Image credits: Luca Bravo on Unsplash

Digital Health Regulation in Mexico: Hits and Opportunities

By Miriam Bello | Thu, 06/17/2021 - 14:31

Embracing tech development has been challenging for all. However, regulation has to be quick to respond and ensure an even and safe environment for tech innovation. In healthcare, this is even more relevant as tech systems are dealing with personal information that can compromise a patient’s well-being. In this sector, digitalization has been advancing slowly but steadily and after the COVID-19 pandemic last year, digital health solutions boomed in the market. While this comes with many benefits, concerns also grow as not all regulatory entities are responding with the same agility as developments unfold.

What Is Digital Health?

The broad scope of digital health encompasses mobile health, health information technology (IT), wearable devices, telehealth and telemedicine, as well as personalized medicine, says the FDA. “From mobile medical apps and software that support the clinical decisions doctors make every day to artificial intelligence and machine learning, digital technology has been driving a revolution in health care,” explains the FDA. Digital health systems lead to data-driven healthcare solutions for individualized delivery of therapies and treatments for patients, powered by information technologies that enable seamless integration and communication between patients, providers, payors, researchers and health information depositories.

According to an article by ICLG, the key emerging technology areas in digital health are:

  • Personalized, precision medicine
  • Clinical decision support tools
  • Remote patient monitoring and delivery of care (wearables, telemedicine, virtual healthcare)
  • Big Data analytics
  • AI and machine learning-powered healthcare solutions
  • Robot assisted surgery
  • Digital hospitals

Regulating Digital Health 

Emerging trends and solutions call for regulatory issues to be addressed, says ICLG, including data privacy and compliance with the Health Insurance Portability and Accountability Act (HIPAA), which many players use as a model in countries where regulation is lacking, such as Mexico, Jesus Diaz, CIO of CHRISTUS MUGUERZA, and Camilo Garay, Country Manager of 1DOC3, told MBN.

In the US, digital health solutions must comply with the 510 K certification, which is a premarket requirement submitted to the FDA to demonstrate that the device to be marketed is safe and effective or substantially equivalent to a legally marketed device, when applicable. A premarket approval is also needed alongside the certification, as well as a laboratory-developed test according to the clinical laboratory improvement amendments program. ICGL recommends extra requirements, such as transparency laws and regulations to protect identifiable health information to prevent fraud, abuse and waste. The article also states that in the US, any “consumer device” will be treated as a medical device if it intends to diagnose a disease or condition; cure, mitigate, treat or prevent a disease or if it affects the structure or any function of the body (not supported by a chemical action).

While this framework can be a good base to look at, Deloitte also broke down the steps to form independent regulatory ecosystems for digital health solutions:

  1. Consider the key players of the ecosystem: MedTech companies, trade associations, COFEPRIS (for Mexico), life sciences companies, researchers and academics, care providers and patient associations.
  2. Brainstorm the design principles for a new regulatory paradigm, identifying qualities that make an organization excellent and debate the degree of regulatory challenge, represented by a “friction score,” to bring different types of products to market.
  3. With this score determined, players can begin do determine the regulatory rigor and data required to clear that product. For instance, products that pose a lower risk to patient safety could be approved with less regulatory hurdle than products that pose a greater risk to patient safety.

After these steps, Deloitte recommends to build a clear regulatory process that is easier to navigate but that still foments innovation. The goal is to create risk-based processes that harnesses data to expedite the pre-market approval of digital health and ensure device safety, effectiveness and performance throughout the solutions’ life cycle. This should also consider secure, encrypted RWD capabilities for COFEPRIS to access and analyze selected real-world data across digital health organizations and from other public or private sources.

Current Digital Health Requirements in Mexico

The General Health Law, the Federal Law of Personal Data Protection, NOM-004, 024 and 035 already consider digital health.

  • The General Health Law promotes the development of health services through the integration of TIs to widen access and quality attention. It also controls tech transfer among dependencies and supports clinical practices with ECR. The law also considers the ability to use biometric data for electronic identification and grants the Ministry of Health the ability to guarantee the interoperability, processing, interpretation and security of the information contained in electronic medical records, as well as the establishment of telemedicine resources and electronic prescription. 
  • The Federal Law of Personal Data Protection regulates the collection, use and distribution of personal data by individuals or legal entities that require it for their professional activities. It also regulates the correct treatment of personal information in the hands of third parties, especially in digital environments.
  • NOM-004 refers to electronic registry information systems. It indicates that personal data from a clinical record that allow the identification of a patient should not be disclosed. It also states that documents must be kept for a minimum of five years from the last medical consultation or procedure.
  • NOM-024 addresses electronic registry information systems. It establishes the criteria for the exchange of information among Electronic Health Record Information Systems (SIRES), including the electronic clinical record.
  • NOM-035 aims to establish the criteria and procedures that must be followed to produce, capture, integrate, process, systematize, evaluate and disclose health information.

Another norm, NOM-036, was published for public consultation on the Official Gazette of the Federation on Dec. 21, 2015, which focused on the regulation of remote medical care . However, this was eventually scrapped as “it did not contribute to improving the quality of the practice of remote medical care and it could also limit the incorporation of innovative technologies or new developments in this field,” stated a research paper by Éctor Ramirez-Barba from the Honorable Chamber of Deputies and Carlos Arias of the Higher School of Economics.

Regulation Gaps in Mexico

Despite these mentions in different laws and norms, regulation is the first hurdle when it comes to the introduction of new technologies in healthcare, according to Mario Muniz, Regional General Manager for North Latin America at IQVIA. “We are completely lagging behind in establishing regulation that is transparent but at the same time contemplates all the necessary aspects involved,” said Muniz during an interview with MBN. He explained that there is little technology promotion in the country for the health sector and even though there are already telemedicine companies operating in the country, there is a need for standardization to allow the general market to benefit during this crisis. According to Muniz, “we are losing a lot of time because we do not have the appropriate regulation.”

Telemedicine is one of the biggest aspects of digital health in Mexico. However, Dilawar Syed, President and CEO of Lumiata, agreed with Muniz and explained to MBN that when faced with a global pandemic, “we (Mexico) were behind in telemedicine regulation and hospitals and clinics were not ready. In the US, for example, about half of patients who had a doctor’s appointment during the nine months of the pandemic used telemedicine. Before the pandemic, the average was only 5 percent.” According to Muniz, proper regulation could lead to adequate solutions and derive in costs savings. For him, Mexico is a fertile soil for technology innovation, but cultural changes in favor of innovation and technology will allow or prevent this transition.

As for new companies dabbling into digital health, COFEPRIS is one of the government’s greatest barriers as it has around 60,000 applications on hold and around 20,00 of those are lost, said Jorge Pérez, Managing and Innovation Director of inMateriis to MBN. Pérez explained that the commission lacks proper knowledge about medical devices and it follows foreign guidelines, leaving aside a local understanding of the process. “Many entrepreneurs also have little knowledge of the requirements from sanitary authorities and this can mean redoing a whole process to get applications right,” he said.

The industry is in the process of forming a health-tech association to talk to legislators and bring this subject to the table, according to Diaz from CHRISTUS MUGUERZA. “The goal is to have a standard like HIPAA to protect healthcare information by law. Gaps have stopped the Mexican healthcare sector from fully digitalizing because of a lack of regulatory processes, which leaves room for mistakes that could damage companies on many fronts.” Diaz further explained that the federal government is building a digital healthcare ecosystem in Mexico but open dialogue and communication between entities is still needed to make this happen. The goal would be that all products that generate digital health information follow universally accepted standards. “COPARMEX, for instance, is one actor pushing to make this a reality but a more active role from the government is still needed to really set the foundation and make this come to fruition,” said Diaz.

Miriam Bello Miriam Bello Journalist and Industry Analyst