Introduction
The COVID-19 pandemic did not create telemedicine in Nigeria, but it irrevocably accelerated its adoption. When hospitals were overwhelmed in April 2020, platforms like Helium Health, Reliance HMO, and DrConsult recorded significant surges in traffic as Nigerians sought consultations and prescription renewals through digital channels.
Telemedicine is the delivery of healthcare services through information and communications technology where patients and providers are separated by distance. For a country of over 200 million people, a doctor-to-patient ratio of approximately 1:6,000, and significant rural healthcare infrastructure gaps, its transformative promise is undeniable.
That promise, however, cannot substitute for legal clarity. Nigerian health tech companies today operate in a complex, fragmented regulatory environment. No dedicated telemedicine statute exists. Compliance obligations must instead be assembled from multiple instruments spanning professional licensing, data protection, consumer protection, drug regulation, and health insurance law. This article maps the existing legal landscape, identifies the principal compliance priorities confronting health tech companies, and advances recommendations for legislative and regulatory reform.
The Existing Regulatory Framework
The regulation of telemedicine in Nigeria is distributed across a matrix of statutes and guidelines, each designed primarily with different subject matter in mind. The five key instruments are considered below.
Medical and Dental Practitioners Act (Cap M8, LFN 2004)
The MDPA establishes the Medical and Dental Council of Nigeria (MDCN) as the primary regulatory authority for medical practitioners. While enacted in a pre-digital era, the MDCN has confirmed that telemedicine consultations constitute the practice of medicine and fall within its jurisdiction. Its 2022 Telemedicine Practice Guideline sets minimum standards for remote practice, including patient identification, clinical documentation, referral obligations, and a prohibition on diagnosis by asynchronous text message alone for complex conditions.
National Health Act 2014
Section 23 of the NHA enshrines the right of a health user to give informed consent to treatment. Read with the MDCN Guideline, this creates a consent architecture for digital health: telemedicine providers must obtain affirmative, documented consent before commencing any remote clinical interaction. Whether a telemedicine platform constitutes a “health establishment” under the Act remains judicially unresolved, but the Federal Ministry of Health has indicated that platforms offering clinical services will be treated as such.
Nigeria Data Protection Act 2023 (NDPA)
Health data is classified as sensitive personal data requiring heightened protection. Key obligations include a lawful basis for processing (Section 27), mandatory data breach notification to the NDPC within 72 hours (Section 34), and appointment of a Data Protection Officer by organisations processing sensitive data at scale (Section 32). Non-compliance carries criminal liability, civil liability in negligence, and potentially devastating reputational damage. In 2024, the NDPC concluded its first major investigation against a health sector data controller, resulting in a binding compliance undertaking and a ₦50 million administrative fine.
National Health Insurance Authority Act 2022
For the first time, the NHIA Act creates a framework for telemedicine as a reimbursable healthcare modality under health insurance schemes. In practice, however, integration has been slow. Most major HMOs continue to treat teleconsultation as an ancillary benefit rather than a primary care option, creating a two-tier market that compliance-minded healthtech companies must actively navigate.
Consumer Protection and the FCCPC Guidelines
The FCCPC Act 2018 vests the Commission with broad powers to regulate unfair trade practices in commerce. Its 2022 Guidelines on Digital Markets require healthtech companies to clearly disclose service limitations, maintain transparent cancellation and refund policies, and avoid dark patterns in subscription management.
Compliance Priorities for Nigerian Healthtech Companies
Against this regulatory background, five compliance priorities emerge as most pressing for companies operating in the Nigerian digital health space.
Data Privacy and Patient Confidentiality
Patient data is simultaneously the lifeblood and the greatest legal liability of any telemedicine platform. A minimum data privacy compliance framework should include a comprehensive privacy policy aligned with the NDPA; granular consent mechanisms; data minimisation protocols; encryption standards for all health records; documented data retention and deletion schedules; and a breach response plan meeting the 72-hour NDPC notification window.
Licensing, Registration, and Professional Standards
No platform can insulate itself from professional licensing obligations by characterising its business as a technology company. Where a platform facilitates clinical consultations, prescriptions, or diagnostic interpretations, the law treats it as a healthcare provider. All physicians on the platform must hold current MDCN registration; nursing professionals must be registered with the Nursing and Midwifery Council of Nigeria; and pharmacists must hold current registration with the Pharmacists Council of Nigeria. The MDCN Guideline further prohibits the use of artificial intelligence as the sole diagnostic instrument without human clinical oversight.
Informed Consent in Digital Healthcare Environments
Section 23 of the NHA and the MDCN Guideline create minimum requirements: patients must be informed of telemedicine’s inherent limitations before consultation commences; consent must be specific, affirmative, and capable of documentary evidence; and where data is proposed for secondary uses, separate and specific consent must be obtained. A click-wrap acceptance of general terms and conditions does not satisfy this standard. Conflating contractual acceptance with clinical consent creates a compliance gap likely to attract regulatory scrutiny.
Cross-Border Telemedicine: Jurisdiction and Liability
A Nigerian patient consulting with a physician based abroad raises immediate questions about applicable law. Telemedicine platforms operating cross-border should ensure that physicians providing services to Nigerian patients hold MDCN registration or operate under a bilateral recognition arrangement; include governing law and jurisdiction clauses designating Nigeria as the forum for consumer disputes; and treat Nigerian patient data as subject to the NDPA regardless of where servers are located. Section 3 of the NDPA extends the Act’s application to any controller that offers services to persons in Nigeria, irrespective of place of establishment.
Tele pharmacy, e-Prescriptions, and the NAFDAC Question
The issuance of electronic prescriptions following a teleconsultation engages the regulatory jurisdiction of at least three bodies: the Pharmacists Council of Nigeria, NAFDAC, and the Pharmaceutical Society of Nigeria. A telemedicine-generated prescription is valid only if it bears the prescribing physician’s MDCN registration number, is authenticated by a digital signature, and is communicated directly to the dispensing pharmacy through a secure channel. Online pharmacies must maintain current NAFDAC registration and must not facilitate the procurement of products not registered by the Agency.
Emerging Frontiers
Artificial Intelligence in Clinical Decision Support
Nigerian law is almost entirely unprepared for the liability questions arising from AI integration in telemedicine. When an AI diagnostic tool produces an incorrect output that leads to patient harm, who bears legal responsibility: the physician, the platform, or the technology company that built the model? The MDCN Guideline’s prohibition on AI as the sole diagnostic instrument is directionally correct but insufficient as a standalone liability framework. A Nigerian regulatory approach modelled on the EU Artificial Intelligence Act 2024, which classifies medical AI as high-risk and requires mandatory human oversight, is a regulatory necessity that the Federal Ministry of Health and NITDA should prioritise collaboratively.
Tele-Mental Health and the Mental Health Act 2021
Nigeria’s Mental Health Act 2021 introduces a rights-based framework for mental healthcare with significant implications for digital mental health platforms. The Act’s emphasis on dignity, confidentiality, and informed consent creates a heightened compliance standard. In the absence of clear clinical governance standards for digital mental health, platforms are in practice self-regulating in this area, which is an unsafe state of affairs for a vulnerable patient population that warrants urgent regulatory attention.
Platform Liability for Clinical Negligence
A telemedicine platform that facilitates a negligent consultation is not a passive conduit. Where the platform controls the terms of clinical interaction, selects practitioners, and presents them to patients as part of a branded service, there are compelling arguments under agency law and the doctrine of non-delegable duty that the platform assumes direct liability for clinical negligence. Platforms should carry professional indemnity insurance extending to the clinical activities of practitioners on their networks and should not rely on independent contractor arrangements as a liability shield.
Recommendations for Reform
For the National Assembly and Federal Executive
A standalone Telemedicine Act is urgently required. Such legislation should define the scope of telemedicine; create a unified licensing regime for platforms and service providers; establish a cross-ministerial coordinating body comprising the Federal Ministry of Health, MDCN, PCN, NAFDAC, NDPC, FCCPC, and NITDA; codify the informed consent standard for digital healthcare; and create a liability framework that adequately addresses AI-assisted clinical decision-making. A phased compliance framework, with obligations triggered by scale thresholds, should accompany any primary legislation.
For the Medical and Dental Council of Nigeria
The 2022 Telemedicine Practice Guideline should be elevated to a binding Regulation under the MDPA. The MDCN should establish a dedicated Digital Health Registration Pathway, develop competency standards for telemedicine practice, and create a telemedicine accreditation system that distinguishes compliant platforms from informal digital health operators. Accreditation should be a prerequisite for participation in the NHIA reimbursement framework.
For the Nigeria Data Protection Commission
A sector-specific guidance note on health data processing is needed, addressing clinical AI, secondary research uses, and cross-border data obligations. Mandatory cybersecurity certification requirements for health tech platforms should be developed in collaboration with NITDA, covering data storage architecture, access controls, breach response procedures, and AI audit requirements.
For Health tech Companies
Companies should not wait for the regulatory environment to catch up before investing in compliance. A proactive compliance programme that engages with existing instruments, maintains current professional registrations, implements robust data governance, and builds legal risk management into the product development lifecycle is both the legally prudent and commercially advantageous approach. Investors increasingly conduct legal due diligence on regulatory compliance as part of health sector transactions. A credible compliance record is a commercial asset.
Conclusion
Telemedicine is not the future of Nigerian healthcare. It is its present. Millions of Nigerians are already receiving clinical care through digital platforms, and that number will only grow. The existing framework, while imperfect, provides a working foundation: the NDPA offers robust data protection standards; the MDPA and MDCN Guideline provide a professional licensing floor; the NHA creates a rights-based framework for patient protection; and the NHIA Act opens a pathway for telemedicine reimbursement.
What is missing is a unifying framework that resolves jurisdictional conflicts, fills the gaps on AI and cross-border practice, and creates regulatory certainty for investors and innovators. The cost of regulatory ambiguity in healthcare is ultimately measured in patient welfare. Nigeria’s telemedicine sector deserves a legal environment that takes that cost seriously.
Add your first comment to this post