Navigating the Regulatory Requirements for Telemedicine Business in Nigeria

Introduction

Telemedicine is the delivery of healthcare services remotely using information and communication technologies which allow real-time audio or audio-visual patient-health provider communication, diagnosis and treatment through laboratory tests and drug prescriptions. With the expansion of internet penetration in Nigeria, telemedicine has become an emerging business in Nigeria and has begun to experience significant growth. This is partly driven by the increasing need for accessible healthcare, the advancement of technology, the outbreak of Covid-19 which resulted into limited physical consultations with healthcare providers and the mass exodus of health care professionals from Nigeria in the last few years. Telemedicine also provides accessibility and thereby bridges the gap in healthcare access, especially in rural and underserved areas where medical facilities and professionals are scarce. Recently, there has been an increased interest in telemedicine business from both local and foreign players in that space.

Presently, there is no single substantive law regulating the operation of telemedicine in Nigeria. However, the operation of a telemedicine business is subject to the specific requirements of certain laws which include the Companies and Allied Matters Act, 2020 (CAMA), Nigeria Data Protection Act, 2023, Medical and Dental Practitioners Act, 1988, the National Health Act 2014, Pharmacists Council of Nigeria (Establishment) Act, 2022, Nursing and Midwifery (Registrations, etc) Act, 1979, Constitution of the Federal Republic of Nigeria, 1999, etc.

This article highlights the regulatory requirements necessary for the operation of telemedicine business in Nigeria.

Regulatory Requirements

Although there is no specific law regulating telemedicine in Nigeria, telemedicine is not unregulated. There are certain regulatory requirements which broadly apply to the operation of a telemedicine (business) in Nigeria. These requirements include:

1. Company incorporation: One of the requirements for the operation of any business in Nigeria, is the incorporation of a local company as required by the CAMA. Thus, to operate a telemedicine business in Nigeria, a local company has to be incorporated with the Corporate Affairs Commission (CAC). There are different share capital requirements which apply depending on whether the business is locally or foreign owned. In addition to incorporating a local company, a company with foreign participation is also required to be registered with the Nigerian Investment Promotion Commission (NIPC) and also obtain a business permit from the Federal Ministry of Interior.

2. Registrations and Licensing: Healthcare providers must possess the necessary qualifications, professional licenses and registrations to provide healthcare services to patients in Nigeria. These registrations and licenses are provided by the Medical and Dental Practitioners Act, 1988, Nursing and Midwifery (Registrations, etc) Act, 1979 and the Pharmacists Council of Nigeria (Establishment) Act, 2022. Depending on the model of operation, it may also be necessary to obtain certain licenses/registrations from the Federal Ministry of Health, National Agency for Food and Drug s Administration and Control (NAFDAC), etc.

In Lagos state, health facilities including telemedicine are to be registered with the Health Facility Monitoring and Accreditation Agency (HEFAMAA) pursuant to the Lagos State Health Sector Reform Law, 2006 with the registration renewable annually. 

3. Data Privacy and Protection: The Nigerian Constitution, 1999 guarantees and protects the privacy of citizens and to that extent, the Nigeria Data Protection Act, 2023 (NDPA) which amplifies the constitutionally guaranteed right to privacy, is the regulatory framework applicable to the collection, processing and storage of (patients’) data. Telemedicine providers are required to process patients’ data in accordance with the requirements of the NDPA. The NDPA regulates the cross-border transfer of patients’ data and also provides for security measures to be adopted by telemedicine businesses to ensure the security and protection of patients’ data.

The NDPA also provides for the obligation to register as a data processor/controller. Since telemedicine businesses collect and process patients’ data including health records, they are required to register with the Nigeria Data Protection Commission (NDPC) as data controller/processor.

4. Technology Transfer: The National Office for Technology Acquisition and Promotion Act 1979 (NOTAP Act) regulates the transfer and acquisition of foreign technology by companies in Nigeria by making the contracts and agreements to transfer technology registrable with NOTAP. Invariably, the transfer of foreign healthcare technologies such as patents to a telemedicine company would be subject to registration with NOTAP.

5. Confidentiality: Patients’ health information is to be obtained and held confidentially by telemedicine providers without disclosing it or allowing access to it by unauthorized third parties as required by the National Health Act, 2014. Thus, there is an obligation to put in place measures to ensure that unauthorized persons do not have access to the medical information and health records of patients. Failure to comply attracts sanctions which include monetary penalties and terms of imprisonment.

Other Legal Considerations

To ensure seamless operation in Nigeria, telemedicine operators should pay particular attention to the following:

1. Records System: It is required as a matter of best practice and in line with the requirements of applicable laws and regulations for telemedicine providers to develop and maintain a robust records system for the management of the health records of patients. These records enable the providers to easily keep records of consultations, diagnoses, prescriptions, hospital referrals, etc. provided to patients.
2. Privacy policy: Developing a privacy policy which elaborately provides for the essence of the collection and retention of patients’ information and health records. The privacy policy should be in compliance with the requirements of the Nigerian Data Protection Act, 2023 and its subsidiary regulations.
3. Data Security: Telemedicine operators should have a robust data security system capable of protecting the information and health records of patients from data breaches and violations. Some of the data security measures that could be adopted include anonymisation, pseudonymisation, encryption, etc. which ensures the integrity and protection of patients’ sensitive information and health records.
4. Licence Renewals: Attention must be paid to licenses and registrations renewal deadlines to ensure that providers continuously comply with legal requirements regarding renewal of licences. It is very important that health practitioners including doctors, nurses and pharmacists’ licenses and registrations are up to date.
5. Regulatory Filings: Appropriate returns should be filed with the relevant regulatory authorities to ensure continuous regulatory compliance. Company annual returns should be filed with the Corporate Affairs Commission (CAC) as at when due to avoid the payment of penalties. There is also the obligation to conduct and file data impact assessment reports with the Nigerian Data Protection Commission (NDPC) relating to processing of data that may pose high risk to the confidentiality of patients’ data.
6. Tax Returns: Telemedicine companies are required to pay tax and file tax returns with the Federal Inland Revenue Service (FIRS). In particular, telemedicine companies are obliged to pay companies income tax (CIT) on their profits and file their returns with the FIRS usually within six months from the end of their financial year.

Conclusion

Driven by the increasing need for accessible healthcare, the advancement of technology and the mass exodus of healthcare professionals from Nigeria in the last few years, there has been a marked increase in the provision of telemedicine in Nigeria.  The operation of a telemedicine business in Nigeria is regulated by various laws relating to the incorporation of businesses, licensing and registrations, data processing and protection, confidentiality, etc. Telemedicine providers must ensure that their healthcare professionals’ licenses and registrations are up to date in compliance with applicable laws and regulations.  Contracts and agreements for the transfer of healthcare technologies are required to be registered with NOTAP.

Telemedicine providers are to ensure compliance with applicable laws and regulations relating to data security, regulatory and tax filings with the CAC, NDPC and FIRS, license and registrations renewals and keeping and maintaining robust health record systems that guarantees the confidentiality of patients.

Please note that the contents of this Article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact: