Integrating GDPR in ISO 15189 for Medical Laboratories: Major Aspects and Perspectives.

Medical laboratories process and store sensitive data during four major phases: arrival of patients in the laboratory premises and registration of their data, pre-analytical, analytical and post-analytical phases. ISO 15189 has specific requirements concerning the management of the laboratory data in terms of security, availability and protection. The aim of the present study was to examine major aspects of the General Data Protection Regulation (GDPR) integration in medical laboratories that comply with the ISO 15189 standard, including data breach and informed consent. To the best of our knowledge, this is the first study dealing with this subject in the healthcare sector. Accredited medical laboratories need to modify their ISO 15189 Quality System documentation and processes applying appropriate additions and adjustments in order to incorporate GDPR requirements in a clear manner.