ADHICS v2.0 Cybersecurity Compliance
ADHICS
v2.0
SECURE
ITSEC
HEALTHCARE_SEC
COMPLIANT
Department of Health – Abu Dhabi

ADHICS v2.0 Compliance —
Abu Dhabi Healthcare
Cybersecurity

The mandatory cybersecurity standard for all healthcare entities in Abu Dhabi. ITSEC ensures your organization meets every ADHICS v2.0 requirement and is AAMEN platform-ready.

Consult Cyber Experts
ADHICS v2.0 Certified Assessor
AAMEN Platform Ready
72-Hour Breach Notification

What is ADHICS?

Abu Dhabi Healthcare Information & Cyber Security Standard v2.0 (2024)

ADHICS is a mandatory cybersecurity standard issued by the Department of Health – Abu Dhabi (DoH). It applies to all healthcare entities in Abu Dhabi that store, process, or handle health information. The latest ADHICS v2.0 (released 2024) significantly expands the original 2019 standard, adding 11 comprehensive security domains including AI governance, IoMT security, and cloud healthcare controls. Non-compliance can result in license suspension, fines, and operational restrictions.

72-Hour Breach Notification

Mandatory reporting of security incidents to DoH within 72 hours with full incident playbooks

AAMEN Platform

DoH's digital platform for ADHICS compliance tracking, self-assessment submissions, and audit management

AI & Emerging Tech Governance

New v2.0 requirements for AI-powered diagnostics, health tools, and emerging technology oversight

ITSEC ensures your Abu Dhabi healthcare entity meets every ADHICS v2.0 requirement

Healthcare Security Certifications

ISO 27001 Certified
Information Security Management
ISO 27799
Health Informatics Security
ADHICS Certified Assessor
DoH Approved Partner
HIPAA Aligned
International PHI Standards

Trusted by Abu Dhabi Healthcare Leaders

SH
SEHA Hospital Network
CC
Cleveland Clinic AD
NM
NMC Healthcare
TH
Telehealth Platform
AI
Health AI Startup
PH
Abu Dhabi Pharmacy Chain
Client names confidential per NDA agreements

Proven Track Record in Abu Dhabi Healthcare Security

150+

Healthcare Assessments

40+

ADHICS Audits Completed

100%

ADHICS Compliance Rate

0

Data Breaches Post-Assessment

ADHICS v2.0 Core Requirements

The Department of Health – Abu Dhabi mandates 12 comprehensive cybersecurity domains for all healthcare entities operating in the emirate.

Governance & Risk Management
CISO appointment, cybersecurity strategy, and periodic risk assessments
ITSEC Solution: vCISO services & risk framework design
Asset Management
Inventory of all IT assets, medical devices, and IoT equipment
ITSEC Solution: Asset discovery & classification
Access Control
Role-based access, MFA, and privileged access management
ITSEC Solution: IAM implementation & PAM setup
Data Protection & Privacy
Encryption at rest/in transit, PHI handling, data classification, and consent management
ITSEC Solution: Data protection assessment & encryption review
Network Security
Network segmentation, firewall rules, and intrusion detection systems
ITSEC Solution: Network architecture review & IDS/IPS deployment
Incident Response (72-Hour)
Mandatory 72-hour breach notification to DoH with incident playbooks
ITSEC Solution: IR plan development & tabletop exercises
Third-Party Risk Management
Vendor assessments, supply chain security, and contractor controls
ITSEC Solution: Third-party risk assessment framework
Business Continuity & DR
BCP/DR plans with regular testing and recovery time objectives
ITSEC Solution: BCDR design & failover testing
Cloud Security
Cloud-specific controls for healthcare SaaS/IaaS applications
ITSEC Solution: Cloud security assessment & hardening
Medical Device Security (IoMT)
Internet of Medical Things, PACS/DICOM, and connected device controls
ITSEC Solution: IoMT security assessment & segmentation
AI & Emerging Technology
Governance for AI-powered diagnostics, health tools, and emerging tech oversight
ITSEC Solution: AI security audit & governance framework
AAMEN Platform Compliance
Self-assessment submission, compliance tracking, and audit evidence via AAMEN
ITSEC Solution: AAMEN readiness & submission support

Tailored Solutions for Every Abu Dhabi Healthcare Entity

Network & Infrastructure Security

Comprehensive hospital network, SEHA facility, and medical device security assessments

EHR/EMR Security

Electronic health records protection, access controls, and PHI encryption

AAMEN Submission Support

Complete self-assessment preparation and DoH audit readiness

Pharmacy Data Protection

Prescription records, patient data, and dispensing system security

Laboratory Information Security

LIMS protection, diagnostic data integrity, and sample tracking security

Supply Chain Security

Drug distribution, vendor data protection, and procurement system security

Platform Security Testing

Video consultation and remote care platform security assessment

Data Transmission Security

End-to-end encryption for remote consultations and patient data

Patient Authentication

Secure identity verification and consent management for remote patients

Claims Data Protection

Secure claims processing and member data security

Member Portal Security

Policyholder authentication and data access controls

Provider Network Security

Secure data exchange with healthcare providers across Abu Dhabi

PACS/DICOM Security

Medical imaging system security assessment and DICOM protocol hardening

Connected Device Assessment

IoMT inventory, vulnerability scanning, and network segmentation

Firmware & Patch Management

Medical device firmware security and update management

AI Model Security Audit

Security assessment of diagnostic AI systems and health analytics

Algorithm Validation

Bias testing, clinical accuracy verification, and adversarial robustness

DoH AI Registration

Regulatory submission support and AI governance documentation

SaaS Security Assessment

Cloud healthcare application security and data residency verification

API & Integration Security

Secure API design for health system integrations and data exchange

Vendor Compliance Documentation

ADHICS evidence packages for healthcare client procurement processes

ADHICS v2.0 vs v1.0 — What Changed?

The 2024 update significantly expands scope and adds critical new requirements. Organizations compliant with v1.0 must upgrade.

Area ADHICS v1.0 (2019) ADHICS v2.0 (2024)
AI Governance Not addressed Full AI & emerging tech domain added
IoMT / Medical Devices Basic device inventory Comprehensive IoMT security controls
Cloud Security General IT controls Healthcare-specific cloud requirements
Incident Response Best practice guidance Mandatory 72-hour breach notification
Third-Party Risk Limited vendor checks Full supply chain security program
AAMEN Platform Manual submissions Digital compliance tracking & self-assessment
Data Classification Basic categories Detailed PHI classification with consent management

5-Step ADHICS Compliance Process

Week 1
Gap Assessment & Scoping
Deliverables:
ADHICS v2.0 gap analysis ●
Entity type assessment ●
AAMEN readiness review ●
Weeks 2-3
Risk Assessment & Controls Review
Deliverables:
● PHI protection assessment
● IoMT inventory & scanning
● Network segmentation review
Weeks 3-6
Remediation & Implementation
Key Deliverables:
Security controls deployment ●
Policy & procedure development ●
Staff awareness training ●
Week 7
AAMEN Submission & DoH Audit
Key Deliverables:
● Self-assessment submission
● Evidence package preparation
● DoH audit support
Ongoing
Certification & Ongoing Monitoring
Key Deliverables:
ADHICS certification ●
Continuous compliance monitoring ●
Annual reassessment ●

Transparent Compliance Pricing

Choose the package that fits your compliance needs

Essential ADHICS
Contact Us

Perfect for clinics, pharmacies, and labs

✔ ADHICS v2.0 Gap Assessment
✔ PHI Security Review
✔ Basic Vulnerability Scanning
✔ AAMEN Self-Assessment Support
✔ Incident Response Plan Template
✔ Email Support
Get Custom Quote
Most Popular Button - Final Refinement
Most Popular
Complete ADHICS Compliance
Contact Us

Comprehensive coverage for hospitals and telehealth

Everything in Essential, plus:
✔ Full Penetration Testing
✔ IoMT Security Assessment
✔ Monthly Security Reviews
✔ 24/7 Incident Response Hotline
✔ DoH Audit Preparation
✔ Dedicated Compliance Manager
Get Custom Quote
Enterprise Health Shield
Contact Us

White-glove service for hospital networks and health systems

Everything in Complete, plus:
✔ Multi-Facility Coordination
✔ (SEHA)Medical Device Security Audits
✔ AI Governance Framework
✔ Weekly Status Meetings
✔ Priority DoH Liaison
✔ Continuous Threat Monitoring
✔ SLA-Backed Response Times
Get Custom Quote
Need a Custom Solution?

Trusted by Abu Dhabi Healthcare Leaders

ITSEC's deep understanding of ADHICS v2.0 was instrumental in achieving our compliance certification. Their AAMEN platform expertise saved us weeks of preparation time.

M

Dr. Mariam Al-Mazrouei
Chief Information Security Officer
Abu Dhabi Hospital Network
Our telehealth platform passed the DoH audit with zero findings thanks to ITSEC's comprehensive ADHICS assessment. Their IoMT security expertise was particularly valuable.

M

Omar Al-Hashimi
CTO
Abu Dhabi Digital Health
ITSEC helped us navigate the transition from ADHICS v1.0 to v2.0 seamlessly. Their AI governance framework was exactly what we needed for our diagnostic AI systems.

M

Dr. Aisha Al-Kaabi
Director of Health Informatics
SEHA Affiliated Hospital

Case Study: Abu Dhabi Hospital Chain

How a multi-facility healthcare network achieved full ADHICS v2.0 compliance in 8 weeks

The Challenge
A major Abu Dhabi hospital network with 5 facilities needed to transition from ADHICS v1.0 to v2.0 compliance before the DoH deadline. Key challenges included IoMT security across 500+ connected medical devices, AI diagnostic system governance, and AAMEN platform submissions for all locations.
8 Weeks
Compliance Achievement
0 Findings
Inspection Findings
5 Facilities
Weeks to Compliance
ITSEC Solution
☑ Comprehensive IoMT inventory and segmentation across all 5 facilities
☑ 72-hour incident response procedures with DoH notification protocols
☑ Staff training program covering all 11 ADHICS v2.0 domains
☑ AI governance framework for 3 diagnostic AI systems
Framework
☑ AAMEN platform submissions with audit-ready evidence packages
☑ Continuous monitoring dashboard for ongoing compliance
Frequently Asked Questions

ADHICS v2.0 Compliance Explained

What is ADHICS and who must comply?
ADHICS (Abu Dhabi Healthcare Information & Cyber Security Standard) is a mandatory cybersecurity standard issued by the Department of Health – Abu Dhabi (DoH). All healthcare entities in Abu Dhabi must comply, including hospitals, clinics, pharmacies, labs, telehealth platforms, health insurers, health tech companies, and medical device manufacturers — any entity that stores, processes, or handles health information.
What's new in ADHICS v2.0 compared to v1.0?
ADHICS v2.0 (released 2024) significantly expands the original 2019 standard with new domains including AI & Emerging Technology Governance, comprehensive IoMT/Medical Device Security, healthcare-specific Cloud Security controls, mandatory 72-hour breach notification, full Third-Party Risk Management requirements, digital AAMEN platform compliance tracking, and detailed PHI data classification with consent management.
What is the AAMEN platform?
AAMEN is the Department of Health – Abu Dhabi's digital platform for ADHICS compliance tracking and management. Healthcare entities use AAMEN to submit self-assessments, upload compliance evidence, track remediation progress, and manage DoH audit processes. ITSEC provides full AAMEN readiness and submission support.
What happens if we don't comply with ADHICS?
Non-compliance with ADHICS can result in license suspension by the DoH, significant financial penalties, operational restrictions on healthcare activities, and potential reputational damage. The DoH actively enforces ADHICS requirements through audits and inspections.
How long does ADHICS compliance take?
For organizations new to ADHICS, expect 6-10 weeks for full compliance. Organizations transitioning from v1.0 to v2.0 typically require 4-8 weeks depending on existing maturity and the gap in new requirements. Multi-facility networks (like SEHA hospitals) may require 8-12 weeks for coordinated compliance across all locations.
Is ADHICS the same as DHA compliance?
No. ADHICS is issued by the Department of Health – Abu Dhabi (DoH) and applies to Abu Dhabi healthcare entities. DHA (Dubai Health Authority) has separate compliance requirements for Dubai-based healthcare providers. Different regulator, different emirate, different requirements. ITSEC provides compliance services for both.
Do medical device manufacturers need ADHICS compliance?
Yes. ADHICS v2.0 includes specific requirements for medical device security, particularly IoMT (Internet of Medical Things) devices. This covers connected medical devices, PACS/DICOM systems, patient monitoring equipment, and any device that processes or transmits health data within Abu Dhabi healthcare facilities.
How does the 72-hour breach notification work?
Under ADHICS v2.0, healthcare entities must report confirmed security incidents to the DoH within 72 hours of detection. This requires pre-established incident response playbooks, designated notification contacts, evidence preservation procedures, and communication protocols. ITSEC helps develop and test these through tabletop exercises.
ITSEC - Security Assessment
World Map

Ready to Secure Your Digital Assets?

Get a comprehensive security assessment from our expert team. Protecting businesses since 2011.

Consult Cyber Experts
NDA Protected
24hr Response
Global Coverage
×

ITSEC Security Agent

AI-Powered • 24/7 Active

👋 Welcome to ITSEC – UAE's first AI-augmented cybersecurity firm.

I'm your AI Security Agent. How can I assist you with your cybersecurity needs today?
ITSEC AI
Secured by ITSEC AI • ISO 27001 Certified