MEXICO Law and Practice Contributed by: Bernardo Martínez-Negrete, Lisandro Herrera Aguilar and Martha Contreras Secchi, Galicia Abogados, SC
is necessary to protect consumers’ rights, espe- cially as digital health technologies often reach users directly through commercial channels. The Ministry of Anti-Corruption and Good Government The National Institute for Transparency, Access to Information and Protection of Personal Data ( Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Person- ales , or INAI) used to be responsible for ensuring compliance with data protection laws in Mexico. Due to a constitutional reform in terms of organi- sational simplification, which became effective on 21 December 2024, INAI was closed down on 20 March 2025. As of that date, a transition period began, during which INAI’s functions will be transferred to the decentralised administra- tive body of the Ministry of Anticorruption and Good Government known as “Transparency for the People”, including the oversight of the processing of sensitive personal data – such as health records collected via apps, wearables or telemedicine platforms – in order to ensure that individuals’ health data is handled responsibly and lawfully. 3.3 Enforcement In Mexico, the enforcement of laws and regu- lations related to digital healthcare is primarily carried out by Cofepris. Enforcement typically begins with a verification visit to a healthcare- related establishment. Following this inspection, Cofepris issues an official report outlining any irregularities or non-compliance identified dur- ing the visit. The establishment is then required to respond – either by implementing corrective actions or by presenting arguments to refute the findings. Based on this exchange, Cofepris will issue a final resolution, which may include sanctions
such as fines, product recalls, or even suspen- sion of operations. Notably, Cofepris also has the authority to apply sanitary measures – including preventative closures or product seizures – at any point during the administrative process. These measures are enforceable immediately to protect public health. While the enforcement of digital health regula- tions is active, not all areas are equally moni- tored. Aspects such as SaMD or unauthorised medical claims in advertising tend to receive more scrutiny. However, due to the evolving nature of digital health and the current gaps in comprehensive regulation, enforcement is not yet uniformly rigorous across all digital health sectors. That said, any enforcement action by Cofepris can be legally challenged before a fed- eral court, ensuring due process for affected parties. 3.4 Sufficiency of Oversight The current regulatory framework in Mexico is not sufficient to address the risks posed by the use of digital technologies in healthcare. While Cofepris already has the authority and legal powers necessary to regulate and enforce matters related to digital health, the main issue is that many of these technologies are not yet comprehensively regulated. Rather than expanding regulatory powers, the priority should be to develop and implement clear, specific regulations that address digital health risks, such as data security, the use of AI, and the reliability of digital medical tools. There are ongoing legislative efforts and pro- posed reforms aimed at better regulating this space, indicating that there is momentum towards establishing a more robust legal frame- work. These initiatives suggest that lawmakers
83
CHAMBERS.COM
Powered by FlippingBook