Medical laboratories process and store sensitive data during four major phases: arrival of patients in the laboratory premises and registration of their data, pre-analytical, analytical and post-analytical phases. ISO 15189 has specific requirements concerning the management of the laboratory data in terms of security, availability and protection. The aim of the present study was to examine major aspects of the General Data Protection Regulation (GDPR) integration in medical laboratories that comply with the ISO 15189 standard, including data breach and informed consent. To the best of our knowledge, this is the first study dealing with this subject in the healthcare sector. Accredited medical laboratories need to modify their ISO 15189 Quality System documentation and processes applying appropriate additions and adjustments in order to incorporate GDPR requirements in a clear manner.
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
Tel.: +1 703 830 6300
Fax: +1 703 830 2300 firstname.lastname@example.org
(Corporate matters and books only) IOS Press c/o Accucoms US, Inc.
For North America Sales and Customer Service
West Point Commons
Lansdale PA 19446
Tel.: +1 866 855 8967
Fax: +1 215 660 5042 email@example.com