To print this article, all you need is to be registered or login on Mondaq.com.
1 Digital Health
1.1 What is the general definition of “digital
health” in your jurisdiction?
Mexican legislation has not specifically defined “digital
health”. However, the Federal Commission for the Protection
against Sanitary Risks (COFEPRIS) and other private and public
entities are already addressing the matter in various aspects (i.e.
regulation, guidelines, analysis, forums, etc.).
Nevertheless, a definition generally accepted in Mexico –
although in constant evolution – is that digital health is a
concept that incorporates Information and Communication
Technologies, into sanitary assistance products, services and
processes, as well as into organisations and institutions that may
improve the health of individuals.
1.2 What are the key emerging digital health
technologies in your jurisdiction?
Many areas of digital health technologies are rapidly developing
in Mexico, such as: portable and ingestible devices; mobile health
apps; artificial intelligence (AI); robot health carers; medicine
applied robots; 3D organ printing; blockchain; telemedicine;
machine learning; genome research; drones; augmented and virtual
reality; and electronic records and big data, among others. As
stated above, these technologies are in constant evolution.
In relation to the above, the most recent advances in digital
health in Mexico have been mainly applied to three diseases:
ischaemic heart disease; breast cancer; and diabetes. For example,
with advances in the genetic analysis of diabetes, Mexican doctors
and scientists may be able to predict which students within a
student population are likely to develop diabetes, and therefore
intercept with preventative measures that will save many costs in
the future.
1.3 What are the core legal issues in digital health for
your jurisdiction?
As a type of medical device aimed to be used by healthcare
practitioners and patients, digital health has safety, quality and
effectiveness implications. This is currently regulated by
COFEPRIS, which grants marketing authorisations to products that
are safe and effective.
Data protection is another important issue in the field of
digital health. IT often involves the collection and/or transfer of
data, and digital health could involve the collection and transfer
of sensitive data. As a matter of fact, digital health is becoming
more and more intrusive as it evolves, which is in itself a reason
why the proper handling of personal information, especially the
sensitive information, must be a core concern when dealing with new
devices for digital health, thus having to bear in mind the concept
of privacy by design. The mechanisms of data protection in Mexico
are discussed further below.
It is advisable that entities offering digital health are aware
of professional liability issues, and that they check whether their
professional liability insurance covers events that may go wrong
when providing digital health services, including providing
services that require a medical licence or administering medical
care.
1.4 What is the digital health market size for your
jurisdiction?
The field of digital health is still relatively new in Mexico
and its application in real life settings is still limited,
however, it is rapidly growing, and the COVID-19 pandemic has
certainly increased the rendering of remote health services,
especially in the private sector. Additionally, due to the country
size, Mexico is one of the most attractive markets in Latin
America.
1.5 What are the five largest (by revenue) digital
health companies in your jurisdiction?
The five largest digital health companies in Mexico are as
follows:
- Eva.
- Zenda.
- Yana.
- Terapify.
- Sofía.
- Fundación Carlos Slim.
Please see the following for more information on the most
prominent digital health companies in Mexico:
https://wortev.
capital/empresas-mexicanas-tecnologia-en-la-salud/.
2 Regulatory
2.1 What are the core healthcare regulatory schemes
related to digital health in your jurisdiction?
Although developing, the field of digital health is still
relatively new in Mexico and its application in real life settings
is still limited. There are no specific healthcare regulatory
schemes for digital health; the field is instead being covered by
schemes which regulate medicinal products and medical devices,
namely:
- the General Health Law (in Spanish, “Ley General de
Salud “); - the Health Law Regulations over Healthcare Products (in
Spanish, “Reglamento de Insumos para la Salud
“); - Official Mexican Standards (NOMs), particularly the
NOM-241-SSA1-2012 setting good manufacturing practices for medical
devices and NOM-137-SSA1-2008 for the Labelling of Medical
Devices; - the Mexican Pharmacopoeia; and
- COFEPRIS’ Rules listing healthcare products that do not
require a marketing authorisation due to low risks on human health
(published in December 2014).
COFEPRIS may already be addressing the need for regulations for
mobile medical applications, especially for those that present
health risks.
2.2 What other core regulatory schemes (e.g., data
privacy, anti-kickback, national security, etc.) apply to digital
health in your jurisdiction?
Since digital health implies health information management
across computerised systems and the secure exchange of information
between consumers, providers, payers and other suppliers and
vendors, it is necessary to keep in mind the compliance with data
protection laws in Mexico, as well as regulations dealing with
e-commerce and electronic payments.
2.3 What regulatory schemes apply to consumer healthcare
devices or software in particular?
Consumer devices require marketing authorisations from COFEPRIS
in order to be marketed in Mexico. Marketing authorisation
requirements, for medical devices in particular, depend on the
level of risk involved in their use, according to a threefold
classification system:
- Class I: products that are well known in medical practice and
for which safety and efficacy have been proven. They are not
usually introduced into a patient’s body. - Class II: products that are well known in medical practice but
may have material or strength modifications. If introduced, they
remain in a patient’s body for less than 30 days. - Class III: products either recently accepted in medical
practice or that remain in a patient’s body for more than 30
days.
The Mexican Pharmacopoeia provides manufacturers with specific
rules and examples as guidance to classify medical devices.
Furthermore, COFEPRIS published a list of medical devices in
2014, which specifies which devices do not require regulatory
approval in order to be marketed and sold in Mexico. Such products
are usually those that are low risk to a patient’s health.
In Mexico there is no specific regulation concerning the
sanitary approval of algorithms, apps, software, etc. that could be
used as healthcare tools. So far, in practice, COFEPRIS reviews
these products on a case-by-case basis. In general, these digital
products are not considered medical devices as in most cases they
do not have direct contact with the human body.
In addition, since consumer devices or technologies are also
collecting and transferring personal information to various
parties, it is also necessary that they comply with data protection
laws in Mexico, as well as with regulations dealing with e-commerce
and electronic payments.
2.4 What are the principal regulatory authorities
charged with enforcing the regulatory schemes? What is the scope of
their respective jurisdictions?
The Mexican authority responsible for enforcing the regulatory
framework is COFEPRIS. COFEPRIS analyses all medical devices, and
if applicable, software that enables them to work.
Additionally, the National Center of Health Technology
Excellence was created in order to develop guidelines to evaluate
health technologies and clinical practices and manage medical
equipment and telemedicine.
The National Institute of Transparency, Access to Information
and Personal Data Protection (INAI) is the Data Privacy Authority
(DPA) in Mexico. Its main purpose is the disclosure of governmental
activities, budgets and overall public information, as well as the
protection of personal data and the individuals’ right to
privacy. INAI has the authority to conduct investigations, review
and sanction data protection controllers and processors, and
authorise, oversee and revoke certifying entities
processors, and authorise, oversee and revoke certifying
entities. The Ministry of Economy is responsible for informing and
educating about the obligations for the protection of personal data
between national and international corporations with commercial
activities in the Mexican territory. Among other responsibilities,
it must issue the relevant guidelines for the content and scope of
the Privacy Notice in cooperation with the INAI.
The Federal Bureau for Consumer’s Protection (PROFECO)
monitors the compliance of the applicable provisions concerning
information and advertising which could also be applicable to
digital health. Additionally, PROFECO observes that
“information or advertising of goods, products or services
that are disseminated by any means or form must be truthful,
verifiable, clear and free of texts, dialogues, sounds, images,
trademarks, appellations of origin and other descriptions that lead
or may lead to misleading, confusing, deceptive or abusive
information”.
At the beginning of 2021 PROFECO launched two initiatives in
order to improve the self-regulation of e-commerce activities,
which have boomed in Mexico as a consequence of the COVID-19
pandemic. The first one is the creation of a Code of Ethics for the
regulation of e-commerce activities, and the second one if the
grant of a digital trust seal, for those suppliers of online
services who adhere to PROFECO’s code of ethics, or who create
a code of ethics that complies with PROFECO’s guidelines, thus
warranting a secure rendering of services for Mexican
consumers.
2.5 What are the key areas of enforcement when it comes
to digital health?
COFEPRIS can initiate ex officio legal proceedings to
sanction non-compliance. Ultimately, these legal proceedings can
result in the revocation of the marketing authorisation. COFEPRIS
is also entitled to implement measures on behalf of public health,
such as the seizure of products and ordering partial or total
suspension of activities, services or adverts. Under certain
conditions, COFEPRIS has statutory authority to revoke any
manufacturing approval or impose sanctions, ranging from a fine of
up to 16,000 times the minimum wage to closure of the
establishment.
The imposition of administrative sanctions does not exclude
civil and criminal liability. Administrative infringements can
incur penalties ranging from a fine of up to 20,000 UMAS (Unit of
Measure for Sanctions) to final closure of the establishment.
Repeated infringement is also considered to be a criminal
offence.
To read the full article click
here
Originally Published by ICLG
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
