Digital Healthcare 2025 Comparisons

Various forms of digital technology are being employed across Mexico’s healthcare system to improve patient care and optimise the use of connected medical equipment. These include the following tools:

• electronic medical records (EMRs) – this technology enables healthcare professionals to access and continuously update patient clinical data, facilitating communication and data-sharing between different healthcare departments and professionals, leading to better co-ordination and higher quality of care; and
• connected medical devices, such as vital sign monitors and telemedicine tools, allow for remote monitoring of patients and provide real-time data to healthcare professionals, enabling early detection of potential health problems.

In terms of remote healthcare, Mexico has seen significant advancements due to several key technologies:

• telemedicine – using video-conferencing platforms and mobile device software, telemedicine allows for virtual consultations between patients and healthcare providers, offering a convenient way for patients to receive timely care, saving both time and money while ensuring quicker access to medical treatment; and
• remote patient monitoring – devices that track chronic conditions (such as glucose-monitoring gadgets that allow diabetics to track their blood sugar levels and share data remotely with their doctors) help ensure continuous monitoring and timely adjustments to treatment plans.

Home care in Mexico has also been greatly enhanced by technological innovations, particularly following hospital discharge:

• post-operative telemonitoring – patients recovering from surgery can be monitored at home through connected medical equipment so that healthcare providers can assess progress, identify potential issues and offer guidance without requiring the patient to visit the hospital; and
• digital medicine and mobile health apps have revolutionised how patients manage their health, with the apps allowing users to access personalised medical advice, track their health data and receive reminders for prescriptions, all of which support home-based care and encourage patients to be more involved in their treatment.

These digital health technologies differ in terms of their application and function. Telemedicine focuses on providing virtual consultations and remote access to healthcare, while remote patient monitoring emphasises continuous health tracking. Electronic medical records streamline patient data management across multiple healthcare providers, and connected medical devices monitor specific health metrics in real time. Together, they contribute to a more integrated and efficient healthcare system.

In Mexico, the adoption of digital technology in healthcare is steadily advancing, mainly in the private sector, driven in large part by the consolidation of healthcare providers such as hospital groups and physician networks. This consolidation has enabled large-scale implementation of electronic health records (EHRs), allowing for more standardised care and efficient operations across multiple facilities.

Ongoing modernisation efforts focus on expanding healthcare access and promoting the use of EHRs, which help providers share patient data more effectively and deliver more co-ordinated care. Key benefits include improved scheduling and resource use, reduced administrative costs, and enhanced data security.

Despite progress with EHRs, the use of AI in everyday clinical practice remains limited. A 2024 Funsalud study found only 9% of Mexican physicians currently use AI tools, although interest is growing, especially among those open to training and institutional support. A broader adoption in the following years is expected, particularly in diagnostic support, administrative automation and population health management.

Digital healthcare is offering significant benefits to both patients and healthcare professionals, even as its implementation continues to evolve.

For medical professionals, tools such as EHRs, telemedicine platforms and emerging AI technologies are improving clinical decision-making and care co-ordination. These digital solutions streamline processes like appointment management, test result sharing, and the remote monitoring of chronic conditions – particularly valuable in rural or underserved areas. While the use of AI remains limited, there is growing interest in its potential to enhance diagnostics and reduce administrative burdens.

From a cost perspective, digital healthcare is starting to reduce operational expenses. Efficiencies such as optimised use of medical facilities, reduced dependence on paper-based systems, and improved staff scheduling contribute to cost savings for both healthcare institutions and patients. However, realising the full economic benefits will require continued investment in infrastructure, workforce training and supportive regulation.

In Mexico, there is no official definition of “digital health” or “digital healthcare”, but the concept is generally understood and defined by the National Center for Technological Excellence in Health(CENETEC), which operates under the Ministry of Health. According to CENETEC, digital healthcare is a broad term referring to the provision of health services using information and communication technologies (ICTs) when physical interaction is not required. This definition extends beyond medical services to encompass any health-related services.

On the other hand, digital medicine refers specifically to healthcare delivery where patients and healthcare professionals are in different locations, using ICTs to exchange information for diagnosing, treating and preventing diseases and injuries, as well as for continuous medical education.

Despite these definitions and some non-mandatory guidelines from CENETEC, there are few references to digital healthcare, digital medicine, electronic prescriptions, or digital medical records in Mexico’s General Health Law or its associated regulations. This lack of a detailed, comprehensive regulatory framework means that there is no official list outlining what is specifically covered under digital healthcare or digital medicine. Instead, regulations are interpreted based on broader laws and guidelines applicable to health services and medical devices.

The reliance on international definitions is not explicitly mentioned, but as digital healthcare continues to grow globally, international standards and definitions often influence national policies and understanding of a term. However, ongoing work to formalise or update definitions within national regulations is likely to continue, as the landscape of digital health evolves.

The key laws and regulations that apply to digital healthcare are the following:

• the General Health Law;
• the General Law for the Protection of Personal Data in the Possession of Obligated Parties;
• the Federal Law on Protection of Personal Data Held by Private Parties;
• the Federal Consumer Protection Law;
• the Health Inputs Regulations;
• the Regulation of Sanitary Control of Products and Services;
• NOM-004-SSA3-2012, for clinical records;
• NOM-024-SSA3-2012, for electronic health record information systems and health information exchange; and
• NOM-241-SSA1-2021, for good manufacturing practices for medical devices.

In Mexico, policymakers and lawmakers are working to stay up to date with technological developments, especially in the healthcare sector, through a series of legislative actions and regulations. For instance, in December 2021, a new regulation was introduced to govern software as a medical device, reflecting a response to the growing role of technology in healthcare. More recently, in May 2023, a new General Law on Humanities, Sciences, Technologies, and Innovation was enacted, which will influence research and development in the healthcare technology sector. However, this law also raises concerns, as it centralises control over public research funding and requires that projects be aligned with a special programme developed by the federal government, potentially introducing biases in the allocation of resources.

While there are several initiatives under discussion, Mexico does not yet have comprehensive, state-of-the-art legislation specifically governing digital healthcare and digital medicine. Various draft regulations are currently being debated in Congress, including those related to artificial intelligence, cybersecurity, digital health ecosystems, electronic clinical records and digital prescriptions. However, these regulations are still pending approval.

Additionally, specific amendments to the General Health Law are being considered. These ongoing efforts show that while regulatory development is happening, Mexico still lacks fully comprehensive and up-to-date laws to govern the dynamic field of digital health.

In Mexico, technical standards play a growing but still limited role. The most notable example is the Mexican Official Standard NOM-241-SSA1-2021, which regulates software as a medical device. It sets requirements for manufacturing practices, quality control and product classification, ensuring that such software meets safety and performance standards before reaching the market.

Other technical guidelines, such as those issued by CENETEC, provide non-binding but influential recommendations for areas like telemedicine, system interoperability and data privacy. While not mandatory, these guidelines help healthcare providers align their practices with recognised norms.

In Mexico, several aspects of digital healthcare are addressed through a variety of regulations, though some areas still lack comprehensive or specific legal frameworks. Here is how the different aspects are regulated.

Software as a Medical Device (SaMD)

The regulation of SaMD in Mexico is provided by the Mexican Official Standard NOM-241-SSA1-2021, which outlines good manufacturing practices for medical devices. This regulation, effective as of 21 June 2023, defines software as a medical device if it meets specific criteria, such as being used for medical purposes, not requiring integration with physical medical device hardware, and being capable of running on general computing platforms. However, software that runs solely on specific medical devices is exempt from this classification and does not need to be registered for marketing in Mexico.

Selfcare, Wellness and Fitness IT Products, such as IoT and Wearables

Wellness and fitness products, including wearables and IoT devices, are primarily regulated through data protection laws. These products often collect sensitive health-related data, which is considered highly sensitive personal data. As per Mexican data protection laws, the owner of the data must provide explicit written consent before any processing of this sensitive data can occur. This ensures the privacy and protection of users’ health-related information.

Cybersecurity and Data Protection

While there have been several drafts of bills attempting to regulate cybersecurity, particularly with regard to digital health, none have yet been formalised into actual law. However, data protection for health information is governed by Mexico’s data protection laws, which are stringent regarding the handling of sensitive personal data, including health data. The lack of specific cybersecurity regulations means there is still a degree of uncertainty as to how digital health services should protect against cyber threats.

Artificial Intelligence and Machine Learning

There are ongoing discussions in the Mexican Congress about regulating AI and machine learning. In May 2023, the draft Law for the Ethical Regulation of Artificial Intelligence and Robotics was introduced, and a draft amendment to the General Health Law was proposed in July 2023 to address AI data protection within healthcare. However, due to the complexity and evolving nature of AI technologies, lawmakers have been cautious in their approach, resulting in a lack of comprehensive regulation in this area.

Environmental, Social and Governance (ESG) Matters

There is currently no specific regulation in Mexico addressing ESG matters directly in the context of digital healthcare. However, broader ESG principles may be indirectly applicable to the health sector, particularly when it comes to the ethical considerations surrounding digital health technologies.

Telehealth

Mexico does not have a specific regulatory framework for telehealth. Instead, telemedicine and other forms of remote healthcare are governed by the general healthcare regulations applicable to medical services. This means that while telehealth is practised, there is no dedicated legal framework outlining the requirements and standards for telehealth services.

The current laws and regulations in Mexico do not adequately regulate digital healthcare. While there have been some isolated modifications to the legal framework, these changes do not seem to be part of a cohesive, long-term national policy on digital health. As a result, there are significant gaps in the legislation that leave several aspects of digital healthcare insufficiently regulated. These gaps include the regulation of telehealth, AI in healthcare, cybersecurity, and the use of self-care and wellness technologies like wearables. Without comprehensive and integrated legislation, Mexico’s digital healthcare system faces challenges in ensuring consistent standards, data protection, and the safe integration of new technologies.

In Mexico, the oversight of digital healthcare is primarily handled by two key bodies:

The Federal Commission for Protection Against Sanitary Risks (Cofepris)

The Federal Commission for Protection Against Sanitary Risks (Comisión Federal para la Protección contra Riesgos Sanitarios, or Cofepris) is the main regulatory and enforcement agency for the digital health industry. Its remit includes verifying the quality, efficacy and efficiency of health-related products and services, including medicines, medical devices, and software used as medical devices. Cofepris is responsible for granting marketing authorisations for SaMD and ensuring that these technologies meet the necessary standards for safety and effectiveness.

The Federal Consumer Protection Bureau (PROFECO)

The Federal Consumer Protection Bureau (Procuraduría Federal del Consumidor, or PROFECO) is responsible for safeguarding and promoting consumer rights, particularly in relation to commercial and promotional activities. While PROFECO’s focus is not directly on digital health technologies, it oversees the consumer protection aspects of digital health products and services, ensuring that businesses comply with consumer rights laws, especially in advertising and sales.

However, there is currently no specific body tasked with the oversight of digital health technologies, such as self-care devices or wellness products, as they are not directly regulated under the existing Mexican legal framework. Additionally, healthcare institutions do not have a legal obligation to self-assess or report issues related to digital medicine or digital health technologies. As such, the regulatory environment for digital health in Mexico remains fragmented and lacks comprehensive oversight.

Certain aspects of digital healthcare in Mexico fall under the remit of non-healthcare regulatory bodies. The following are two key examples.

PROFECO

PROFECO oversees commercial practices and advertising in the marketplace, including for digital health products and services. This includes ensuring that consumers are not misled by promotional claims made about digital health tools such as mobile health apps, wearable devices or telehealth platforms. PROFECO’s involvement is necessary to protect consumers’ rights, especially as digital health technologies often reach users directly through commercial channels.

The Ministry of Anti-Corruption and Good Government

The National Institute for Transparency, Access to Information and Protection of Personal Data (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales, or INAI) used to be responsible for ensuring compliance with data protection laws in Mexico. Due to a constitutional reform in terms of organisational simplification, which became effective on 21 December 2024, INAI was closed down on 20 March 2025. As of that date, a transition period began, during which INAI’s functions will be transferred to the decentralised administrative body of the Ministry of Anticorruption and Good Government known as “Transparency for the People”, including the oversight of the processing of sensitive personal data – such as health records collected via apps, wearables or telemedicine platforms – in order to ensure that individuals’ health data is handled responsibly and lawfully.

In Mexico, the enforcement of laws and regulations related to digital healthcare is primarily carried out by Cofepris. Enforcement typically begins with a verification visit to a healthcare-related establishment. Following this inspection, Cofepris issues an official report outlining any irregularities or non-compliance identified during the visit.

The establishment is then required to respond – either by implementing corrective actions or by presenting arguments to refute the findings. Based on this exchange, Cofepris will issue a final resolution, which may include sanctions such as fines, product recalls, or even suspension of operations. Notably, Cofepris also has the authority to apply sanitary measures – including preventative closures or product seizures – at any point during the administrative process. These measures are enforceable immediately to protect public health.

While the enforcement of digital health regulations is active, not all areas are equally monitored. Aspects such as SaMD or unauthorised medical claims in advertising tend to receive more scrutiny. However, due to the evolving nature of digital health and the current gaps in comprehensive regulation, enforcement is not yet uniformly rigorous across all digital health sectors. That said, any enforcement action by Cofepris can be legally challenged before a federal court, ensuring due process for affected parties.

The current regulatory framework in Mexico is not sufficient to address the risks posed by the use of digital technologies in healthcare. While Cofepris already has the authority and legal powers necessary to regulate and enforce matters related to digital health, the main issue is that many of these technologies are not yet comprehensively regulated.

Rather than expanding regulatory powers, the priority should be to develop and implement clear, specific regulations that address digital health risks, such as data security, the use of AI, and the reliability of digital medical tools.

There are ongoing legislative efforts and proposed reforms aimed at better regulating this space, indicating that there is momentum towards establishing a more robust legal framework. These initiatives suggest that lawmakers recognise the need for clearer rules to keep pace with the rapid growth of digital healthcare technologies.

Digital healthcare in Mexico presents certain legal risks due to the current lack of comprehensive regulation. These manifest most clearly in the following areas.

Non-Compliance With Regulations

One of the main challenges is that many aspects of digital healthcare are not yet specifically regulated. This regulatory gap increases the risk of non-compliance – not necessarily because entities are intentionally violating the law, but because there is uncertainty about what is required or permitted. Without clear rules, it is difficult for healthcare providers, tech developers, and manufacturers to ensure they are operating within legal boundaries, especially regarding areas like SaMD, AI and telehealth.

Enforcement by Regulatory Authorities

Although Cofepris has sufficient authority to enforce regulations concerning health-related technologies, the lack of clear and targeted digital health regulations limits its ability to act decisively. Enforcement actions are typically reactive and based on general health regulations, which may not fully address the nuances of digital healthcare. As a result, regulatory enforcement can be inconsistent or delayed, leaving gaps in oversight that can compromise patient safety and data protection.

Liability (Contractual, Statutory and Otherwise)

The absence of specific legal standards also complicates liability issues. In cases of harm caused by digital health tools – such as faulty software, data breaches or misdiagnoses during teleconsultations – it is not always clear who is legally responsible. Questions of contractual liability (eg, between providers and patients), statutory liability (eg, under health or consumer protection laws) or civil liability (eg, negligence or malpractice) may arise, but the resolution of these difficulties often depends on interpreting outdated or non-specific laws. This legal uncertainty increases the exposure of both healthcare providers and technology developers to potential disputes and legal claims.

In summary, the key risks in digital healthcare stem from regulatory ambiguity, inconsistent enforcement, and unclear liability frameworks – all of which highlight the urgent need for more tailored, up-to-date legislation in Mexico.

In Mexico, the legal exposures related to digital healthcare – such as non-compliance, regulatory breaches, or liability – are not specifically addressed under a dedicated digital health statute, but they may be handled through general legal and administrative frameworks. Formal mechanisms for redress exist, but they are often indirect and fragmented, due to the lack of a comprehensive legal regime for digital healthcare.

These exposures are typically addressed as follows.

Statutory Frameworks

• Health Law: General provisions in the General Health Law may apply to healthcare services, including those delivered through digital means, but they do not explicitly regulate digital health technologies.
• Consumer Protection Law: In cases involving misleading advertising, malfunctioning digital products, or service issues, PROFECO can intervene under consumer law.
• Data Protection Law: The Federal Law on Protection of Personal Data Held by Private Parties, enforced by INAI, offers redress in cases of misuse or breach of sensitive health data.

Enforcement by Cofepris

Cofepris can initiate administrative procedures, conduct inspections, issue sanctions and impose sanitary measures in health-related matters, including those involving digital tools (such as SaMD). Affected parties can challenge resolutions in the federal courts, which serves as a formal redress mechanism.

Civil and Contractual Claims

In the absence of specific digital health laws, disputes – such as those involving medical errors during teleconsultations or defective digital tools – may be handled through civil litigation, based on general principles of tort law or contract law. However, these cases can be complex, as liability rules for digital health are not clearly defined.

In summary, while formal mechanisms for redress do exist, they are mostly applied through general health, consumer, civil, or data protection laws, rather than through a unified digital health legal framework. This legal fragmentation can make it more difficult for both users and providers to understand their rights, obligations and liabilities.

There are several mechanisms to mitigate or defend against legal exposures related to digital healthcare in Mexico, even though the regulatory framework is not yet fully developed. These mechanisms operate within existing legal structures and industry practices, and can help digital health providers, developers and healthcare institutions reduce their legal and regulatory risks. Key mechanisms include the following.

Regulatory Compliance and Internal Controls

• Even in the absence of specific digital health laws, entities can mitigate risk by aligning with general health regulations, data protection laws and consumer protection standards.
• Ensuring compliance with Cofepris requirements, especially regarding SaMD (under NOM-241-SSA1-2021), can significantly reduce exposure to administrative sanctions.
• Maintaining clear documentation, standard operating procedures (SOPs) and audit trails during development and deployment of digital tools supports defensibility in case of inspections.

Data Protection and Cybersecurity Measures

• Implementing robust data privacy protocols under the Federal Law on Protection of Personal Data Held by Private Parties helps reduce liability for data misuse or breaches.
• Measures like encryption, user consent mechanisms, data access controls, and incident response plans are essential for compliance and defence.
• Conducting privacy impact assessments or cybersecurity audits can proactively identify and address vulnerabilities.

Clear Contracts and Terms of Use

• Drafting comprehensive terms and conditions, privacy policies and informed consent forms for patients using digital health tools helps set clear expectations and limit liability.
• Contracts between healthcare providers and technology vendors should clearly define responsibilities, warranties and dispute resolution procedures.
• Including indemnity clauses, liability limitations and force majeure provisions can offer further protection.

Professional Liability Insurance

Healthcare professionals and digital health providers can reduce exposure by obtaining professional indemnity or errors and omissions insurance, which may cover legal defence costs and damage awards related to service delivery or software use.

Defensive Legal Strategies

• If faced with enforcement actions by Cofepris, or legal claims, affected parties can challenge administrative sanctions through the federal courts, relying on procedural defences or lack of regulatory clarity.
• In civil or contractual disputes, providers can defend themselves by showing adherence to industry best practices, demonstrating reasonable care, or invoking force majeure if applicable.

In conclusion, while the legal framework for digital healthcare in Mexico is still evolving, stakeholders can proactively reduce and defend against legal risks through internal governance, contractual safeguards, compliance with general laws, and strategic use of available legal remedies.

There are currently several bills of laws being discussed in the Mexican Congress regarding AI, data privacy in digital healthcare, SaMD, electronic clinical records, digital prescriptions and cybersecurity. None of these initiatives have been enacted into law as yet. As this is a complex (and to some extent, unexplored) topic, Mexican representatives tend to be extremely cautious and risk averse when discussing and analysing such projects, which has caused a lack of appropriate regulations around AI.

Between 2021 and 2024, some legislative initiatives were introduced in Mexico to regulate AI, along with proposals to amend the constitution to grant Congress the authority to legislate on matters related to AI. These include:

• the Law for the Ethical Regulation of AI and Robotics (Ley para la Regulación Ética de la IA y la Robótica), which emphasises human rights and proposes the creation of the Mexican Council of Ethics for AI;
• a constitutional amendment granting Congress authority over AI, cybersecurity and neuro-rights; and
• a bill to establish the Mexican Agency for AI Development to implement public policy in key sectors.

Other initiatives seek to regulate the use of AI by prohibiting practices such as manipulation, discrimination and the creation of deepfakes, while assigning oversight to bodies such as the National Copyright Institute and the Federal Telecommunications Institute. Two of the proposals adopt a risk-based regulatory model inspired by the European Union, with one of them establishing a National Center for Artificial Intelligence to oversee implementation and compliance.