Case Management User Roles & Permissions
This document defines roles, permissions, and access-control rules for the Case Management (case-management) module, covering utilization management (UM), discharge planning, care coordination, readmission risk, and payer authorization tracking in UAE hospitals. It is designed for implementation of RBAC and context-based access in alignment with UAE regulations (Federal Law No. 2/2019, UAE PDPL, DOH/DHA policies).
Role Definitions
Case Manager / UM Nurse
- Description: Clinically trained nurse or allied health professional responsible for utilization management, admission and continued-stay reviews, discharge planning initiation, and payer communication.
- Typical UAE Job Titles:
- Case Manager
- Utilization Review Nurse
- UM Specialist
- Scope of Access:
- Patients: All inpatients and selected high-risk outpatients within assigned facility and departments/service lines; may see cross-department cases when explicitly assigned.
- Data:
- Full access (view/create/update) to:
case_reviews,utilization_reviews,um_criteria_evaluationsdischarge_plans,discharge_plan_taskscare_coordination_notes,continued_stay_authorizationsreadmission_risk_assessmentsfor assigned patients- Read-only access to:
- Core clinical summary (problems, diagnoses, labs, vitals, imaging reports, progress notes)
- Insurance and authorization data from Patient Access and Policy & Contract modules
- No access to: detailed mental health notes flagged as “restricted” unless explicitly granted.
- Reporting Hierarchy:
- Reports to Case Management Director or UM Supervisor.
- Clinically collaborates with Physician Advisor and attending physicians.
Discharge Planner
- Description: Professional focused on discharge planning, post-acute placement, and coordination of services required at and after discharge.
- Typical UAE Job Titles:
- Discharge Planner
- Transition of Care Coordinator
- Bed Management & Discharge Coordinator (where combined)
- Scope of Access:
- Patients: Inpatients and day-surgery patients approaching discharge within assigned facility/wards.
- Data:
- Full access to:
discharge_plans,discharge_plan_tasks- Read-only access to:
case_reviewsheader,utilization_reviewsoutcome summarycare_coordination_notesrelevant to discharge- Appointment schedules, bed status, discharge disposition codes
- Can document patient/family education and discharge readiness.
- Reporting Hierarchy:
- Reports to Case Management Director or Nursing Director (depending on facility structure).
- Works closely with ward nurse managers and social workers.
Social Worker
- Description: Licensed social worker addressing psychosocial, financial, and community resource needs impacting discharge and ongoing care.
- Typical UAE Job Titles:
- Medical Social Worker
- Clinical Social Worker
- Scope of Access:
- Patients: Patients referred for social assessment or flagged with social/financial barriers; typically within assigned facility.
- Data:
- Create/update:
- Social components of
discharge_plans - Social-work–specific
care_coordination_notes - View:
case_reviewssummary,utilization_reviewsdecision (not detailed criteria)- Readmission risk scores and risk factors
- May view limited financial information (insurance coverage, eligibility status) as needed for assistance referrals.
- Sensitive notes (e.g., domestic violence, mental health) can be marked as “restricted” with sealed-envelope access.
- Reporting Hierarchy:
- Reports to Social Work Supervisor or Case Management Director.
- Functionally aligned with Nursing and Medical teams on the ward.
Care Coordinator
- Description: Staff member (often nurse or allied health) managing longitudinal care coordination, especially for high-risk or chronic disease patients, including post-discharge follow-up.
- Typical UAE Job Titles:
- Care Coordinator
- Chronic Disease Coordinator
- Population Health Nurse
- Scope of Access:
- Patients: Patients enrolled in care coordination programs or flagged as high readmission risk, across inpatient and outpatient encounters.
- Data:
- Create/update:
care_coordination_notes- Follow-up components of
discharge_plans readmission_risk_assessmentsinterventions and follow-up status- View:
case_reviewsheader,discharge_plans,continued_stay_authorizationsstatus (read-only)- Upcoming appointments, adherence indicators, risk flags
- Reporting Hierarchy:
- Reports to Case Management Director or Population Health / Chronic Disease Program Manager.
- Collaborates with primary care physicians and specialty clinics.
Physician Advisor
- Description: Licensed physician providing peer review, UM oversight, and support for level-of-care decisions and payer appeals.
- Typical UAE Job Titles:
- Physician Advisor
- Medical Director – Utilization Management
- Consultant Physician – Case Management
- Scope of Access:
- Patients: Any patient undergoing UM review or appeal within the facility; may have broader cross-facility access in multi-hospital groups.
- Data:
- Full read access to:
- All UM-related data (
case_reviews,utilization_reviews,um_criteria_evaluations,continued_stay_authorizations) - Relevant clinical documentation for peer review
- Can:
- Override UM decisions with documented justification
- Approve level-of-care changes
- Approve/author co-signed payer communications and appeals
- Cannot modify discharge tasks directly (except via recommendations).
- Reporting Hierarchy:
- Reports to Medical Director or Chief Medical Officer.
- Functionally supports Case Management Director.
Case Management Director
- Description: Senior leader responsible for overall case management operations, staffing, policies, UM criteria configuration, and performance monitoring.
- Typical UAE Job Titles:
- Case Management Director
- Head of Case Management / UM
- Director – Care Coordination & Discharge Planning
- Scope of Access:
- Patients: All patients across the organization for oversight, quality, and audit purposes (subject to PDPL minimum-necessary and sealed-envelope rules).
- Data:
- All module data (view) plus:
- Manage
case_management_assignments - Configure UM criteria, payer review schedules, case assignment rules (master data)
- Access analytics dashboards (
Case Management Analyticsscreen) - May have restricted write access to operational settings only (not routine clinical notes).
- Reporting Hierarchy:
- Reports to Chief Medical Officer, Chief Nursing Officer, or Chief Operating Officer depending on governance.
- Supervises Case Managers, Discharge Planners, Care Coordinators; dotted-line oversight of Social Workers (where applicable).
System / HIS Administrator (Cross-Module Role – Reference Only)
- Description: Technical administrator managing user accounts, role assignments, and system configuration. Not a clinical role.
- Scope of Access:
- Can assign roles and manage permissions but does not have default access to clinical content; any clinical access must be separately justified and audited.
- Reporting Hierarchy:
- Reports to IT Director or CIO.
Permission Matrix
Legend:
- ✅ = Allowed by default
- ❌ = Not allowed
- 🔒 = Conditional (context-based, configuration, or additional approval required)
Roles:
- CM = Case Manager / UM Nurse
- DP = Discharge Planner
- SW = Social Worker
- CC = Care Coordinator
- PA = Physician Advisor
- CMD = Case Management Director
- SYS = System / HIS Administrator (technical)
| Permission / Function | CM | DP | SW | CC | PA | CMD | SYS |
|---|---|---|---|---|---|---|---|
| Patient & Case Access | |||||||
| View case management worklist (SCR-CSM-001) | ✅ | ✅ | 🔒 | ✅ | ✅ | ✅ | 🔒 |
| Open case record for assigned patient | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | 🔒 |
| Open case record for non-assigned patient within same facility | 🔒 | 🔒 | 🔒 | 🔒 | ✅ | ✅ | 🔒 |
| View basic patient demographics and encounter details | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | 🔒 |
| View detailed clinical summary (problems, labs, imaging, notes) | ✅ | 🔒 | 🔒 | ✅ | ✅ | ✅ | 🔒 |
| View restricted/sealed clinical data (e.g., mental health, HIV) | 🔒 | ❌ | 🔒 | 🔒 | 🔒 | 🔒 | 🔒 |
| Case Review & UM | |||||||
Create new case review record (case_reviews) |
✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ |
| Edit case review header (status, priority, expected discharge) | ✅ | 🔒 | ❌ | 🔒 | ✅ | ✅ | ❌ |
| Close case review | ✅ | ❌ | ❌ | 🔒 | ✅ | ✅ | ❌ |
Create utilization review (utilization_reviews) |
✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ❌ |
| Edit utilization review details | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ❌ |
Record UM criteria evaluation checklist (um_criteria_evaluations) |
✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ❌ |
| Mark UM criteria as met/not met | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ❌ |
| Set or update level of care recommendation | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ❌ |
| Override UM decision (peer review outcome) | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ | ❌ |
| Discharge Planning | |||||||
Create discharge plan (discharge_plans) |
✅ | ✅ | ✅ | ✅ | 🔒 | ✅ | ❌ |
| Edit discharge plan (barriers, services, education, disposition) | ✅ | ✅ | ✅ | ✅ | 🔒 | ✅ | ❌ |
| Change planned disposition code | ✅ | ✅ | 🔒 | 🔒 | 🔒 | ✅ | ❌ |
| Record patient/family agreement to discharge plan | ✅ | ✅ | ✅ | ✅ | 🔒 | ✅ | ❌ |
Create discharge plan task (discharge_plan_tasks) |
✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❌ |
| Assign discharge tasks to specific users/roles | ✅ | ✅ | 🔒 | ✅ | ❌ | ✅ | ❌ |
| Update task status (in progress / completed) | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❌ |
| Mark all discharge tasks complete | ✅ | ✅ | 🔒 | 🔒 | ❌ | ✅ | ❌ |
| Care Coordination & Notes | |||||||
Create care coordination note (care_coordination_notes) |
✅ | 🔒 | ✅ | ✅ | ✅ | ✅ | ❌ |
| Edit own care coordination notes | ✅ | 🔒 | ✅ | ✅ | ✅ | ✅ | ❌ |
| View all care coordination notes for a case | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | 🔒 |
| Mark note as restricted/psychosocial-confidential | 🔒 | ❌ | ✅ | 🔒 | 🔒 | ✅ | ❌ |
| Readmission Risk & Analytics | |||||||
View readmission risk score (readmission_risk_assessments) |
✅ | ✅ | ✅ | ✅ | ✅ | ✅ | 🔒 |
| Create/edit readmission risk assessment | ✅ | 🔒 | 🔒 | ✅ | 🔒 | ✅ | ❌ |
| Document interventions planned for high-risk patients | ✅ | 🔒 | ✅ | ✅ | 🔒 | ✅ | ❌ |
| Access Readmission Risk Dashboard (SCR-CSM-006) | ✅ | 🔒 | 🔒 | ✅ | ✅ | ✅ | 🔒 |
| Access Case Management Analytics (SCR-CSM-007) | 🔒 | ❌ | ❌ | 🔒 | 🔒 | ✅ | 🔒 |
| Export aggregated analytics data (de-identified) | ❌ | ❌ | ❌ | ❌ | 🔒 | ✅ | 🔒 |
| Payer Communication & Authorizations | |||||||
| View payer and plan details for case | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | 🔒 |
Create continued-stay authorization record (continued_stay_authorizations) |
✅ | ❌ | ❌ | ❌ | 🔒 | ✅ | ❌ |
| Update authorization status (approved/denied/pending) | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ❌ |
| Record denial reason and appeal status | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ❌ |
| Document payer communication log entries | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ❌ |
| Submit UM review summary to payer (via integrated channels) | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ❌ |
| Assignments & Configuration | |||||||
View case manager assignment rules (case_management_assignments) |
✅ | ✅ | 🔒 | 🔒 | ✅ | ✅ | 🔒 |
| Edit case manager assignment rules | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | 🔒 |
| Adjust max caseload for a case manager | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | 🔒 |
| Configure UM clinical criteria master data | ❌ | ❌ | ❌ | ❌ | 🔒 | ✅ | 🔒 |
| Configure payer review schedules and rules | ❌ | ❌ | ❌ | ❌ | 🔒 | ✅ | 🔒 |
| Security, Audit & BTG | |||||||
| View case management audit log for a patient | ✅ | 🔒 | 🔒 | 🔒 | ✅ | ✅ | ✅ |
| Run audit reports across multiple patients | 🔒 | ❌ | ❌ | ❌ | 🔒 | ✅ | ✅ |
| Initiate break-the-glass (BTG) access to a restricted case | 🔒 | 🔒 | 🔒 | 🔒 | 🔒 | 🔒 | 🔒 |
| Approve BTG justification post-event | ❌ | ❌ | ❌ | ❌ | 🔒 | ✅ | 🔒 |
| Manage role-to-permission mappings for this module | ❌ | ❌ | ❌ | ❌ | ❌ | 🔒 | ✅ |
**Notes on 🔒 (Conditional) examples**:
- Viewing non-assigned cases may require:
- Same facility + same department + active on-call status, or
- Explicit delegation/coverage assignment.
- Restricted/psychosocial notes:
- Only Social Workers and CMD (for oversight) can mark/unseal; PA may access for specific peer-review cases with justification.
- Analytics exports:
- Only CMD can export, and only de-identified/aggregated data, per PDPL and facility policy.
- BTG:
- Available to clinical roles (CM, DP, SW, CC, PA) under emergency conditions; CMD and Compliance review afterwards.
---
## Role Hierarchy
```mermaid
graph TD
CEO[Chief Executive Officer] --> CMO[Chief Medical Officer]
CEO --> CNO[Chief Nursing Officer]
CEO --> COO[Chief Operating Officer]
CMO --> MDUM[Medical Director / Physician Advisor Lead]
CNO --> NDir[Nursing Director]
COO --> CMD[Case Management Director]
CMD --> CM[Case Managers / UM Nurses]
CMD --> DP[Discharge Planners]
CMD --> CC[Care Coordinators]
CMD --> SW[Social Workers]
MDUM --> PA[Physician Advisors]
ITD[IT Director] --> SYS[System / HIS Administrators]
%% Permission inheritance (conceptual)
CMD -.inherits.-> CM
CMD -.inherits.-> DP
CMD -.inherits.-> CC
CMD -.inherits.-> SW
MDUM -.inherits.-> PA
Inheritance principles:
- Case Management Director:
- Inherits all non-clinical case-management permissions of CM, DP, CC, SW (view + limited edit for oversight), plus configuration and analytics.
- Physician Advisor Lead / Medical Director UM:
- Inherits all PA permissions and may have cross-facility oversight.
- System Administrator:
- Does not inherit clinical permissions; only configuration and user-management capabilities.
Context-Based Access Rules
Context-based rules must be enforced in addition to the static RBAC matrix, in line with UAE PDPL’s data minimisation and purpose limitation, and Federal Law No. 2/2019 requirements for health data confidentiality.
1. Facility-Based Restrictions (Multi-Facility)
- Users are associated with one or more
facilitiesanddepartments(fromehr-patient-mgmt). - Default rule: Case Management users can only:
- See cases where
encounters.facility_idis in their assigned facility list. - Cross-facility access:
- 🔒 Allowed for CMD and designated PA roles for corporate-level oversight, subject to:
- Documented organizational role
- Enhanced audit logging and periodic review.
2. Department / Service-Line Restrictions
case_management_assignmentsdefines mapping between:case_manager_id,department_id,service_line, andmax_caseload.- Access rule:
- CM/DP/CC/SW can only open or edit cases where:
- The encounter’s department/service line matches an active assignment, or
- They are explicitly assigned as case manager/coordinator on the case.
- Transfers:
- When a patient transfers departments, the system:
- Re-evaluates assignment rules.
- May reassign case manager automatically.
- Restricts prior department staff to read-only access unless BTG is used.
3. Patient Relationship Requirements
- Treating relationship is required for detailed access:
- CM/DP/CC/SW must be:
- Assigned to the case, or
- On-duty in the patient’s ward/department with case-management responsibility.
- Viewing non-assigned cases:
- 🔒 Allowed only when:
- User is covering for an absent colleague (temporary delegation), or
- User is responding to an escalation (e.g., urgent discharge barrier).
- System must record the reason (selected from a list) and log it.
4. Time-Based Access (Shift-Based)
- Each user has defined working hours/shift schedules (from HR or scheduling system).
- Rules:
- Outside active shift:
- Access to new cases is blocked; user can only complete documentation for cases they were already working on (configurable window, e.g., 2 hours).
- On-call:
- On-call flags allow extended access to assigned wards during on-call periods.
- High-risk operations (e.g., closing a case, changing disposition) may be restricted outside normal hours or require dual sign-off (see Segregation of Duties).
5. Emergency / On-Call Overrides
- In emergencies (e.g., rapid discharge needed, patient deterioration requiring immediate level-of-care change), users may need broader access:
- System provides “Emergency Access” (BTG) button on patient search and case screens.
- When invoked:
- Temporarily relaxes facility/department/assignment restrictions for that patient.
- Does not grant new functional permissions (e.g., SW cannot suddenly configure UM criteria), only broader patient scope.
- Emergency access is time-limited (e.g., 30–60 minutes) and heavily audited.
Break-the-Glass (BTG) Procedures
BTG is required to access case-management data for a patient outside the user’s normal scope (facility/department/assignment) or to view restricted/psychosocial notes.
1. When BTG Is Required
- Accessing a case where:
- User is not assigned and not in the same department/service line, and
- No explicit delegation or on-call coverage exists.
- Viewing:
- Restricted social work notes.
- Sealed mental-health–related discharge barriers.
- Cross-facility oversight:
- CMD or PA accessing cases in facilities they do not routinely cover.
2. BTG Workflow
- Trigger: - User attempts to open a restricted case or restricted note.
- Warning Dialog:
- System displays:
- “You are attempting emergency access (Break-the-Glass). This access is fully audited and subject to review under UAE PDPL and Federal Law No. 2/2019. Proceed only if necessary for patient safety or urgent care coordination.”
- Justification Entry:
- User must select a reason:
- “Emergency discharge coordination”
- “Urgent level-of-care decision”
- “Patient deterioration – immediate UM review”
- “Cross-facility escalation”
- “Other (free text)”
- Authentication Step: - Re-prompt for password or second factor (per ADHICS/NESA guidance).
- Temporary Access Granted:
- Scope:
- Patient’s case-management data (and, if needed, clinical summary) for a limited time (e.g., 30 minutes).
- BTG banner displayed on all relevant screens.
- Audit Logging:
- System records:
- User ID, role, facility
- Patient ID, encounter ID
- Timestamp (start and end of BTG session)
- Reason code and free-text justification
- IP address / device ID
- Actions performed (viewed notes, modified plan, etc.)
- Notification:
- Automatic notification sent to:
- Case Management Director
- Data Protection Officer / Compliance (if designated)
- For cross-facility BTG, also notify facility leadership.
3. Post-Access Review Process
- Daily/Weekly Review:
- CMD or delegated compliance officer reviews BTG events:
- Validity of justification
- Appropriateness of actions taken
- Outcomes:
- Valid BTG:
- Documented in patient record (e.g., “Emergency access used by CM for urgent discharge coordination on [date/time]”).
- Questionable BTG:
- User counselled; additional training assigned.
- Misuse:
- Escalation to HR and Data Protection Officer.
- Possible suspension of access or disciplinary action.
4. UAE PDPL Implications
- BTG is a high-risk processing activity:
- Must be covered in the facility’s Data Protection Impact Assessment (DPIA).
- Requires strong technical and organizational controls.
- PDPL principles applied:
- Data minimisation: BTG grants access only to the minimum data needed (case-management and essential clinical summary).
- Purpose limitation: BTG justification must be tied to patient care or safety; not allowed for curiosity or non-care purposes.
- Accountability: Detailed audit logs retained per retention policy; available for regulator inspection if required.
Segregation of Duties
To reduce fraud, errors, and conflicts of interest, certain role combinations and actions must be segregated.
1. Conflicting Role Combinations
The following combinations must not be assigned to the same user account:
| Combination | Risk | Rule |
|---|---|---|
| Case Manager / UM Nurse (CM) + Billing & Claims Adjuster | Potential to influence UM decisions and directly adjust claim outcomes | Prohibited; must be separate users |
| Case Manager / UM Nurse (CM) + Policy & Contract Manager | Risk of manipulating UM criteria to favour specific payers | Prohibited; configuration of payer rules limited to CMD and Policy module roles |
| Case Management Director (CMD) + Front-line Case Manager (full caseload) | Oversight vs operational conflict; risk of self-approving BTG and escalations | CMD may have limited operational access but should not hold full CM caseload |
| Physician Advisor (PA) + Attending Physician for same patient | Risk of self-reviewing UM decisions | If unavoidable in small facilities, system must flag and require second-level review by CMD |
| Social Worker (SW) + HR/Employee Health roles | Access to both staff health and HR data may create privacy conflicts | Prohibited; separate accounts if both functions are required |
The HIS should enforce these constraints at role-assignment time (via users and roles tables in ehr-patient-mgmt).
2. Dual Sign-Off Requirements
Certain high-impact actions require two distinct users with appropriate roles:
| Action | Primary Role | Second Approver | System Enforcement |
|---|---|---|---|
| Overriding UM decision against payer criteria (e.g., approving inpatient stay when criteria not met) | Physician Advisor | Case Management Director or Medical Director | System requires electronic co-signature before finalizing |
| Changing level of care from inpatient to observation or vice versa when payer authorization is borderline | Case Manager / UM Nurse | Physician Advisor | Level-of-care change flagged; cannot be completed until PA co-signs |
| Closing high-risk case (e.g., high readmission risk, complex discharge) without all tasks completed | Case Manager / Discharge Planner | Case Management Director or delegated senior CM | System prompts for second sign-off or documented exception |
| Editing UM criteria master data or payer review schedules | Case Management Director | Policy & Contract Management Approver (from policy-contract-mgmt module) |
Workflow requires dual approval; changes logged with versioning |
| Approving BTG events flagged as questionable by automated rules (e.g., frequent BTG by same user) | Case Management Director | Data Protection Officer / Compliance | BTG review workflow with dual acknowledgement |
Dual sign-off must be implemented as:
- Separate user IDs (no self-approval).
- Time-stamped co-signature entries linked to the action.
- Included in audit logs for PDPL accountability.
UAE Regulatory Compliance
This module’s roles and permissions must be implemented in alignment with UAE healthcare and data protection regulations:
-
Federal Law No. 2 of 2019 (Use of ICT in Health Fields)
- Requires confidentiality and secure handling of health data. - HIS must:- Limit access to authorized healthcare professionals and supporting staff.
- Maintain comprehensive audit trails for all access and changes to case-management data.
- Support integration with emirate HIEs (Malaffi, NABIDH) without exposing unnecessary case-management details.
-
UAE PDPL (Federal Decree-Law No. 45/2021)
- Health data is sensitive personal data; processing must follow:- Lawful basis: Treatment and health system management exemption for UM, discharge planning, and care coordination.
- Data minimisation: Role- and context-based access as defined above.
- Purpose limitation: Case-management data used only for care coordination, UM, and quality—not for marketing or unrelated purposes.
- Data subject rights: System must support:
- Viewing case-management notes in patient portal where policy allows (e.g., discharge plan summary via INT-CSM-006).
- Logging corrections or addenda rather than deleting clinical content.
-
DOH (Abu Dhabi) – ADHICS & Malaffi
- ADHICS requires:- Strong access control, MFA for remote access, and BTG auditing.
- Segregation of duties and least-privilege principles.
- Malaffi integration:
- Only necessary case-management summaries (e.g., discharge disposition, readmission risk) should be shared, not internal payer negotiation details.
-
DHA (Dubai) – NABIDH & eClaimLink
- NABIDH:- Similar principles to Malaffi; sharing of discharge summaries and key care coordination data.
- eClaimLink / DOH eClaims:
- UM decisions and authorization numbers must be consistent with claims data.
- Only authorized roles (CM, PA, CMD) can submit or update UM-related information that affects claims.
-
TDRA / NESA Cybersecurity
- Access control and BTG implementation must align with:- Strong authentication.
- Role-based and context-based authorization.
- Detailed logging and monitoring of privileged operations.
By implementing the roles, permissions, context rules, BTG procedures, and segregation of duties described in this document, the Case Management module will support safe, compliant, and efficient utilization management and care coordination across UAE healthcare facilities.