Digital Healthcare 2021

Last Updated June 30, 2021

Ecuador

Law and Practice

Authors



Meythaler & Zambrano is one of the most prestigious law firms in the Ecuadorian market. Founded in 1995, the firm specialises in national and international legal counselling and litigation for international and domestic corporations. The firm´s highly qualified team focuses on regulatory counsel (the pharmaceutical, medical, food and cosmetic sectors), intellectual property, competition and antitrust, arbitration and mediation, corporate and commercial affairs, dispute resolution, taxes, public procurement and public law. The firm has offices in Quito and Guayaquil. These offices work throughout Ecuador and belong to a wide network of correspondents throughout America, Europe and Asia. The firm is a member of the International Bar Association (IBA), the International Trademark Association (INTA), the Intellectual Property Association (ASIPI), and the Ecuadorian Associations of Mediation and Taxation Law.

Personal and family privacy is part of the freedom rights recognised and guaranteed by the Constitution of the Republic of Ecuador.

The confidentiality of personal information includes ideology, political affiliation, the affiliation to unions, ethnicity, health status, sexual orientation, religion, immigration status and other information related to personal privacy, especially any information whose public use violates the human rights enshrined in the Constitution and any other international instruments.

Any information that has been declared private by the competent authority is also confidential, as well as any information protected under banking or stock exchange secrecy, and any information that could affect the internal or external security of the State.

Regarding health information, any technological platforms that collect and store patients’ clinical information must have the prior and express authorisation of the owner of the data.

On 26 May 2021, the Personal Data Protection Law was published, which imposes new rules regarding health information collected for the purpose of providing health services.

This regulation defines health-related data as personal data relating to the physical or mental health of an individual, including the provision of healthcare services, which reveal information about his or her health status.

According to this law, the treatment of health-related data from a patient must comply with the following minimum parameters, from both a regulatory and a technological point of view.

  • The institutions that are a part of the National Health System, and any health professionals, may collect and process data relating to the health of their patients who are or have been under treatment by them.
  • Those responsible for and in charge of data processing, as well as all persons involved in any phase thereof, are subject to confidentiality, and they must ensure an adequate security of personal data, including protection against unauthorised or unlawful processing of this data, and against accidental loss, destruction, or damage, through the application of appropriate technical and organisational measures.
  • Additionally, health-related data generated in public or private health establishments must be treated in compliance with the principles of professional secrecy. The owner of the data must give prior consent, except in cases where the processing is necessary to protect the vital interests of the owner of the data, in the event that the owner of the data is physically or legally incapable of giving his or her consent, or, if this is necessary for the purposes of preventive or occupational medicine, the assessment of a worker's capacity to work, medical diagnosis, the provision of health or social care or treatment, or the management of health and social care systems and services, on the basis of the specialised legislation on the subject or under a contract with a healthcare professional. In the latter case, the treatment may only be carried out by or under the responsibility of a professional who is subject to the obligation of professional secrecy, in accordance with the specialised legislation on the matter or with any other rules that may be established by the Authority in this respect.
  • The health-related data to be processed, whenever possible, must be previously anonymised or pseudonymised, avoiding the possibility of identifying the owners of the data.
  • Any processing of anonymised health data must be previously authorised by the Personal Data Protection Authority. In order to obtain the aforementioned authorisation, the interested party must submit a technical protocol containing the necessary parameters that guarantee the protection of that data and the prior favourable report issued by the Health Authority.

According to Ecuadorian regulations, telemedicine or digital medicine is a mechanism implemented with the purpose of improving access to health and medical care for people, linking information and communication technology with medicine.

In this way, telemedicine has been regulated in different legal and regulatory instruments, such as Ministerial Agreement No 5169, through which the Operational Guidelines for the Implementation of a Comprehensive Health Care Model (MAIS) and the Comprehensive Public Health Network (RPIS) were issued in 2015.

However, to date, Ecuador has not implemented a specific regulation on telemedicine that comprehensively develops the management and procedures for the provision of this service; therefore, telemedicine is governed by general rules that allow its application in both the public and private sectors.

The Ministry of Public Health, as the National Health Authority, sought to implement structural changes in the health sector which would serve as a guide for the implementation of the MAIS with a family, community, and intercultural approach, governing the development of the RPIS and the complementarity with the private sector of the National Health System.

Therefore, there are general concepts contemplated in Ministerial Agreement No 5169, which explains, in general terms, certain concepts and procedures for the provision of remote medical health services (telemedicine), which are of direct application, stating the following:

  • telemedicine – this is defined as the provision of medical health services at a distance, using information and communication technologies for its implementation;
  • telemedicine medical care – this is a system for the provision of health services at a distance, using information and communication technologies for its implementation;
  • telemedicine referral is the sending of information from users or elements of diagnostic assistance by electronic means to the operative health units, to other health institutions for medical care or diagnostic complementation;
  • counter-referral in telemedicine is the response that the health units receiving the telemedicine referral give to the health body, or to the family unit. This response may be as a counter-referral (indications) or with information on the care received by the user in the receiving institution.

Telemedicine, by its nature, is strictly linked to information and communication technologies, replacing, in many cases, the traditional way in which medicine has been practised. Therefore, the provision of remote medical services involves many different services and technologies, including communications, databases, internet and intranet resources, the transmission and/or filing of images that go beyond the traditional concept of medicine.

In this context, it is important to note that, for the implementation of telemedicine, the Ministry of Telecommunications and the Information Society are involved, which, through Ministerial Agreement No 016-2018, have approved the Information and Knowledge Society Plan 2018-2021, which highlights the importance of telemedicine, stating the following: "In the field of Digital Inclusion, Information and Communication Technologies have the potential to boost educational, labour and health services, at a distance. (...)

Ecuador is a country of great contrasts, as shown when analysing the socio-economic conditions of the population, and there are difficulties for inhabitants of rural areas to have access to healthcare; several initiatives have been carried out to try to improve access to healthcare, such as training, the delivery of community first-aid kits and material, and the purchase of telehealth equipment".

In this respect, currently, the implementation of regulatory frameworks that allow the inclusion of telemedicine platforms for the benefit of patients continues to be a challenge for both the National Health System and for telecommunications, but there are no private regulations or limitations.

In this respect, Ministerial Agreement No 016-2018 emphasises the value of promoting telemedicine through pilot projects: "This project aims to help the National Health System (SNS) reach the entire Ecuadorian population, universally and at no cost, through strategic alliances between the public and private sectors, with the application of information and communication technologies, through the Infocentros Project, thus promoting the development of the information and knowledge society.

Implementing a telemedicine/teleconsultation system among the medical staff of the Ministry of Public Health in rural areas, for a second opinion, with the support of specialists of the Medical Systems of the Universidad San Francisco de Quito, through the Infocentros Network, for the benefit of the most vulnerable.”

Digital medicine in Ecuador has not been regulated; however, the onset of the COVID-19 pandemic has led to the frequent application of telemedicine, which has been accepted by the Health Authority under the general rules for the provision of health services and the Code of Medical Ethics.

This situation has led to the identification of several areas that are emerging in the field of digital medicine, and on which regulation is necessary, which is a key challenge because it has a direct impact on the right to health and on society in general.

  • The first issue has to do with the precision of the provision of health services and with the limitations of the applicability of telemedicine. Since there is currently no specific regulation, this scope of telemedicine is established and applied by the health professionals themselves, who must assess the relevance of its application in order to avoid errors in diagnosis or treatment, and to be able to establish precisely when to refrain from providing digital services.
  • However, digital medicine also includes the appropriate use of electronic medical records, for which appropriate technological systems, prescription tools, etc, must be applied. This is not regulated at the moment, but it is important in order to avoid errors and the possible liability of physicians.
  • It will also be necessary to regulate the responsibility of patients in complying with medical recommendations and in managing their health situation with the tools provided digitally.

In other words, digital health technology has generated the need for the regulation to change and adapt to new circumstances, with the ultimate goal of benefiting the patient.

Although in Ecuador there is no specific regulation on digital healthcare technologies and digital healthcare services, these have been applied for the management and control of the pandemic in all public and private health facilities.

Several advantages can be identified from this, for example:

  • the use of technology allows healthcare establishments to carry out remote diagnoses and treatments, and this also avoids crowding in healthcare establishments;
  • a data information-exchange mechanism has been generated, which has also made it necessary to adapt the law to the need for personal data protection;
  • technology is also used to intervene in the use of devices for patient-monitoring, such as sensors, monitors, medical applications, etc. This allows precision in diagnosis or treatment.

Climate change has been the subject of a study by the World Health Organization (WHO), which has pointed out several effects on health deriving from it, detailed as follows:

  • increased risk of mortality and trauma from storms and flooding;
  • situations of water scarcity increase the spread of diseases from contaminated food and water;
  • heatwaves can directly increase morbidity and mortality, mainly among elderly people with cardiovascular or respiratory diseases.

According to that which has been mentioned in different forums, the repercussions generated by climate change depend on the measures that each country imposes to prevent them.

In this regard, digital healthcare can be very beneficial because it allows for the provision of healthcare services to reach distant places where it is not possible to maintain a healthcare facility.

In Ecuador, this scheme was implemented, although not with much strength, in 2015 in terms of telemedical care, referral and counter-referral, which allows the healthcare service delivery system to use information and communication technologies for the benefit of patients who for any reason cannot access a facility, either for diagnosis or for continuity of treatment. 

In Ecuador, several authorities are involved in digital medicine, led by the Ministry of Public Health (MSP) (which is in charge of the National Health System) and its affiliated entities, such as the National Agency for Regulation, Control and Health Surveillance (ARCSA) and the Agency for Quality Assurance of Health Services and Prepaid Medicine (ACESS).

The MSP is responsible for the exercise of the managing role in health, as well as having responsibility for the application, control and surveillance of compliance with the Personal Data Protection Law, and whose responsibilities are detailed in an exhaustive manner in Article 6 of the aforementioned Law.

However, in Ecuador there is the National Agency of Regulation, Control and Sanitary Surveillance (ARCSA) which was created by Executive Decree 1290, as an entity attached to the Ministry of Public Health, which has among its powers the sanitary registration of drugs and medical devices that may be useful in the field of digital medicine.

The ARCSA's attributions are generally related to the application and observance of guidelines, technical regulations, standards and protocols governing products for human use and consumption.

Finally, there is the Agency for Quality Assurance of Health Services and Prepaid Medicine (ACESS) which was created by Executive Decree 703, also as an entity attached to the Ministry of Public Health, which has among its powers the control and licensing of establishments that provide healthcare services.

Executive Decree No 1307, issued by the President of the Republic of Ecuador on 29 April 2021, was published in Official Gazette 444 of 4 May 2021, and ordered the merger of the Agency for Quality Assurance of Health Services and Prepaid Medicine - ACESS and the National Agency for Regulation, Control and Health Surveillance - ARCSA into a single entity called the Agency for Regulation, Control and Surveillance and Assurance of Health Quality and Prepaid Medicine - ARCSAMED.

The competences of ACESS and ARCSA will be assumed by the new institution ARCSAMED whose intention is to strengthen the control and surveillance of public, private and community healthcare services.

Among its responsibilities will be the regulation, technical control and sanitary surveillance of the quality of public, private and community health services, whether for-profit or not-for-profit, of healthcare and prepaid medicine companies and healthcare personnel, as well as of products for human use and consumption manufactured in Ecuador or abroad for importation, exportation, commercialisation, sale or donation.

The entity must also promote and encourage the continuous improvement of the quality of healthcare and patient safety in public, private and community healthcare services.

The regulation of digital medicine has not been developed in recent years; in fact, in Ecuador, there are only regulatory norms with vague provisions on the subject.

Notwithstanding the foregoing, this situation is expected to change with the issuance of the new Organic Health Code, which proposes to empower the National Health Authority, the Ministry of Public Health, as the organisation responsible for governance, sectoral leadership in health and for planning, regulating, co-ordinating, overseeing, controlling, evaluating and monitoring the functions of the National Healthcare System.

In this respect, it is expected that, with the approval of this new code, the Ministry of Health will assume the obligation of technological development and innovation for the management of knowledge in healthcare and training, and the regulation on the rational use of healthcare technologies.

Also, the approval of this code will bring with it a new regulation and control of the quality of healthcare services, including those provided through the healthcare system and those provided through technological platforms or other computerised means.

The provision of healthcare services and devices is currently governed by the Organic Health Law.

This law establishes that this authority may prosecute a professional or establishment ex officio or by complaint.

Once an alleged non-compliance with the law is determined, the corresponding health authority (Commissioner, Co-ordinator or Director) will issue an initial order that will include the date and time for the trial hearing to take place.

At the trial hearing, the offender shall be heard, and shall intervene himself or herself or through his or her attorney; the evidence submitted by him or her shall be received and added to the proceedings.

If so requested by any of the parties or ex officio, in the same proceeding, the case shall be opened for trial for a term of six days, in which all the evidence requested shall be taken.

The resolution issued may be appealed before the superior hierarchical authority in a second and final instance.

In these contexts, it is important to note that, for the implementation of telemedicine, the Ministry of Telecommunications and the Information Society are involved, which, through Ministerial Agreement No 016-2018, have approved the Information and Knowledge Society Plan 2018-2021, which highlights the importance of telemedicine, indicating the following:

“In the field of Digital Inclusion, Information and Communication Technologies have the potential to boost education, work and healthcare distance services (...)

Ecuador is a country of great contrasts, as shown when analysing the socioeconomic conditions of the population, and there are difficulties for the inhabitants of rural areas to have access to healthcare, several initiatives have been carried out to try to improve access to healthcare, such as training, delivery of community first-aid kits and material, and the purchase of telehealth equipment.”

In this respect, currently, the implementation of regulatory frameworks that allow the inclusion of telemedicine platforms for the benefit of the patient continues to be a challenge for both the National Health System and for telecommunications, but there is no regulation or limitation at the private level.

In this regard, Ministerial Agreement No 016-2018, emphasises the value of promoting telemedicine through pilot projects: "This project aims to contribute to the National Health System, SNS, to reach the entire Ecuadorian population, universally and at no cost, through Strategic Alliances between the public and private sectors, with the application of information and communication technologies, through the Infocentros Project, thus promoting the development of the information and knowledge society.

Implementing a telemedicine/teleconsultation system among the medical staff of the Ministry of Public Health in rural parishes for a second opinion with the support of specialists from the San Francisco de Quito University Medical Systems, through the Infocentros Network, for the benefit of the most vulnerable".

In recent years, certain pilot projects have been developed for the enactment of telemedicine, such as Vicente Corral Moscoso Hospital, which involved the implementation of a complete computer workstation, a high-definition plasma screen, with their respective speakers, and multi-functional printing and scanning equipment, in addition to the Call-Centre 171 for the detection of symptoms related to COVID-19.

The Technical Sanitary Regulations for the Registration and Control of Medical Devices states that a medical device shall also be considered to be any instrument, apparatus, implement, machine, application, implant, reagent for in vitro use, software, material or other similar or related article, intended by the manufacturer to be used alone or in combination, for human beings, for one or more of the specific medical purpose(s) of diagnosis, prevention, monitoring, treatment or relief of disease or injury, investigation, replacement, modification or support of anatomy or a physiological process, life support or maintenance, birth control, and disinfection of medical devices.

However, with regard to software, the Technical Regulations require sanitary registration with the ARCSA, for software for medical devices, defined as the equipment, components or software of a digital computer, necessary for the performance of a specific task, in contrast to the physical components of the system (hardware). Medical-device software will be registered under the same sanitary registry as the medical device for which it is intended to be used, as long as it is factory-conditioned with the medical device.

Regarding its classification, software for medical devices will be automatically included in the same risk level as the medical device for which it is intended to be used, and, therefore, in the same Sanitary Registry.

In general, continuous improvements made to the software must be notified to the Health Agency, in accordance with the regulations in force. In the case of a notification, they can be implemented without delay.

At the moment, any software that uses continuous or adaptive learning from artificial intelligence and machine learning, as opposed to "locked" algorithms and software in software-based or software-enhanced devices, is not subject to any specific regulation.

The challenges faced by companies outside the healthcare industry in offering software as medical-device technologies are the complexity in compiling a technical dossier for sanitary registration, and the lengthy registration times for these types of products.

Currently, Ecuador does not have a legal framework that specifically regulates the provision of telemedicine healthcare services; however, it is not a prohibited practice, so it can be governed and implemented based on rules that correspond to the practice of medicine in general.

In this respect, the first requirement established for telemedicine to be provided in Ecuador is that the health professional must have a degree registered with the Ministry of Health, otherwise he or she is not authorised to offer medical consultations or to prescribe in the jurisdiction of Ecuador.

In the private sector, the Organic Health Law and the Code of Medical Ethics must be applied, according to which telemedicine must be based on the doctor-patient relationship, confidentiality and quality of medical care, with the obligation to:

  • explain the limitations inherent to the practice of virtual medicine;
  • obtain informed consent from patients and/or their caregivers;
  • in cases of referral and counter-referral, deliver the complete form and data necessary to respond to the consultation (images, electrocardiogram, medical history, etc) as appropriate, with prior authorisation from the patient.

The responsibility remains the same as in face-to-face consultations. It is important to note that referrals in telemedicine (in which an international consultation may occur), will be taken as a second opinion, and the responsibility for the patient lies with the first attending physician.

The ethical standards on which telemedicine should be based remain relevant to the physician-patient relationship. Although this new mechanism of applying medicine entails new challenges for physicians, it is still based on trust, mutual respect, and the general rules established in the law for the practice of medicine.

In Ecuador, there have been no temporary changes in the regulations related to COVID-19 regarding the provision of healthcare services.

However, regarding digital medicine, and particularly telemedicine, the health authorities have considered as valid the fact that there is no prohibition for its application, and according to the law, no one can be prohibited from an action that is not expressly restricted by the law; in this respect, it can be concluded that all regulatory barriers to its implementation have been eliminated.

Undoubtedly, the practice of telemedicine should be subject to specific regulations, precisely for the purpose of standardising and improving these services, including the determination of appropriate platforms for the practice of digital medicine.

There are no specific rules or private guidelines to follow in the field of telemedicine.

However, chapter VIII of the Code of Medical Ethics does describe the general regulation of medical fees, establishing that equity is the first and most universal moral norm for collecting professional fees; they must pay close attention to fairness, local customs, to the magnitude of service, to the prestige and necessity of personal intervention, to the economic conditions of the patient, and to any honest, pre-established pact, if there is one.

This code establishes that free care will be detrimental to colleagues and must be limited to cases of close kinship, assistance to colleagues, and manifest poverty. In this respect, in cases in which a patient, without justified reason, refuses to comply with the pecuniary commitments with the physician, the latter, once all private means have been exhausted, may demand payment of fees without affecting, in any way, the good name or credit of the plaintiff.

The incorporation of several technologies in medical devices has grown significantly. These technologies have improved the conventional functions and operation times of medical devices, as well as offering totally new and innovative functions.

Technological developments in electronics, mechanics and computer systems have made it possible to include wireless technology in medical devices, as well as many different functions linked to the diagnosis, treatment, control and monitoring of patients’ health to be included in medical devices, which has optimised these devices. Some of the new functions made possible by wireless technology are the transfer and processing of data in real time, which allows for faster diagnosis and monitoring, the restriction of access to unauthorised personnel through fingerprint or facial recognition, protection against data manipulation (data integrity), and the administration of drugs according to the data that the device has obtained automatically, or has been assigned to it, etc.

The opportunities to offer innovative functions in medical devices are limitless; however, what makes them "smart" also makes them vulnerable if they are not designed and permanently monitored.

Ecuadorian regulations for medical devices recognise as medical devices both individual software and devices that have coupled software systems.

The National Agency of Regulation, Control and Sanitary Surveillance (ARCSA) establishes that medical devices must obtain a sanitary registration before being marketed in Ecuador. In order to obtain a sanitary registration, the ARCSA evaluates the quality, safety and efficacy of the finished product; for this purpose, Resolution ARCSA-DE-026 establishes what requirements must be met, according to the type of device and the risk level.

Devices that use software linked to the internet require system updates, and are susceptible to computer viruses (malware), or to suffering intentional cyber attacks. This can impact the quality, security and efficiency of the device.

The extent to which the security of the medical device is affected varies depending on the intended use and the extent of the damage suffered by the device's software.

Currently, the Ecuadorian health regulation (ARCSA) regulates the following categories of products for human use and consumption: medicines, natural products, food, cosmetics, household and industrial hygiene products, and medical devices.

The digital assistant Alexa does not fit into any of the aforementioned categories, including medical devices, which are quoted below; therefore, Alexa does not need to comply with any regulations.

“Medical devices for human use are articles, instruments, apparatus, appliances, devices or mechanical inventions, including their components, parts or accessories, manufactured, sold or recommended for use in diagnosis, curative or palliative treatment, prevention of diseases, disorders or abnormal physical conditions or symptoms, to replace or modify the anatomy or a physiological process or control it. These include amalgams, varnishes, sealants and similar dental products.

A “medical device” is also any instrument, apparatus, implement, machine, appliance, application, implant, in vitro reagent, software, material, or other similar or related item, intended by the manufacturer to be used alone or in combination, for human beings, for one or more of the following specific medical purpose:

  • diagnosis, prevention, monitoring, treatment, or relief of a disease;
  • diagnosis, monitoring, treatment, relief or compensation of an injury;
  • investigation, replacement, modification or support of the anatomy or of a physiological process;
  • life support or maintenance;
  • birth control;
  • disinfection of medical devices;
  • provision of information by in vitro examination of samples from the human body, and does not exert the primary action intended by pharmacological, immunological or metabolic means, in or on the human body, but may be assisted in its function by such means.

In telecommunications, 5G is the acronym used to refer to the fifth generation of mobile telephone technologies.

The use of this technology is provided for in the National Telecommunications and Information Technology Plan, issued through Ministerial Agreement No 7, dated 24 June 2016.

Likewise, the use of this technology is provided for in the Ecuador Digital Policy, issued through Ministerial Agreement No 15, dated 18 July 2019, which provides that the implementation of such a policy will be carried out based on three lines of action: connectivity, efficiency and information security, and innovation and competitiveness, and, for this purpose, the following actions are necessary:

  • encourage spectrum bidding for new bands for the massification of 4G and deployment of 5G, promoting emerging technologies such as the Internet of Things and Big Data;
  • facilitate the deployment of 5G networks and optical fibre for homes, to improve the growing demand for quality and capacity in data transmission.

With the use of 5G technology, healthcare delivery systems will be able to enable mobile networks to manage telemedicine better, as well as to assign appointments, manage medical records, etc.

In other words, the implementation of 5G systems can contribute to the ultimate goal of facilitating the reach of telemedicine programmes to a larger number of patients, and in various specialisms.

One of the key issues when discussing the provision of personal data in clinical or research settings lies in the treatment and use that will be given to that data.

In this respect, the key points will be: prior consent, except in cases of urgency, confidentiality and professional secrecy, in the handling of any such data.

In this regard, the recently published Personal Data Protection Law determines that health-related data contained in the institutions that make up the National Health System may be processed by private and public natural and legal persons for scientific research purposes, provided that, as the case may be, they are anonymised, or the processing is authorised by the Personal Data Protection Authority, following a report from the National Health Authority.

The exchange of data, and, in general, its treatment, may be carried out in the following cases according to the law in force:

  • by consent of the holder for the processing of his or her personal data, for one or more specific purposes;
  • that it is carried out by the data controller in compliance with a legal obligation;
  • that it is carried out by the data controller, by court order, in compliance with the principles of this law;
  • that the processing of personal data is based on the fulfilment of a mission carried out in the public interest or in the exercise of public powers vested in the controller;
  • for the execution of pre-contractual measures at the request of the owner of the data or for the fulfilment of contractual obligations pursued by the data controller, data processor or by a legally authorised third party;
  • to protect vital interests of the owner of the data or another natural person, such as his or her life, health or integrity;
  • for the processing of personal data contained in publicly accessible databases; or,
  • to satisfy a legitimate interest of the data controller or a third party, provided that the interests or fundamental rights of the owner of the data do not prevail under the provisions of this regulation.

De-identification is applicable only when the health-related data contained in the institutions that make up the National Health System are processed for scientific research purposes, provided that, as the case may be, they are anonymised, or any such processing is authorised by the Personal Data Protection Authority, following a report from the National Health Authority.

Given the recent enactment of the Personal Data Protection Law, there is still no regulation on medical research when the comparison of anonymised data with other data sources may result in a re-identification, because health data is personalised.

Consent has also been the subject of express regulation, which must comply with the following conditions:

  • it must be freely given, ie, when it is free from vices of consent that is, error, fraud, and duress);
  • it must be specific, in terms of the concrete determination of the means and purposes of the treatment;
  • it must be informed, so that it complies with the principle of transparency and gives effect to the right to transparency;
  • it must be unambiguous, so that there is no doubt as to the scope of the authorisation given by the owner of the data.

The application of the conditions for consent, use and processing of personal and sensitive data must be complied with at all times in the field of digital health care; there are no exceptions deriving from the use of portable devices.

In the event of non-compliance with the provisions set forth in the Personal Data Protection Law, whether in the healthcare field or any other field, the Personal Data Protection Authority will issue corrective measures, with the aim of preventing the infringement from continuing and the conduct from happening again.

Corrective measures may consist of, among others:

  • the cessation of the processing, under certain conditions or deadlines;
  • the deletion of the data; and
  • the imposition of technical, legal, organisational or administrative measures to ensure proper processing of personal data.

Notwithstanding the foregoing, these may also be considered criminal offences.

The use of AI in digital medicine is a particularly useful tool for meeting the demand for services and facing the challenges that this represents in the healthcare system. This is due not only to the use of digital medicine, but also to the complexity of the treatments and the tools or inputs required to execute them.

It could be stated that the Ecuadorian health legislation has indirectly regulated medical equipment that uses artificial intelligence; however, they are placed in a similar condition to any biomedical input or device, which can generate complications at the time of presenting requirements for obtaining sanitary authorisations, as well as to direct their proper use and carry out the subsequent controls to which they are normally subject.

The Healthcare Authority is in the process of revising its regulations; this revision will certainly analyse all the cases of products that are subject to control and surveillance that use AI, to provide these with an adequate and precise regulatory framework.

The following is a quote from the "Information and Knowledge Society Plan - 2018 - 2021 - October 2018" issued by the Vice Ministry of Telecommunications and Information and Communication Technologies.

It states that “Trust and security in the use of information and communications technology (ICT) and information are some of the most important aspects within the information and knowledge society; therefore, it is necessary to ensure compliance with the three pillars of information security (confidentiality, integrity and availability). In Ecuador, the current situation is determined through various aspects, such as technical, legal, regulatory and international position”; in 2017, “the company Deloitte presented a report on Information Security in Ecuador, considering 50 national and international companies in the following sectors: financial, consumer goods, energy and renewable resources, technology and healthcare. Different aspects were analysed, such as: security gaps, human component, training, awareness, incidents, among others.”

On this point, the same plan states: establishing public policies in the telecommunications and information society sector is a first step toward promoting the development of telecommunications and ICT in Ecuador, in order to generate confidence in the markets at the regional level, as well as to improve competitiveness, ensure growth and extension, through the use of technology and various applications, and to have a population trained in the efficient use of ICT. The next step is the implementation of these policies through the Information and Knowledge Society Plan, which seeks to define a strategic framework to articulate the efforts of the different participants, in order to achieve the proposed objective.

The different issues related to the provision of healthcare services, as well as the environment relating to the COVID-19 pandemic, have generated the need for security and privacy in the use of electronic tools, to be subject to a special regulation, in order to avoid the violation of the right to privacy.

Specifically, healthcare involves the mandatory collection and processing of personal data of patients or users through digital platforms, which is the most important aspect of the use of electronic tools.

In this respect, any provider of these types of systems must comply with the rules of the new Personal Data Protection Law, mainly in relation to the rules on the consent required to collect, process and store personal data.

In general, in Ecuador, the platforms related to the provision of healthcare services specify a privacy policy: data may not be sold, shared or distributed, without the express authorisation of the owner of the data; however, only the new law expressly provides that medical information is established and classified as sensitive, which means that its improper treatment may give rise to discrimination, or the infringement of fundamental rights and freedoms.

The use of algorithms to collect, group and process information is possible as long as it is ensured that the data is anonymised, otherwise it could violate privacy rights and give rise to the improper use of such information for commercial purposes, or to commit other crimes.

The scope of protection of patents is determined through their claims.

The scope of copyright protection is in the creation of the idea or literary work, where the software is included.

The scope of protection of trade secrets is materialised through a contract or agreement that determines that the information is confidential and therefore is contained in trade secrets that no one can share.

In reference to databases, Article 140 of the Organic Code of the Social Economy of Knowledge, Creativity and Innovation states the following: "Compilations of data or other materials, in any form, which for reasons of the originality of the selection or arrangement of their contents constitute creations of an intellectual nature, are protected as such. This protection of a database does not extend to the data or information collected, but it will not affect the rights that may subsist on the works or services protected by copyright or related rights that comprise it ".

In this respect, the scope of protection of the database has been established since its creation, provided that it is of an intellectual nature.

Regarding the work's authorship, Ecuadorian law, especially Article 108 of the Organic Code of the Social Economy of Knowledge, Creativity and Innovation, specifies that only a natural person can be the author; so, when talking about a technological device that does not have direct human contributions, its creations will be owned by the natural person who created the technological device. However, in the event that this creation has been by mandate of a company, it may claim its economic rights, if they are detailed in the contract for the provision of services.

Article 114 of the Organic Code of the Social Economy of Knowledge, Creativity and Innovation, provides that: "In the case of works created in educational centres, universities, polytechnic schools, technical, technological, pedagogical, arts institutes and intellectuals and public research institutes as a result of their academic or research activity such as degree works, projects of research or innovation, academic articles, or others analogous, without prejudice to the fact that there may be a dependency relationship, the ownership of the economic rights will correspond to those of the authors. However, the establishment will have a free, non-transferable and non-intellectual licence for the non-intellectual use of the work for academic purposes. "

In relation to intellectual property rights when a company is in the private sector, the ownership corresponds to the author of the work, and the private company that collaborates with the investigation will have the quality of co-author of the work, since it would be a work in collaboration, as provided in Article 112 of the Organic Code of the Social Economy of Knowledge, Creativity and Innovation.

In Ecuador, there is the figure of works under a relationship of dependency and commissioned, which indicates that, unless otherwise agreed, the ownership of works created under a relationship of work dependency or commissioned will correspond to the author. In this regard, in practice, companies develop specific contractual clauses on the ownership of a work or inventions, so that the company is always the owner of the rights developed by a third party under a dependency relationship.

According to the Code of Medical Ethics, healthcare professionals assume the responsibility of enforcing the Constitutional guarantee of the Right to Health of Ecuadorians.

However, in the exercise of the profession, as well as in the development of digital medicine, healthcare professionals assume a legal responsibility that should be considered with special caution when using AI for diagnostic or treatment purposes, as legal definitions relating to breach of the objective duty of care in the exercise or practice of medical care are in force in the legislation; these legal definitions can even lead to criminal liability.

In this sense, there are no grounds for exemption from liability considering only the use of AI, although it could be determined that the physician's liability could only be generated if the equipment or device that uses AI was used differently from the manufacturer's recommendations, either on the label or on the packet insert.

In other words, manufacturers and suppliers of diagnostic and treatment equipment could also have administrative and even criminal liability because of a system failure that causes damage to a patient’s health, thus requiring a case-by-case analysis of the events in which liability can be attributed.

In any case, always, healthcare professionals must comply with the objective duty of care and maintain prior and informed consent of the patient, which not only includes the use of diagnosis or treatment equipment, but also the knowledge, use and eventual transmission of their personal data or sensitive data.

For their part, the developers of software or equipment with AI should consider the new regulations in Ecuador on the protection of Personal Data and the Law on Patient Rights and Protection, to take care of any legal liability that may arise from the use of the software.

In the healthcare field, the duty of safety and responsibility has a very extensive content. In a broad sense, it implies the obligation of the external provider of services and goods to allow access to healthcare entities whose quality, safety and efficacy guarantee the health and physical integrity of the consumer/patient.

Thus, the Constitution of the Republic obliges them to guarantee the quality of goods and services offered to consumers, and establishes the liability of those who make an attempt against the health and safety of these.

That is why the liability for defective products (issued within "defects" to cybersecurity attacks or others) arises as a result of the duty of safety that consumer-protection rules impose on producers and suppliers in the market.

As a result of the pandemic caused by COVID-19, a series of problems not addressed by the healthcare system in Ecuador became evident, particularly in the area of digital healthcare. One of these problems is the extensive development of methodologies and informatics tools that have not been adapted to the specific needs of the population. The efforts of the health authorities to provide digital platforms or to use telemedicine as a means to ensure timely medical care to citizens is counteracted when there are complications with the way or method of bringing users into the world of technological and digital platforms. That is, efforts to narrow the gap that would allow more effective and faster medical care are overshadowed by the lack of connectivity of people, who do not have real-time access to the functions that the digital platforms provide. 

Meythaler & Zambrano

Av. 6 de Diciembre 2816 y Paul Rivet
Edificio Josueth Gonzalez
Piso 10
Quito
Ecuador

+593 2 223 2720

info@lmzabogados.com www.meythalerzambranoabogados.com
Author Business Card

Law and Practice

Authors



Meythaler & Zambrano is one of the most prestigious law firms in the Ecuadorian market. Founded in 1995, the firm specialises in national and international legal counselling and litigation for international and domestic corporations. The firm´s highly qualified team focuses on regulatory counsel (the pharmaceutical, medical, food and cosmetic sectors), intellectual property, competition and antitrust, arbitration and mediation, corporate and commercial affairs, dispute resolution, taxes, public procurement and public law. The firm has offices in Quito and Guayaquil. These offices work throughout Ecuador and belong to a wide network of correspondents throughout America, Europe and Asia. The firm is a member of the International Bar Association (IBA), the International Trademark Association (INTA), the Intellectual Property Association (ASIPI), and the Ecuadorian Associations of Mediation and Taxation Law.

Compare law and practice by selecting locations and topic(s)

{{searchBoxHeader}}

Select Topic(s)

loading ...
{{topic.title}}

Please select at least one chapter and one topic to use the compare functionality.