Legal aspects of storage and transmission of laboratory results

Abstract

Even though technology advances and laboratory tests have become commonplace, there is a multitude of sources for errors. Furthermore, as the new General Data Protection Regulation (GDPR) adds to the thicket of storage and deletion periods, strategies for the best approach have to be developed. On the one hand, this article discusses civil claims due to damages arising from false laboratory results. This is done by a de lege lata analysis of the central liability provisions in the respective fields. On the other hand, different storage periods and deletion obligations for data in clinical laboratory testing and the best way of handling them are analyzed. Depending on the cause of the error, there are several possible liable parties. The most advantageous claims for the patient are those against the manufacturer in case of a defective device as he is regularly strictly liable. But also other parties involved can face similar claims due to their own wrongdoing. Although there can be claims against multiple parties involved, a fair allocation of damages according to the areas of responsibility of every party can be achieved through recourse. Concerning storage and destruction obligations, first the applicable timeframes have to be identified. Compliance can then be achieved by the implementation of technical and organizational measures. In the event of data-protection misconduct, there is a risk of considerable fines.