Healthcare
Every GCC health ministry has the same vision: a connected health record. A patient moves seamlessly between primary care, specialist consultation, hospital admission, and pharmacy—and every provider
Every GCC health ministry has the same vision: a connected health record. A patient moves seamlessly between primary care, specialist consultation, hospital admission, and pharmacy—and every provider has a unified, real-time view of that patient’s medical history. No redundant tests. No missed diagnoses. No unsafe drug interactions. The vision is sound. The gap between vision and reality remains enormous. According to WHO digital health benchmarks, only 38% of GCC healthcare facilities can exchange clinical data interoperably across system boundaries. Meanwhile, patient demand for control over their medical records has surged—driven by awareness of data rights and frustration with siloed systems. A 2025 survey found 64% of GCC healthcare users expect to be able to access their full medical record via mobile app within 24 hours of a clinical encounter. Most health systems can’t deliver that today. This tension—between the necessity of interoperability and the complexity of achieving it—is defining healthcare infrastructure strategy across the region.
Saudi Arabia: Sehhaty and Tawakkalna Health Saudi Arabia’s MOH has invested heavily in Sehhaty, a 360-degree citizen health portal launched in 2020 and now integrated with Tawakkalna (the national health/identity services app). Sehhaty aggregates data from MOH facilities, military hospitals, private sector providers who participate in the national insurance framework (CCHI), and pharmacies. The architecture is pragmatic: rather than forcing all hospitals to rip-and-replace their EHRs, Sehhaty sits as a “hub” that ingests HL7 v2 and CDA messages from hospital systems and exposes a unified API. Private facilities like Saudi German Hospital and Mediclinic have integrated via these standard feeds. Patients access their records—lab results, imaging reports, prescriptions, appointment history—through the Sehhaty app. The challenge: data freshness and completeness. Not all private facilities participate. Some MOH hospitals still struggle with consistent data quality. And while Sehhaty uses FHIR R5 APIs for new integrations, legacy HL7 v2 feeds create translation bottlenecks. The vision of real-time, bidirectional interoperability across 100% of care sites remains aspirational. UAE: Riayati, Malaffi, and Nabidh The UAE’s health system is fragmented by emirate. Dubai has Riayati (the Roads & Transport Authority health integrator) and Malaffi (Dubai Health Authority’s community health platform). Abu Dhabi has the SEHA network. Sharjah, Ajman, and Northern Emirates operate largely independently. Nabidh—the UAE’s ambitious federated health information system, launched in phases since 2018—is the connective tissue. Nabidh sits above individual emirate platforms and aggregates consent-based data exchange. A patient living in Dubai who visits an Abu Dhabi clinic can (theoretically) have their Dubai health history available in the Abu Dhabi system via Nabidh. In practice, Nabidh operates well for read-only access to historical data (labs, imaging reports, summaries) but real-time bidirectional exchange remains limited. The architecture uses FHIR for modern integrations, but many legacy emirate systems still use proprietary feeds. Governance is also complex: each emirate has its own data protection officer and health authority, so Nabidh must navigate seven separate regulatory regimes. Egypt: UHIA and the National EHR Spine Egypt’s MOH launched the Unified Health Information Architecture (UHIA) in 2021 as a bold, government-backed national EHR spine. The ambition is to create a unified, standards-based clinical record accessible to both public (MOH) and private facilities. The UHIA is designed around FHIR R5 and uses a decentralized architecture where participating hospitals maintain their own data but expose FHIR-compliant APIs through Mediators. Private facilities like Andalusia Group and Cleopatra Hospitals have begun participating. MOH facilities are gradually onboarded. The promise: any provider can query a patient’s record across the entire Egyptian health system. The reality: adoption is slower than anticipated. Not all private hospitals have the technical capacity to implement FHIR APIs. MOH facilities struggle with legacy EHR integration. And enforcement—ensuring that only authorized providers access patient data—relies on technical audit controls that are still being hardened.
Behind these three regional efforts lies a common set of structural challenges: 1. Standards Adoption is Uneven FHIR R5 is the gold standard for modern health interoperability. But FHIR is sophisticated—it requires architectural sophistication to implement correctly. Many GCC health systems, particularly in the public sector, are still running HL7 v2 or even paper-based workflows. Forcing everyone to jump to FHIR in parallel creates a decade-long transition burden. Pragmatic solution: Many regional authorities are adopting a “hybrid” approach. New integrations use FHIR. Legacy systems continue via HL7 v2 with translation layers at the hub. This works but is operationally complex and creates data quality risk at translation boundaries. 2. Consent, Privacy, and Data Governance are Legally Complex Every GCC nation has enacted data protection laws: Saudi Arabia’s PDPL (2021), UAE’s PDPL (2021), Egypt’s PDPL (2020). All impose strict requirements on patient consent, data minimization, and purpose limitation. In theory, a patient should be able to say “my Abu Dhabi hospital can access my Dubai records” or “my Egyptian private doctor can see my MOH records.” In practice, implementing fine-grained, patient-controlled consent at scale is technically and operationally hard. Sehhaty, Nabidh, and UHIA all support consent mechanisms, but they’re often clunky—patients must manually authorize each disclosure rather than setting broad policies. Worse: cross-border data sharing (e.g., a patient treated in Dubai and then moving to Saudi Arabia) creates jurisdictional ambiguity. Which privacy law applies? Who is the data controller? How is consent evidence preserved? 3. Cybersecurity Raises the Stakes A connected health record is a honeypot for attackers. Every data exchange is a potential attack surface. If an attacker compromises the Sehhaty hub, they could potentially access millions of patients’ complete medical histories. If Nabidh’s federation layer is misconfigured, they could access cross-emirate data. Regional health authorities are taking this seriously. Saudi MOH’s cyber requirements (2023), UAE PDPL cybersecurity amendments (2024), and Egypt’s sectoral cyber guidance all mandate strong encryption, intrusion detection, and incident response for health data systems. But implementation varies widely. Many private hospitals still haven’t fully upgraded their cybersecurity posture. And smaller facilities often lack in-house security expertise. The result: interoperability initiatives are slowing down to accommodate rigorous security review. This is the right trade-off, but it delays the vision. 4. Organizational Silos and Competing Incentives Here’s a truth rarely voiced: hospitals don’t always want to be interoperable. A hospital’s EHR is a source of switching costs and competitive advantage. If I own your medical data and you can only access it through my system, you’re more likely to return to me for care. This is especially true in the private sector, where hospitals compete for patients. Mediclinic, Mediclinic, Saudi German Hospital, and Vezeeta all participate in national interoperability frameworks to varying degrees—but none is enthusiastic about surrendering data lock-in. Public health authorities are pushing back via regulation and incentives. MOH KSA’s recent directive (2024) incentivizes Sehhaty participation for insurance reimbursement. MOHAP UAE is rewarding facilities that achieve Nabidh integration with higher network status. But cultural and organizational resistance remains.
From our work with health systems across the region, we’ve identified a consistent pattern: the technical challenges of interoperability are solvable. The governance challenges are not. Here’s what we mean:Standards exist (FHIR R5). Tools exist (integration platforms, API gateways, terminology servers)., The bottleneck is organizational: Who decides what data gets shared? Who is liable if a data breach occurs? How do we ensure audit trails are tamper-proof? What’s the patient’s right to access, rectify, or delete their data?These are not IT questions. They’re policy, legal, and organizational questions. And they require deep domain expertise across healthcare operations, data governance, cybersecurity, and regulatory compliance. Our Octopus platform helps health systems build modern IT and data governance teams—people who understand both the technical and organizational dimensions of interoperability. We work with hospitals to map regulatory requirements (PDPL, MOH standards, hospital accreditation) to technical architecture. We design consent and audit mechanisms that are both secure and user-friendly. Our Frameworks & Policies pillar brings in healthcare governance experts who help design interoperability strategies that align with regional laws, patient rights, and competitive dynamics. We’ve worked with health authorities on FHIR adoption roadmaps and with private health systems on participating in national exchanges without surrendering competitive advantage. And our Fibonacci ventures team scouts for startups that are solving interoperability problems—both technical (API gateways, terminology mapping, data quality assurance) and organizational (patient consent management, data governance platforms, compliance automation). Several portfolio companies are directly addressing interoperability friction in the GCC.
The connected health record is achievable in the GCC. It requires:Clear governance models: Health authorities need to define who controls what data, under what circumstances, and with what audit mechanisms. Sehhaty, Nabidh, and UHIA are all moving in this direction, but more clarity is needed., Phased technical migration: Not every hospital can move to FHIR R5 simultaneously. Hybrid approaches (FHIR-forward, HL7 v2 support) are pragmatic bridges., Patient-centric design: Consent and data access mechanisms must be simple enough that patients actually use them. Today’s clunky authorization flows won’t scale., Cybersecurity-first architecture: Interoperability initiatives must embed security from day one, not retrofit it. This means investment in identity management, encryption, and monitoring across the exchange., Talent and expertise: Health systems need teams that understand both healthcare operations and modern data architecture. This is the scarcest resource.
Interoperability is not a technology problem anymore. It’s an organizational and governance challenge. The GCC’s national health authorities—MOH KSA, MOHAP UAE, MOH Egypt—have chosen the right path with Sehhaty, Nabidh, and UHIA. The gap between vision and reality will narrow as implementation matures and regional expertise deepens. For healthcare organizations considering how to participate in these ecosystems, the question is not whether to integrate—regulatory and competitive pressure are making that decision for you. The question is how to integrate in a way that protects patient safety, respects data rights, and maintains organizational competitiveness. That’s where governance expertise becomes the differentiator. Building a data-driven, interoperable health system requires more than technology—it requires strategy, governance, and deep healthcare expertise. Robusta Technology Group brings all three. Let’s talk about how to navigate the interoperability journey while managing risk and building competitive advantage.
What's holding back digital health adoption in MENA — and the design strategies that are breaking through cultural and infrastructure barriers.
COVID accelerated telehealth adoption by five years. But the question is whether that adoption is structural or transient — and what product teams must build to make it permanent.
Electronic health records, interoperability standards, and consent-based data sharing are transforming healthcare delivery across MENA. Here's what building health data infrastructure actually requires.
Egypt's private healthcare sector runs on paper, WhatsApp, and fragmented software. Clinic management platforms that eliminate this complexity are driving measurable improvements in patient experience and operational efficiency.
Healthcare systems across the MENA region are at an inflection point. According to WHO digital health benchmarks, over 70% of GCC hospitals now operate some form of electronic health system, yet...
