange signatures. Electronic signatures are valid under the Electronic Transactions and Trust Services Law (Federal Decree-Law No. 46 of 2021).

A Telemedicine Services Agreement in the United Arab Emirates must comply with a layered set of legal requirements that reflect both the commercial nature of the arrangement and the regulated nature of healthcare.

Medical Liability Federal Law No. 4 of 2016 applies to telemedicine consultations as it does to in-person consultations. Article 4 holds practitioners to the standard of a reasonably competent practitioner in the same specialty. Medical Liability Committees at federal and emirate levels examine complaints. Professional indemnity insurance is mandatory for all practitioners. The licensed facility — the telemedicine provider — is jointly liable for harm caused on its watch.

Telemedicine licensing requirements come from: the Dubai Health Authority's Telemedicine Policy (2020) and the DHA facility licence with telemedicine endorsement for Dubai providers; the Department of Health Abu Dhabi's telemedicine standards for Abu Dhabi providers; and MOHAP's federal telemedicine guidelines for providers in other emirates. Patient consent requirements are set by each authority and must be captured in a durable form before each consultation.

The Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) governs patient health data processing. Health data is sensitive personal data requiring explicit consent as the standard lawful basis in healthcare contexts, heightened security, 72-hour breach notification, and cross-border transfer restrictions. The UAE Data Office administers the law.

The UAE Civil Code (Federal Law No. 5 of 1985) governs the commercial contract: Article 125 on formation, Article 246 on good faith, Article 257 making the contract the law of the parties, and Articles 282 and 389 on compensation for breach. The VAT Law (Federal Decree-Law No. 8 of 2017) determines VAT treatment — clinical supplies may be zero-rated, management and technology services are standard-rated at 5%. The Electronic Transactions and Trust Services Law (Federal Decree-Law No. 46 of 2021) validates electronic execution.

A UAE Telemedicine Services Agreement governs one of the most technologically and legally complex healthcare arrangements. The following errors are common and can lead to regulatory enforcement or patient harm claims.

1. No telemedicine-specific licence check. A provider holding only a general facility licence without a telemedicine endorsement from the Dubai Health Authority, the Department of Health Abu Dhabi, or the Ministry of Health and Prevention is not authorised to deliver telemedicine services. The client must verify the telemedicine endorsement before execution, not just the general facility licence.

2. Including services that require in-person examination. Agreeing to deliver clinical services by telemedicine that the applicable health authority requires to be delivered in person exposes the provider to Medical Liability Federal Law No. 4 of 2016 liability and puts the client's patients at risk. Check DHA, DOH, or MOHAP telemedicine scope restrictions before finalising the services schedule.

3. No patient consent process. The DHA, DOH, and MOHAP each require patient consent before a telemedicine consultation in a specific form. An agreement that does not require the provider to implement a compliant consent process and record consent leaves the clinical records potentially inadmissible before Medical Liability Committees.

4. Incorrect VAT treatment. Applying zero-rating to the platform and technology components of the agreement without FTA confirmation is a common error. Only clinical healthcare services to humans may qualify for zero-rating under Cabinet Decision No. 52 of 2017; technology and management services are standard-rated at 5%.

5. Weak data processor obligations. A corporate client that fails to impose full PDPL-compliant processor obligations on the telemedicine provider — including instruction-only processing, security, breach notification, and data deletion on termination — retains the exposure as data controller if the provider mishandles patient health data.

6. No cross-border data transfer restriction. Where the provider routes patient data through offshore infrastructure or uses international cloud providers, the PDPL cross-border transfer restrictions apply. An agreement without a restriction on offshore routing without the client's consent and adequate safeguards is non-compliant with the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021).

7. Vague data exit obligations. Without a clear obligation on the provider to deliver a complete patient data extract and delete all patient data on termination, the client cannot demonstrate PDPL compliance and may not be able to transition its patient population to a new provider.