MEXICO Law and Practice Contributed by: Bernardo Martínez-Negrete, Lisandro Herrera Aguilar and Martha Contreras Secchi, Galicia Abogados, SC
Cybersecurity and Data Protection While there have been several drafts of bills attempting to regulate cybersecurity, particu- larly with regard to digital health, none have yet been formalised into actual law. However, data protection for health information is governed by Mexico’s data protection laws, which are strin- gent regarding the handling of sensitive personal data, including health data. The lack of specific cybersecurity regulations means there is still a degree of uncertainty as to how digital health services should protect against cyber threats. Artificial Intelligence and Machine Learning There are ongoing discussions in the Mexican Congress about regulating AI and machine learn- ing. In May 2023, the draft Law for the Ethical Regulation of Artificial Intelligence and Robotics was introduced, and a draft amendment to the General Health Law was proposed in July 2023 to address AI data protection within healthcare. However, due to the complexity and evolving nature of AI technologies, lawmakers have been cautious in their approach, resulting in a lack of comprehensive regulation in this area. Environmental, Social and Governance (ESG) Matters There is currently no specific regulation in Mex- ico addressing ESG matters directly in the con- text of digital healthcare. However, broader ESG principles may be indirectly applicable to the health sector, particularly when it comes to the ethical considerations surrounding digital health technologies. Telehealth Mexico does not have a specific regulatory framework for telehealth. Instead, telemedi- cine and other forms of remote healthcare are governed by the general healthcare regulations applicable to medical services. This means that
Other technical guidelines, such as those issued by CENETEC, provide non-binding but influential recommendations for areas like telemedicine, system interoperability and data privacy. While not mandatory, these guidelines help healthcare providers align their practices with recognised norms. 2.5 Issue-Specific Legal Framework In Mexico, several aspects of digital healthcare are addressed through a variety of regulations, though some areas still lack comprehensive or specific legal frameworks. Here is how the dif- ferent aspects are regulated. Software as a Medical Device (SaMD) The regulation of SaMD in Mexico is provided by the Mexican Official Standard NOM-241- SSA1-2021, which outlines good manufacturing practices for medical devices. This regulation, effective as of 21 June 2023, defines software as a medical device if it meets specific crite- ria, such as being used for medical purposes, not requiring integration with physical medical device hardware, and being capable of running on general computing platforms. However, soft- ware that runs solely on specific medical devices is exempt from this classification and does not need to be registered for marketing in Mexico. Selfcare, Wellness and Fitness IT Products, such as IoT and Wearables Wellness and fitness products, including wear- ables and IoT devices, are primarily regulated through data protection laws. These products often collect sensitive health-related data, which is considered highly sensitive personal data. As per Mexican data protection laws, the owner of the data must provide explicit written consent before any processing of this sensitive data can occur. This ensures the privacy and protection of users’ health-related information.
81
CHAMBERS.COM
Powered by FlippingBook