Electronic Health Records in Mexico: What NOM-004 Requires and How to Comply Without Losing Your Mind
Any physician in Mexico who sees patients is required to maintain a clinical record. NOM-004-SSA3-2012 establishes what it must contain, how it must be structured, and how long it must be preserved. It's not optional — it's an official standard.
The problem is that most physicians in Mexico still use paper records or electronic systems that are essentially digital forms: manual field-by-field entry, no automation, no intelligence, no integration. The result is 2 to 3 hours daily spent on clinical documentation — time that should be invested in patient care.
This article explains what NOM-004 actually requires, what the minimum requirements for a valid electronic health record are, and how artificial intelligence can eliminate most of the manual work without changing how the physician sees patients.
What is NOM-004-SSA3-2012
The Official Mexican Standard NOM-004-SSA3-2012 establishes criteria for the preparation, integration, use, management, archiving, conservation, ownership, and confidentiality of clinical records. It applies to all healthcare establishments in the public, social, and private sectors.
In practical terms, NOM-004 defines the minimum structure each patient's record must have. It's not a suggestion — it's a legal requirement whose noncompliance can result in sanctions from health authorities.
What the clinical record must contain
NOM-004 establishes that the clinical record must include, at minimum: a clinical history (patient identification, family history, personal pathological and non-pathological history, current condition, physical examination, previous study results, and initial diagnosis), progress notes for each visit, interconsultation notes, discharge notes when applicable, informed consent, nursing sheets, medical orders, and laboratory and imaging results.
The problem with paper records
Paper records meet NOM-004 in formal terms but have practical problems: illegibility (physician handwriting is a real problem), inaccessibility (if the patient visits another location, the physical record isn't available), difficulty searching (finding a specific data point in years of records), security vulnerabilities (records can be lost, damaged, stolen, or destroyed), and conservation requirements (NOM-004 requires a minimum of 5 years after the last visit).
What a proper electronic health record solves
An electronic health record system solves all these problems, but only if well implemented. An EHR that simply replicates paper fields on a screen — without automation, without intelligence — only digitizes the tedium. The physician still manually enters each field.
A well-designed EHR must reduce documentation time, not just change the medium. And this is where artificial intelligence makes the difference.
How AI eliminates manual documentation
The idea is simple: the physician talks with their patient as always. The conversation is recorded (with patient consent). And an AI system does the rest.
Transcription with diarization. The consultation audio is automatically transcribed, identifying who's speaking (doctor vs patient). It's not dictation — the system understands the complete conversation with its speaking turns.
SOAP note generation. From the transcription, AI generates a structured clinical note in SOAP format (Subjective, Objective, Assessment, Plan). The physician reviews and approves — they don't draft from scratch.
Automatic ICD-11 coding. Diagnoses mentioned in the consultation are automatically coded with the ICD-11 standard. The physician confirms or adjusts the suggestion.
Drug interaction detection. When prescribing a new medication, the system automatically cross-references against the patient's current medications and alerts if there are known interactions, with severity level and recommendation.
Prescription generation. The medical prescription is generated in PDF with medication data, dosage, frequency, and duration. It can be signed with Mexico's e.firma SAT for full legal validity.
The result: the physician goes from 2-3 hours of daily documentation to a few minutes of review and approval per consultation.
Security requirements for an EHR in Mexico
NOM-004 and Mexico's data protection law establish strict requirements for clinical data: confidentiality (record data is patient property), integrity (signed clinical notes must be immutable), availability (the record must be accessible when needed for patient care), and conservation (minimum 5 years after last visit).
A critical point many systems ignore: if the EHR processes clinical data through public cloud AI APIs (OpenAI, Google, etc.), that data leaves your control. A system that sends a medical consultation transcript to a third-party server to generate SOAP notes has a confidentiality problem that no privacy policy can solve.
The current market in Mexico
The leading EHR competitors in Mexico (Nimbo-X, Doctoralia Pro, Medikit) share a fundamental limitation: they all require manual entry. The physician still fills in fields. None offers consultation transcription with automatic clinical extraction.
In the American market, options like Suki, DeepScribe, and Abridge do offer medical transcription with AI, but they cost between 99 and 400 USD per month and only do transcription — they don't include records, scheduling, prescriptions, or billing. And they all process data on third-party servers.
Medicus: electronic health records with private AI
At Leeuwwolk we developed Medicus, an electronic health record system that integrates automatic consultation transcription, AI-generated SOAP notes, ICD-11 coding, drug interaction alerts with FDA data, prescription generation with e.firma SAT signing, appointment scheduling with WhatsApp, and clinical dashboards.
Leeuwwolk guarantees the privacy of your patients' clinical data: encryption in transit and at rest, no sharing with third parties, no sending to public AI services like ChatGPT or Gemini. Compliant with NOM-004-SSA3-2012 with immutable notes protected by database triggers.
→ Learn about Medicus and modernize your practice
Leeuwwolk is a Mexican company specializing in private artificial intelligence for the healthcare sector. We guarantee the privacy of clinical data: encryption in transit and at rest, no sharing with third parties or sending to public AI services.