PATIENT PRIVACY NOTICE
Reviera Medical Center is committed to protecting the confidentiality, integrity, and security of all Personal Identifiable Information (PII) and Protected Health Information (PHI) entrusted to us. This Data Privacy Notice outlines how patient information is collected, used, disclosed, and safeguarded in accordance with applicable laws and regulations issued by the Department of Health – United Arab Emirates and the Abu Dhabi Healthcare Information and Cyber Security (ADHICS) Standard.
AIM & PURPOSE
This Privacy Notice explains how we collect, use, protect, and share your personal and health information in accordance with the Abu Dhabi Healthcare Information and Cyber Security (ADHICS) Standard and applicable UAE regulations. Our aim is to ensure that every patient clearly understands how their information is handled and the measures we take to safeguard confidentiality. The purpose of this notice is to promote transparency, support your rights as a patient, and demonstrate our commitment to secure, ethical, and lawful data practices while delivering safe, high‑quality healthcare services.
🔒 OUR COMMITMENT TO YOUR PRIVACY
We are committed to protecting the confidentiality, integrity, and security of your personal and health information. This notice explains how we collect, use, store, and safeguard your data in accordance with the Abu Dhabi Healthcare Information and Cyber Security (ADHICS) Standard and applicable UAE laws.
DEFINITION OF PI
Personally Identifiable Information (PII)
Personally identifiable information (PII) is any data that could potentially identify a specific individual. Examples are full name, address, identification number, date of birth, gender, memberships to societies, etc.
Protected health Information (PHI)
Protected health information (PHI), also referred to as personal health information, is the demographic information, medical histories, test and laboratory results, mental health conditions, insurance information and other data that a healthcare professional collects to identify an individual and determine appropriate care.
WHY WE COLLECT AND USE YOUR PERSONALLY IDENTIFIABLE INFORMATION (PII) AND/OR PROTECTED HEALTHCARE INFORMATION (PHI):
We collect and use your Personally Identifiable Information (PII) and/or Protected Health Information (PHI) for various purposes and will not be made available or otherwise used for any purpose other than what was agreed with that individual at the time of data collection, typically related to providing services, ensuring compliance, and enhancing user experience
HOW WE COLLECT YOUR PERSONAL INFORMATION (PII)
We collect your personal information through routine interactions involved in providing healthcare services. This includes information you share or consent by you during registration, consultations, and treatment, as well as details recorded by our clinicians and staff as part of your medical care. We also obtain information through our secure electronic systems, such as appointment platforms and electronic medical records, and from authorized third parties—such as referring physicians, or government entities—when required to support your treatment or comply with legal and regulatory obligations. All information is collected lawfully, securely, and only to the extent necessary to deliver safe, effective, and compliant healthcare.
📘 WHAT INFORMATION WE COLLECT
We collect only the personal and health information necessary to provide safe, effective, and compliant healthcare services. This includes basic identification details, contact information, medical history, clinical records, diagnostic results, insurance and billing information, and any other data required to support your treatment, ensure quality of care, and meet regulatory or legal obligations. All information is collected with the intention of delivering appropriate medical services and maintaining the highest standards of patient safety and confidentiality.
🎯 HOW WE USE YOUR INFORMATION
We use your personal and health information solely to support the delivery of safe, effective, and high‑quality healthcare services. This includes using your information to assess your medical needs, provide diagnosis and treatment, coordinate care with authorized healthcare professionals, and manage administrative functions such as scheduling, billing, and insurance processing. Your information may also be used to meet regulatory and legal requirements, support quality improvement and patient safety activities, and contribute to approved clinical audits or research initiatives that follow strict privacy safeguards. All use of your information is limited to what is necessary, lawful, and directly related to your care and the operation of our healthcare services.
🤝 DISCLOSURE AND SHARING OF INFORMATION
We may disclose or share your personal and health information only when it is necessary, lawful, and directly related to your care or to the operation of our healthcare services. This may include sharing information with:
- Healthcare Professionals involved in your treatment
- Insurance Providers responsible for processing claims
- Government authorities when required to meet regulatory or legal obligations. PHI may be transmitted in electronic formats such as HL7 or XML to entities governed by the Department of Health – Abu Dhabi (DOH). This includes disclosures to the Health Information Exchange (HIE) platform managed by Abu Dhabi Health Data Services (ADHDS), as well as the Shafafiya platform managed and regulated by the DOH.
- Third‑party service providers only when such disclosure is necessary for the provision of contracted services and when explicit patient consent has been obtained, unless otherwise permitted by law.
Any sharing of information is carried out with strict confidentiality safeguards, and we ensure that all parties receiving your information are authorized and obligated to protect it. We do not disclose your information for purposes unrelated to your care, and we never share or sell your information for marketing or commercial use.
🔐 HOW WE PROTECT YOUR INFORMATION
We are committed to safeguarding your personal and health information through robust security measures that ensure its confidentiality, integrity, and availability. Your data is protected using secure systems, controlled access, and industry‑aligned cybersecurity practices designed to prevent unauthorized access, loss, or misuse. We continuously monitor and enhance our security controls, train our staff on privacy and data protection responsibilities, and follow all ADHICS requirements to ensure that your information is handled safely and responsibly at every stage of your care.
YOUR RIGHTS OF ACCESS, CORRECTION, ERASURE AND RESTRICTION
You have the right to understand and control how your personal and health information is handled. This includes the right to request access to the information we hold about you so you can review your records and understand how your data is being used. If you believe any part of your information is inaccurate, incomplete, or outdated, you may request that it be corrected to ensure your records remain accurate and reliable for your care.
In certain circumstances permitted by law and clinical requirements, you may also request the erasure of specific information or ask that the use of your information be restricted—for example, when you contest its accuracy or when you prefer that it not be used for certain non‑essential purposes. All requests are carefully assessed to ensure they align with patient safety, legal obligations, and ADHICS standards, and we will communicate clearly with you about the outcome and any limitations that may apply.
If you wish to exercise any of these rights, you may contact us via email or call us.
Once a request is received, and verified, the designated team shall release the information to you provide feedback to you as governed by law and internal processes.
DATA RETENTION
Reviera Medical Center retains personal information only for the period necessary to fulfil the purposes for which it was collected or as required under applicable laws and regulatory obligations. Once an individual is no longer a patient of the Center, their personal information will continue to be retained in accordance with our established retention policy and the legal requirements governing medical record preservation in the United Arab Emirates. When the retention period expires, or when the information is no longer required, Reviera Medical Center will ensure that the data is securely and irreversibly destroyed using approved disposal methods that prevent unauthorized access, recovery, or misuse.
📞 Contact Us
If you have questions about Entity’s processing of your PHI, contact Reviera Medical Center using any of the following methods:
Email: info@revieramedicalcentre.ae
Phone: 037214949
We are here to support you and ensure your information is handled with the highest level of care and security.