MEXICO Law and Practice Contributed by: Bernardo Martínez-Negrete, Lisandro Herrera Aguilar and Martha Contreras Secchi, Galicia Abogados, SC
4.3 Defences There are several mechanisms to mitigate or defend against legal exposures related to digital healthcare in Mexico, even though the regula- tory framework is not yet fully developed. These mechanisms operate within existing legal struc- tures and industry practices, and can help digi- tal health providers, developers and healthcare institutions reduce their legal and regulatory risks. Key mechanisms include the following. Regulatory Compliance and Internal Controls • Even in the absence of specific digital health laws, entities can mitigate risk by aligning with general health regulations, data protec- tion laws and consumer protection standards. • Ensuring compliance with Cofepris require- ments, especially regarding SaMD (under NOM-241-SSA1-2021), can significantly reduce exposure to administrative sanctions. • Maintaining clear documentation, standard operating procedures (SOPs) and audit trails during development and deployment of digital tools supports defensibility in case of inspec- tions. Data Protection and Cybersecurity Measures • Implementing robust data privacy proto- cols under the Federal Law on Protection of Personal Data Held by Private Parties helps reduce liability for data misuse or breaches. • Measures like encryption, user consent mechanisms, data access controls, and inci- dent response plans are essential for compli- ance and defence. • Conducting privacy impact assessments or cybersecurity audits can proactively identify and address vulnerabilities. Clear Contracts and Terms of Use • Drafting comprehensive terms and condi- tions, privacy policies and informed consent
including those delivered through digital means, but they do not explicitly regulate digital health technologies. • Consumer Protection Law: In cases involving misleading advertising, malfunctioning digital products, or service issues, PROFECO can intervene under consumer law. • Data Protection Law: The Federal Law on Protection of Personal Data Held by Private Parties, enforced by INAI, offers redress in cases of misuse or breach of sensitive health data. Enforcement by Cofepris Cofepris can initiate administrative proce- dures, conduct inspections, issue sanctions and impose sanitary measures in health-related matters, including those involving digital tools (such as SaMD). Affected parties can challenge resolutions in the federal courts, which serves as In the absence of specific digital health laws, dis- putes – such as those involving medical errors during teleconsultations or defective digital tools – may be handled through civil litigation, based on general principles of tort law or contract law. However, these cases can be complex, as liabil- ity rules for digital health are not clearly defined. In summary, while formal mechanisms for redress do exist, they are mostly applied through general health, consumer, civil, or data protec- tion laws, rather than through a unified digital health legal framework. This legal fragmentation can make it more difficult for both users and pro- viders to understand their rights, obligations and liabilities. a formal redress mechanism. Civil and Contractual Claims
85
CHAMBERS.COM
Powered by FlippingBook