Cybersecurity Investment, Education: Keys for Data Protection

Embracing tech development in healthcare has been challenging in Mexico. Digitization has been advancing slowly but steadily and digital health solutions boomed in the market following the COVID-19 pandemic. While tech and health data provide uncountable benefits, there are also security risks that could threaten a patient’s wellbeing. Cybersecurity investments, regulation improvement and education for all actors involved will lead the industry to a proper, ethical and beneficial use of data, agreed experts.

“Data plays a key role in the future of healthcare. Patients must own their data. Owning our clinical history and sharing it with the physicians we consult brings many efficiencies, from better clinical studies and smaller costs to improved diagnosis and better care from healthcare professionals. In a larger scale, data helps researchers to reshape the healthcare system. However, it must be interconnected and secure,” said Alexandro Arias, Partner Life Sciences and Health Care Leader, Deloitte.

Digital health encompasses mobile health, health information technology (IT), wearable devices, telehealth, telemedicine and personalized medicine, according to the FDA: “From mobile medical apps and software that support the clinical decisions doctors make every day to artificial intelligence and machine learning, digital technology has been driving a revolution in health care.” Digital health systems lead to data-driven healthcare solutions for the individualized delivery of therapies and treatments for patients, powered by information technologies that enable seamless integration and communication between patients, providers, payers, researchers and health information depositories, as reported by MBN.

Data is collected by all industry players, including pharmacies, hospitals, insurers and private physicians, among others. “As a patient, I would like my data to be collected for research and beneficial purposes,” said Brenda Zetina, Territory Director, DataDog. Data goes beyond personalized medicine and better care, she added: “Companies use state-of-the-art technology for R&D that will benefit the entire sector. However, these companies must also invest in cybersecurity to protect the data.”

The cybersecurity risks within health data are massive, so having the appropriate normative framework is crucial, said Claudia Del Pozo, Executive Director, Eon Resilience Lab. Companies often see cybersecurity as an extra expense and tend to have different priorities, especially when going through difficult times, she added.

The management of personal data and the broad protection of it must comply with certain ethical and legal pillars, said Alejandro Luna, Partner, Olivares: “Specificity takes us further. Companies and the public sector must comply with the law. There must be good faith and consideration for the rights of the individual as a person.”

In Mexico, the General Health Law, the Federal Law of Personal Data Protection, NOM-004, 024 and 035 address digital health. “Mexico has a solid legal framework for the observance and protection of our personal data. It is considered as a human right within articles 6 and 16 of the Constitution. In addition, the country has signed several international treaties for good practices in biology and medicine,” said Luna.

Despite the presence of digital health and data protection in different laws and norms, regulation can be the first hurdle when it comes to the introduction of new technologies in healthcare, according to other industry players. Mario Muniz, Regional General Manager for North Latin America, IQVIA, told MBN that “we are completely lagging behind in establishing regulation that is transparent but at the same time contemplates all the necessary aspects involved.”

Emerging trends and solutions call for regulatory issues to be addressed, says the International Comparative Legal Guides (ICLG). In the US, these priorities include data privacy and compliance with the Health Insurance Portability and Accountability Act (HIPAA), which other countries use as a model for regulation, such as Mexico.

As technology and digitization continue moving forward, all actors involved, from users/patients to institutions, doctors and insurers, must be aware of the importance of data privacy, said Arias: “It is all about education. Sometimes we normalize it and we do not read the small letters. All actors involved must be educated on data protection and cybersecurity.”