Mexico: Communication applications used to provide medical services must respect data protection
Mexico Data Protection Alert
Given the current situation with the global pandemic of COVID-19, the number of health professionals who offer their services through different types of applications and remote means of communication has increased, which could involve the collection, storage and use of patient’s personal data.
Personal data connected to a person's present or future health condition is considered by data protection regulations as "sensitive" personal data. Sensitive personal data is information that affects the most intimate sphere of a person, or data that if misused could cause discrimination or serious risk. Therefore, this data must have special protection, in addition to requiring the express consent of the data’s owner for its processing.
The subjects of personal data have the right to know the purposes for which their information is collected and its use. Before the controller of personal data can obtain or use it, the controller must have a Privacy Notice and make it available to the data subjects. In addition to the foregoing, in accordance with Article 52 of the Regulations of the Federal Law on Protection of Personal Data Held by Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares), to process personal data in services, applications and infrastructure in the so-called cloud computing, to which a controller adheres through general terms and conditions, such controller may only use those services in which the provider complies with a series of minimum requirements and mechanisms.
If you have any questions in connection with this Note, do not hesitate to contact us.