Digital health apps and telemedicine in Oman

Oman’s Ministry of Health (MOH) is in charge of classifying and regulating mobile apps under their medical device rules. Similar to other medical devices, digital health apps are subject to regulations to guarantee their efficacy and safety for general public use, particularly when they are used for medical reasons (e.g., disease management, diagnosis, or treatment).  Some digital health apps may also be considered as a “product”.

Digital health apps are software that, depending on their intended purpose, may be categorized as medical devices in Oman under specific conditions.  Medical devices are regulated by the Directorate General for Pharmaceutical Affairs and Drug Control, under the Ministry of Health.  Digital health apps are first assessed by MOH to see whether they can be categorized as  medical devices, and then to ensure their compliance with the relevant safety standards.

If digital health apps are categorized as medical devices or are deemed to have an impact on user’s health and well-being, they may be deemed products to which civil liability may apply in Oman.  App developers, whose apps have caused damage or harm to users, may be subject to civil liability, particularly if the app developer has been negligent or there is a failure to comply with safety and regulatory requirements. 

The Omani Civil Code and Consumer Protection Law are the regulations that govern liability concerning products that cause damage or injury.  The Omani Civil Code addresses issues such as negligence, breach of contract and product defects.  Articles of the Omani Civil Code related to product liability will apply if the digital health app has a defect and this defect causes harm to its users.  Consumer law would be applicable to guarantee the safety and efficacy of the digital health app if it is regarded as a product marketed to consumers.

In Oman, as mentioned above, it is possible for a digital health app to be classified as a product to which civil liability can apply. However, there may be limitations and exceptions to this civil liability based on the particular situation, including force majeure, professional liability, disclaimers of liability, user fault, and data security breaches. The type of harm, the marketing strategy used, and whether the software satisfies all applicable safety and legal requirements will also be relevant in determining the outcome of such a case.

To lawfully offer and distribute digital health services in Oman, digital health software must adhere to Ministerial decision 109/2020 (Conditions and Procedures for Licensing Telemedicine Services) and Decision No. 78/2019 Health Insurance Rules, which regulate health insurance and telemedicine. The Conditions and Procedures for Licensing Telemedicine Services describes the requirements for service providers to operate telemedicine services, including service provider licensing requirements and guidelines for telemedicine procedures that guarantee accuracy, confidentiality and quality.

The Health Insurance Rules establish minimum coverage standards, premium pricing guidelines, claims and reimbursement procedures. Pursuant to the Personal Data Protection Law (Royal Decree 6/2022), Oman’s Transport, Communications and Information Technology Ministry has issued the Executive Regulations under Ministerial Decision 34/2024 (Executive Regulations) that regulate certain aspects of digital health software, especially the collection and processing of personal health data, its usage, and data breaches. Ministerial Decision 6/2025 extended the grace period for compliance with the Executive Regulations by one year, to 5 February 2026.

Along with the aforementioned laws and regulations, other regulations include Telemedicine and Telehealth Regulations, Cybercrime Law (Royal Decree 12/2011), Health Insurance Regulations issued by Capital Market Authority and Telecommunications Regulatory Authority. These regulations govern various aspects of the services provided by the digital health software.  Together, these legal frameworks provide a thorough regulatory environment that guarantees user privacy, safety, and adherence to national laws for digital health apps operating in Oman.

As mentioned above, there are various legal regimes that regulate digital health software in Oman and the application of these regimes depends on:

1. if the users are resident and using it in Oman, the app must comply with Omani laws. If users are Omani residents but using the app outside Oman, the app will be subject to the local laws of that jurisdiction, such as data protection laws (e.g., GDPR in the EU), telemedicine regulations, and/or consumer protection laws; and
2. it matters in Oman whether digital health software is sold to businesses or to consumers. While B2B models rely more on contractual agreements and industry-specific compliance, B2C models are subject to more stringent regulatory, data privacy, and consumer protection rules (including the Omani Ministry of Health rules, which include telemedicine laws, licensing requirements, and patient data protection). Understanding these differences facilitates the efficient organization of partnerships, operations, and compliance initiatives. 

In addition to the broad regulations governing digital health apps, some features, such as location tracking and real-time information monitoring, may involve further consent requirements, regulatory approval, or other restrictions in Oman. 

The security of personal information, particularly health information, is of critical importance in Oman under the Personal Data Protection Law and its Executive Regulations (together “PDPL”).  PDPL applies to digital health apps that gather personal information like location or data from real-time health monitoring.  Under PDPL, explicit user consent is required, particularly for location and health-related sensitive data.  Apps are only allowed to gather the information necessary to deliver the service.  Excessive data collection could be considered inconsistent with PDPL.  If the app has medicinal features, then Oman’s Ministry of Health may need to approve it as a medical device.  Furthermore, compliance with telemedicine regulations would be required if the app allows remote healthcare services.

Liability in the context of physicians using digital health apps for telemedicine or in-person consultations in Oman, as in many other jurisdictions, depends on several factors.  These factors include the type of app, the doctor-developer relationship, and the particulars of the software error or fault. While physicians are principally responsible for the care they provide to their patients, there are situations where liability can be limited or transferred.

A product liability claim could be brought against the app developer for functional or design flaws, which may transfer liability from the physician to the app’s developer.  However, contractual clauses might limit the developer’s liability. Consumer protection laws and product warranties may provide further justification for app developers to be held accountable for software defects.

Physicians should seek legal advice to ensure certain safeguards are in place in their contracts with such digital health app developers to address liability issues. 

The laws and regulations relating to data privacy, healthcare, telemedicine, medical devices, and consumer protection in Oman all have enforcement mechanisms to encourage adherence to the rules governing digital health apps.  Depending on the type and seriousness of the offense, the legal repercussions for breaking these rules range from administrative fines to civil liability to criminal penalties.

The Ministry of Health (MOH), the Personal Data Protection Authority (PDPA), and the Telecommunications Regulatory Authority are among the regulatory bodies that oversee adherence to Oman's laws governing digital health apps.  MOH enforces telemedicine regulations that call for appropriate licensing, training, and quality control if the app is used for telemedicine services.  To ensure that digital health apps adhere to Oman's healthcare standards, such as data protection and medical safety, the MOH may conduct audits, investigations, or inspections. In relation to data protection, the PDPA is responsible for investigating possible offenses and taking action following a data breach.

Legal implications for non-compliance may include criminal penalties, civil liabilities, administrative fines, business license suspension or revocation, and/or harm to one’s reputation. App developers, healthcare providers, and other stakeholders in the digital health area may be subject to administrative fines and penalties from regulatory bodies such as the MOH, TRA, and Consumer Protection Authority. Criminal charges may be brought against the developer if the software does not have the necessary MOH medical device approval or if it is falsely advertised as a medical device.

Oman is demonstrating a strong commitment to incorporating digital solutions into its healthcare system through a number of initiatives that demonstrate the country’s active advancement of its digital health infrastructure. The country’s objectives of improving healthcare services and accomplishing digital transformation are in line with these initiatives.

The MOH has integrated telemedicine consultations into Oman's main healthcare information system, Al Shifa.  This integration makes it easier to systematically record telemedicine contacts, guaranteeing reliable and consistent treatment.  With the release of Health Vision 2050, Oman laid out a plan for the future growth of the healthcare industry.  This plan highlights how crucial digital health tools and technologies are to achieving the nation’s healthcare goals. 

Physicians in Oman are regulated by the MOH and the Oman Medical Specialty Board (OMSB). MOH is in charge of managing Oman’s entire healthcare system and ensuring that physicians and other medical professionals follow best practices.  MOH grants licenses and oversees the work of medical practitioners in the country.

In Oman, the OMSB regulates the certification and credentials of physicians and other specialists.  It establishes the requirements for medical education, examinations, and certification in several specializations.  Ensuring that physicians and other specialists possess the credentials and abilities required for their practice is an important role of the OMSB.

In Oman, there isn’t a single, comprehensive law solely focused on telemedicine.  Instead, this field is governed by several regulations and frameworks that ascertain the safe and effective use of technology in the country’s healthcare system. Regulations issued by the Ministry of Health (MOH), the Telecommunications Regulatory Authority, the Data Protection Laws and Oman Medical Speciality Board Guidelines are the primary  regulations governing various aspects of telemedicine services provided by physicians.

According to MOH’s regulations, the quality of care provided by telemedicine services must match that of in-person consultations.  Through telemedicine systems, physicians must ensure that patients receive accurate diagnoses and appropriate therapies.

In addition to national laws governing telemedicine, international guidelines and recommendations, such as those issued by the International Telecommunication Union and the World Health Organization, also influence telemedicine practices in Oman, particularly concerning best practices for remote healthcare delivery. 

Under specific circumstances and within a regulated framework intended to guarantee patient safety, ethical behaviour, and quality of care, physicians and other medical specialists in Oman are permitted to treat patients using telemedicine services.

• In Oman, the MOH requires that physicians who offer telemedicine services must hold the appropriate license.  This enables physicians, with the appropriate license which includes telemedicine, to provide medical care remotely.
• Furthermore, physicians in Oman are allowed to treat patients as long as they have obtained the patient’s informed consent and have confirmed the appropriateness of the patient’s medical condition for receiving remote care by using secure technology platforms.

Telemedicine does not fundamentally change the standards of care that apply to physicians, but it does require adjustments in how care is delivered.  The core principles of patient safety and medical ethics remain unchanged. The key difference lies in how physicians adapt their practices to the virtual environment while maintaining the same standard of care.

As part of the Ministry of Health (MOH) guidelines, physicians are required to follow specific rules and regulations when offering telemedicine services.  This includes providing certain notices and disclaimers as part of the consent process.  Legally, physicians must obtain the patient’s informed consent before a telemedicine consultation.  They must ensure that the patient understands the nature of the service, any potential limitations, and their rights.

In Oman, as in many other countries, using telemedicine for fitness certification for employment can increase liability risks.  This is particularly true if the consultation does not involve a comprehensive physical examination or fails to meet employer or regulatory standards. Physicians must be aware of the limitations of telemedicine and take necessary precautions to ensure they provide the required level of care.  To mitigate liability concerns, it may be advisable to recommend or require an in-person visit for certifications, such as a patient’s fitness to work.

Prescribing medications through telemedicine is governed by specific rules and regulations to ensure patient safety and effective treatment.  The following restrictions apply to the issuing of prescription through telemedicine:

• There are limitations on the types of medications that can be prescribed to new patients, particularly for severe or complex conditions.
• The ability to prescribe certain medications remotely may be restricted by the need for physical examinations and ongoing monitoring requirements.
• Electronic prescriptions are permitted but must comply with the Ministry of Health guidelines.
• In Oman, telemedicine consultations are not allowed to prescribe high-risk drugs or controlled substances. 

In Oman, telemedicine services are not automatically reimbursed under the state’s public health or medical insurance policies, unlike traditional in-person consultations.  However, a private health insurance plan is more likely to cover telemedicine services, depending on the specific terms of the policy.

Currently, Oman does not have specific legislation covering the reimbursement or payment of expenses associated with mobile applications that integrate telemedicine and digital health.  Traditional telemedicine services are more likely to receive reimbursement compared to smartphone apps for digital health solutions.

Not applicable. 

Oman has specific data protection laws that apply to telemedicine, particularly concerning the management of patient health information and confidentiality during consultations, which are outside the context of digital health apps.  The main sources of these regulations are Oman's Personal Data Protection Law (PDPL) and its Executive Regulations, along with guidelines from the Ministry of Health (MOH).

Under the Executive Regulations of the PDPL, both the affected parties and the authorities must be informed of any data breaches.  Transfers of data across borders are regulated and subject to certain security requirements.  MOH regulations stipulate that accurate and confidential health data must be maintained, with explicit regulations about data deletion and keeping.  It is an advisable for telemedicine platforms to undergo routine audits and monitoring to ensure compliance with PDPL.

In order to meet its Vision 2040 goals of modernizing healthcare and diversifying the economy, Oman is actively working to enhance its telemedicine infrastructure and regulatory framework. In partnership with the Information Technology Department, the Ministry of Health (MOH) has integrated telemedicine consultations into the Al Shifa System, which is the country’s primary healthcare information system.

As part of its Health Vision 2050, MOH has identified telemedicine as a critical component, indicating its commitment to developing and regulating these services further in the future.  To fulfil this commitment, the further development of comprehensive legal and regulatory frameworks is currently underway.