Healthcare IT Infrastructure Checklist
for UAE Clinics and Medical Centres

Photo by National Cancer Institute on Unsplash

Network Foundation — Structured Cabling and Switches

Every other system in this checklist depends on a properly installed structured cabling infrastructure. Clinics that cut corners on cabling during fit-out pay for it repeatedly — in intermittent connectivity faults, in the cost of running additional cables around finished walls, and in the difficulty of diagnosing problems when cabling was not labelled or tested at installation.

For a UAE clinic, the structured cabling scope typically covers:

• Cat6 data points at every workstation (doctor's desk, nurse station, reception, pharmacy counter, billing)
• Data points for IP printers, label printers, and dedicated medical devices (ECG machines, vital signs monitors with network output)
• PoE data points for IP cameras, access control readers, and wireless access points
• A dedicated data cabinet or network room with patch panels, managed switches, router/firewall, and UPS
• Conduit routing for future expansion — it is far cheaper to pull extra conduit during fit-out than to retrofit it through finished ceilings later

For dental clinics specifically, each dental unit typically requires two data points (one for the chair-mounted monitor, one for the digital X-ray sensor receiver), plus a power outlet configuration that aligns with the chair manufacturer's requirements. For radiology rooms, the imaging workstation and DICOM modality connection require dedicated data runs, often with higher cable specifications for PACS throughput.

All cabling should be tested with a cable certifier at installation and a full test report provided. This report is useful documentation for DHA facility inspection and for any future network troubleshooting.

Internet Connectivity for Clinical Systems

A clinic's internet connection is not a commodity — it is a clinical infrastructure component. NABIDH sync, Riayati data exchange, online appointment systems, cloud-based EMR, insurance claim submission, and telemedicine platforms all depend on it simultaneously.

Connection Type and Speed

For a clinic with 3–8 consultation rooms and active NABIDH integration, a minimum 50Mbps dedicated fibre connection is the practical starting point. "Dedicated" matters here — shared business broadband with contention ratios of 20:1 or 50:1 provides 50Mbps theoretical and 5Mbps actual during peak hours, which is not acceptable for clinical operations. Etisalat (eand) and du both offer dedicated fibre products for business and medical premises.

Redundancy — The Second Connection

A single internet connection is a single point of failure. When it goes down — and it will, at some point — NABIDH sync stops, online appointment systems go offline, and insurance claims cannot be submitted. A secondary 4G/5G failover router (Peplink, Cradlepoint, or similar) provides automatic failover in under 60 seconds. The cost of a 4G SIM and failover router is negligible compared to the operational cost of an afternoon without internet in an active clinic.

Static IP Address

Several EMR vendors, PACS systems, and health authority integration layers require a static IP address for secure API access and whitelisting. Confirm with your EMR vendor and NABIDH/Riayati integration partner before finalising your ISP contract — switching ISP or requesting a static IP after go-live is a disruptive process.

VLAN Design for Clinic Environments

Network segmentation in a healthcare facility is both a security requirement and a performance measure. The clinical network carries patient data — it must be isolated from networks accessible to patients, visitors, and non-clinical staff.

Recommended VLAN Structure

• VLAN 10 — Clinical Network: EMR workstations, nursing station PCs, lab systems, PACS workstations. Routed to EMR server and internet (for NABIDH/cloud EMR). No access from patient or guest VLANs.
• VLAN 20 — Administrative Network: Reception PCs, billing workstations, HR systems, management laptops. Internet access. Cannot route to clinical VLAN.
• VLAN 30 — Medical Devices: Connected diagnostic equipment, ECG machines, vital signs monitors, pharmacy dispensing systems. Tightly controlled routing — only to EMR integration endpoints.
• VLAN 40 — IP Cameras / CCTV: All cameras route only to NVR. No internet access. Isolated from all clinical and administrative traffic.
• VLAN 50 — Patient / Guest WiFi: Internet access only via captive portal. Zero access to any internal resource. Speed-limited to prevent saturation of the main connection.
• VLAN 60 — PABX / VoIP: IP phones and PABX system on a dedicated VLAN with QoS voice prioritisation.

This segmentation requires a firewall capable of inter-VLAN routing policies (Fortinet FortiGate, Cisco ASA, or pfSense) and managed switches with 802.1Q VLAN support throughout the facility.

NABIDH, Riayati, and Malaffi Integration Requirements

UAE health information exchange platforms are not optional for licensed healthcare facilities — DHA and DOH require connectivity as a condition of facility licensing and renewal.

What NABIDH Integration Actually Requires

NABIDH (National Backbone for Health Information Exchange in Dubai) connects DHA-licensed facilities for patient record sharing. From an IT infrastructure perspective, NABIDH integration requires:

• A DHA-approved EMR system with a certified NABIDH integration module. Not all EMR software sold in the UAE market is NABIDH-certified — verify this before purchasing.
• Stable internet connectivity with uptime above 99% — NABIDH sync failures accumulate and trigger compliance queries from DHA.
• A static or consistently accessible IP if the integration uses outbound API calls that are whitelisted at the NABIDH gateway.
• SSL certificate validity on any local EMR server components — expired certificates break the secure data channel.

Riayati for Abu Dhabi Facilities

Clinics licensed under DOH (Abu Dhabi) connect to Riayati, which has its own technical integration specifications. The requirements are broadly similar — certified EMR software, stable connectivity, and correct API endpoint configuration. Abu Dhabi's Malaffi platform focuses on patient record sharing between facilities and has a separate integration layer from Riayati's claims and licensing functions.

MedicoPlus and Other UAE EMR Systems

MedicoPlus is one of several UAE-developed clinic management and EMR platforms with built-in NABIDH/Riayati integration. From an IT infrastructure standpoint, MedicoPlus and similar systems can be deployed either on-premise (a local server in the clinic) or accessed as a cloud-hosted SaaS. The on-premise model requires server hardware, a UPS, and local backup — the cloud model shifts infrastructure responsibility to the vendor but requires reliable internet. Both models need the same network segmentation and connectivity requirements outlined above.

EMR Server Room vs Cloud — Which Suits UAE Clinics

On-Premise Server

An on-premise server gives the clinic direct control over patient data location, faster local access speeds (no internet dependency for day-to-day EMR use), and the ability to continue operating during internet outages. The tradeoffs are hardware cost (a suitable server with redundant storage runs AED 15,000–40,000), the need for a proper server cabinet with UPS and cooling, and the management overhead of keeping the server patched and backed up.

For clinics with 5+ consultation rooms or high-volume specialties (radiology, pathology, multi-branch groups), an on-premise server with cloud backup replication is usually the right architecture — local speed for daily operations, cloud for disaster recovery.

Cloud-Hosted EMR

Smaller clinics (1–4 rooms, single specialty) increasingly use cloud-hosted EMR platforms. The clinic IT footprint reduces significantly — a managed switch, firewall, and reliable internet connection are sufficient. The EMR vendor manages server uptime, backups, and software updates. The risk is internet dependency — if connectivity fails, clinical access fails. A 4G failover router becomes more important, not less, in this model.

CCTV Requirements Under DHA and MOH Regulations

DHA facility inspection standards include CCTV as a compliance item. The areas that consistently appear in DHA inspection checklists for camera coverage are:

• Pharmacy and dispensing counter — controlled substance dispensing must be visually recorded
• Medication storage rooms — access logging and visual recording
• Reception and patient waiting area
• Main entrance and exits

Camera specifications: 1080p full HD resolution is the current practical minimum for regulatory compliance — lower resolution cameras that cannot clearly identify individuals are increasingly flagged in inspections. Cameras should have adequate low-light performance for areas where lighting is reduced after hours.

Footage retention: a minimum of 30 days of continuous recording is the commonly cited requirement. For clinics with dispensing activity, longer retention (90 days) is advisable. NVR storage should be sized accordingly — a 16-camera system recording at 1080p typically requires 4–8TB for 30 days of retention at standard frame rates.

The CCTV system should connect through our CCTV installation team who understand DHA facility requirements and can document coverage areas for the inspection file. The NVR must be on a dedicated VLAN with no public internet exposure — remote viewing should use a secure VPN rather than direct NVR port forwarding.

PABX for Multi-Department Call Routing

A clinic with reception, multiple doctor rooms, a pharmacy, a lab, and a billing department needs more than a few standalone phone lines. An IP PABX (Private Automatic Branch Exchange) handles internal extension dialling, inbound call routing, hold queues, and voicemail — all over the structured cabling network using VoIP handsets.

What to Configure for a Clinic PABX

• Direct inward dialling (DID) numbers for each department that receives external calls — patients can dial directly to pharmacy or lab without going through reception
• Auto-attendant menus ("Press 1 for appointments, Press 2 for pharmacy") to reduce reception workload during peak hours
• Hunt groups so incoming appointment calls ring on multiple reception phones simultaneously — first available answers
• Call recording for reception calls — useful for appointment confirmation disputes and compliance
• Integration with the clinic management software appointment module — some systems (including MedicoPlus) support screen-pop caller ID matching for returning patients

Common IP PABX platforms deployed in UAE clinics include 3CX (widely used, supports both cloud and on-premise deployment), Avaya IP Office, and Cisco Unified Communications Manager for larger facilities. 3CX is cost-effective for single-location clinics — the software licence cost is low, and it runs on standard server hardware or the cloud.

UPS and Power Backup

Power interruptions in Dubai and UAE are relatively infrequent compared to many markets, but when they occur, the impact on a clinic without UPS is immediate: open EMR records are lost, the PABX drops all active calls, the NVR stops recording, and any in-progress diagnostic equipment loses its session data.

What Needs UPS Protection

• Network cabinet (switches, firewall, router) — even a 5-minute UPS runtime gives time for a clean shutdown or for power to restore
• EMR server (if on-premise) — servers need clean shutdown time, not abrupt power loss
• NVR system — abrupt power loss to an NVR can corrupt the recording database
• Reception workstations and key doctor workstations — continuity during brief outages

For the network cabinet, a rack-mounted UPS (APC Smart-UPS or Eaton 5PX) with 10–20 minutes of runtime at load gives enough time for either power restoration or a managed shutdown. For the server room, a larger UPS with 30–60 minutes of runtime plus a diesel generator connection is the appropriate spec for clinics with 24-hour operations or those running continuous monitoring equipment.

WiFi for Nursing Carts and Clinical Mobility

Mobile nursing carts with mounted tablets or laptops — used for ward rounds, bedside medication administration, and vital signs entry — depend on seamless WiFi roaming within the clinic. The requirements are similar to warehouse barcode scanner WiFi: 802.11r fast roaming, dedicated SSID for clinical devices, and sufficient AP coverage throughout clinical areas including corridors and treatment rooms.

Clinical WiFi should never be co-mingled with patient WiFi at the network level. Staff devices accessing the EMR must connect to the clinical VLAN SSID, authenticated with WPA2-Enterprise (RADIUS authentication tied to Active Directory). Patient and visitor devices connect to the isolated guest SSID.

In polyclinic and day surgery environments, WiFi coverage needs to extend to operating theatres, recovery rooms, and procedure rooms where clinical devices are used. These areas often have metal-lined walls (RF shielding) that require access point placement planning — not just a coverage survey of the main floor plan.

Backup and Disaster Recovery for Patient Records

UAE health authority regulations (DHA, DOH, MOH) require patient medical records to be retained for a minimum of 10 years. For paediatric patients, retention periods extend to 25 years in some record categories. This is not an IT preference — it is a regulatory obligation that the clinic owner is personally responsible for. An IT infrastructure that loses patient records due to server failure, ransomware, or flood in the server room is a serious regulatory and medico-legal exposure.

Recommended Backup Architecture

The 3-2-1 backup rule applies: three copies of data, on two different media types, with one copy offsite or cloud-hosted.

• Copy 1 — Live server/primary storage: The working data that the EMR reads and writes daily.
• Copy 2 — Local NAS device: Daily incremental and weekly full backups to a NAS in the same location. Enables fast restoration of recent data without internet dependency.
• Copy 3 — Cloud backup: Encrypted replication to cloud storage (Azure UAE North, AWS Bahrain, or a UAE-based cloud provider) for geographic redundancy. Patient data sovereignty — keeping UAE patient data within UAE-region cloud infrastructure — aligns with DHA and TDRA data residency guidelines.

Backup integrity must be verified, not assumed. A quarterly restore drill — actually restoring a backup to a test environment and confirming data completeness — is the only way to know your backup is working. Many clinics discover their backup was silently failing only when they need it.

For ransomware protection, the cloud backup should be configured with immutable retention (write-once, cannot be deleted or modified from the network) so that a ransomware infection cannot reach and encrypt or delete the cloud copy. Azure Blob immutable storage and AWS S3 Object Lock both support this. Full backup and disaster recovery planning for healthcare environments is a distinct discipline from general IT backup — the retention requirements and regulatory context make it more complex.

Specialty Cabling — Dental, Radiology, Pharmacy

Dental Clinics

Modern dental chair units (Planmeca, Kavo, Sirona) have data connectivity requirements: network output for the chair-mounted monitor, USB or network connections for intraoral camera integration, and sometimes Ethernet connectivity for the digital X-ray sensor processing unit. Each chair position typically needs two Cat6 data points plus appropriate power outlets, installed before the chair unit is positioned — retrofitting is extremely difficult once chairs are in place. Coordinate the cabling design with the chair supplier's technical specifications before fit-out begins.

Radiology and Imaging Rooms

DICOM imaging workstations produce large file transfers between the modality (X-ray, ultrasound, CT) and the PACS server. For a radiology room with a digital X-ray unit, the data run from the modality to the network switch should ideally be a dedicated Cat6A run (higher bandwidth headroom than standard Cat6) with the PACS server or NAS storage accessible via a switched gigabit path. Wireless connections for imaging modalities are strongly discouraged — the throughput variability causes DICOM transfer failures and slows radiologist workflow.

Pharmacy and Dispensing

The pharmacy dispensing counter needs data points for the pharmacy management workstation, barcode scanner, label printer, and any connected medication dispensing units. If the clinic uses an automated dispensing cabinet (ADC), the cabinet has its own network connectivity requirements — confirm with the ADC vendor before cabling. The pharmacy POS terminal for patient billing should connect back to the main billing VLAN, not the clinical VLAN, even though it is physically located in the pharmacy.

Full Checklist Summary

Kaizen Star's healthcare IT solutions team has deployed infrastructure for polyclinics, dental groups, medical centres, and specialist practices across Dubai and the UAE. We work with clinic owners from fit-out planning through to go-live, covering network infrastructure, CCTV installation, PABX deployment, backup and disaster recovery, and ongoing managed IT services. For clinics using clinic management software — including MedicoPlus, eClinic, and other UAE platforms — we handle the network-side integration requirements so that your IT provider and software vendor are aligned before go-live.

Frequently Asked Questions