Legal aspects of storage and transmission of laboratory results

Ulrich M. Gassner; Julian N. Modi; Alexander Ponader; Simone Ruf

doi:10.1515/labmed-2018-0080

Artikel Öffentlich zugänglich

Legal aspects of storage and transmission of laboratory results

Ulrich M. Gassner , Julian N. Modi , Alexander Ponader und Simone Ruf

Veröffentlicht/Copyright: 25. September 2018

Veröffentlicht von

Veröffentlichen auch Sie bei De Gruyter Brill

Manuskript einreichen Informationen für Autor*innen

Aus der Zeitschrift Journal of Laboratory Medicine Band 42 Heft 6

Abstract

Background:

Even though technology advances and laboratory tests have become commonplace, there is a multitude of sources for errors. Furthermore, as the new General Data Protection Regulation (GDPR) adds to the thicket of storage and deletion periods, strategies for the best approach have to be developed.

Legal context and methods:

On the one hand, this article discusses civil claims due to damages arising from false laboratory results. This is done by a de lege lata analysis of the central liability provisions in the respective fields. On the other hand, different storage periods and deletion obligations for data in clinical laboratory testing and the best way of handling them are analyzed.

Results and conclusions:

Depending on the cause of the error, there are several possible liable parties. The most advantageous claims for the patient are those against the manufacturer in case of a defective device as he is regularly strictly liable. But also other parties involved can face similar claims due to their own wrongdoing. Although there can be claims against multiple parties involved, a fair allocation of damages according to the areas of responsibility of every party can be achieved through recourse. Concerning storage and destruction obligations, first the applicable timeframes have to be identified. Compliance can then be achieved by the implementation of technical and organizational measures. In the event of data-protection misconduct, there is a risk of considerable fines.

Keywords: data processing; deletion obligations; laboratory testing; legal aspects; liability; storage periods

Brief summary

Two main legal issues arise in the processing and transmission of laboratory data. The first one concerns liability for false laboratory results. The second one relates to the legal framework of storage periods and deletion deadlines for laboratory data.

Introduction

As more complex diagnostic methods and devices emerge, the scope of application for clinical chemistry and laboratory medicine widens and the application rates increase. Although there are little to no known legal cases in which false laboratory results and their possible causes had a big impact, the likelihood of such cases – even if you take into account the continually decreasing probability of error associated with the technical advancements – increases as well. To get an overview over the different liability constellations, you have to differentiate according to the source of the error. Was the device not working correctly? Was it operated incorrectly? When did the error occur? There is a multitude of possible errors and with the source of the error, the liability might shift as well. In this context, complex liability constellations can occur as the responsibilities of attending physician, hospital, laboratory physician and the manufacturer superimpose. All participants have to adhere to protection obligations to patients, whilst still having to cooperate. With regard to a fair division of responsibilities, every party involved should only be liable for the damages he caused or could reasonably have been expected to prevent.

Furthermore, as increasingly more data is gathered, the issue of storage arises. While it may, at first glance, seem advantageous to gather the data not on a personal storage device of the doctor, but on a bigger central storage system, legal issues can arise. This is especially the case if the doctor cannot freely access the data and thus is no longer able to assure the compliance with certain storage periods and deletion deadlines.

Object of investigation and legal context

As the given field of liability is very broad and every possible question connected to it could not possibly satisfied within this one article, the actual object of investigation has to be narrowed down.

Concerning the underlying laboratory results, this article shall only examine such data that are used in the context of medical treatment. While there can also be legal issues arising from the use of data only for research purposes, it is less likely that legal conflicts will arise because this data is not directly used for treatment of the person it belongs to. For similar reasons the main emphasis will be paid to possible claims of the patient – although the possibility of recourse is always to be kept in mind.

Whilst this article shall primarily examine the perennial issue of patient claims under civil law, it is to be noted that administrative and criminal sanctions can also apply under certain circumstances. However, with the different standard of proof and especially the fragmentary character of criminal law, even tortfeasors rarely face convictions under the German Penal Code [1]. More likely, however, are convictions or sanctions under supplementary (penal) provisions which are, for example, to be found in the German Act on Medical Devices (MPG) [2] and directly refer to the breach of duties set out in the respective act.

Concerning storage and destruction obligations for medical data, several acts from the field of laboratory medicine impose different storage and destruction obligations that shall be examined in the Discussion section together with the respective responsible persons and the interaction of those rules with the new General Data Protection Regulation (GDPR) [3].

Results

Depending on the cause of the false laboratory results, the patient has possible claims against all of the other parties involved. In many cases there will be claims against several parties. Especially the manufacturers of defective (medical) devices can easily be exposed to claims as they are usually strictly liable. Neither unintended “accountability gaps” nor unreasonable claims can be found.

Concerning storage and destruction obligations, the statutory timeframes and data protection laws intertwine. The responsible person is supposed to develop a detailed concept for compliance with storage periods and deletion deadlines and cannot, outside any legal provision or private agreement with the patient, transfer his duties to third parties.

Discussion

Liability for false laboratory results

Liability of the manufacturer

Concerning possible reasons for false laboratory results, a defect of one of the devices used might be the most common cause. As these devices are regularly medical devices within the meaning of Section 3 no. 1 MPG, the question of liability for defective medicinal products arises. As the MPG contains no special liability provision, the more general German Product Liability Act (ProdHaftG) [4] and the Section 823 of the German Civil Code (BGB) [5] (“Produzentenhaftung”) apply [6]. Section 1 of the Product Liability Act imposes strict liability if the defect kills, hurts or damages the property of someone but, in contrast to the fault-based tortious liability of Section 823 of the Civil Code, the maximum amount of damages is capped at €85 million (see Section 10 ProdHaftG). However, according to Section 1 para. 2 and 3 ProdHaftG, the liability of the manufacturer can be excluded. This can inter alia be the case if the defect did not exist at the time of placing on the market or if the defect, based on the current state of science and technology at the time of placing on the market, could not have been discovered.

Irrespective of the actual claim, determining who is the manufacturer within the meaning of Section 4 para. 1 sentence 1 ProdHaftG can be not as easy as it might seem as even the operator of the device can be deemed as the manufacturer if he creates a new medical device by changing or adding to the original medical device [7]. He, so to say, ousts the original manufacturer. Furthermore, the operator becomes the manufacturer if he disregards the intended use (he is then treated as if he created a new device with a different intended use) [7], [8].

Concerning factual issues, there are no significant differences between the ProdHaftG and Section 823 BGB. In the case of tortious liability pursuant to Section 823 para. 1 of the Civil Code, the manufacturer is liable for the unlawful and culpable violation of its manufacturer-specific duty to maintain public safety (“Verkehrssicherungspflichten”) [8]. Obligations to maintain public safety are based on the idea that everyone who creates possible sources of danger must take the necessary precautions to protect third parties [7]. The jurisprudence on product liability has developed a differentiated system of facilitation of evidence, the application of which depends on the proof of the respective type of defect. Thus, in the event of a proven manufacturing or design defect of the product, a reversal of the burden of proof with regard to the manufacturer’s fault occurs. Therefore, the manufacturer must prove that the fault cannot be attributed to him, e.g. because he has observed all reasonable safety precautions. The German Federal Supreme Court later extended these principles to include instruction errors if the instruction was already faulty at the time of placing on the market [6].

Furthermore, several provisions of the MPG are so-called protection statutes (“Schutzgesetze”) within the meaning of Section 823 para. 2 BGB [8]. Even slightly negligent breaches of these obligations therefore easily lead to liability according to Section 823 para. 2 BGB [7]. Moreover, only the fact that the manufacturer has certified the conformity of the medical device with the relevant safety requirements by affixing the CE marking does not release any party from its liability [9].

Concerning the big liability risks arising from a possible multitude of lawsuits due to defective medical devices, the provisions of the MPG and ProdHaftG do not oblige the manufacturer to provide cover to meet any claims for damages. However, the manufacturer is free to take out public liability insurance, product liability insurance or recall costs insurance [10]. From May 26, 2020, the manufacturer of medical devices must take precautions in accordance with Art. 10 para. 16 subpara. 2 of the Medical Device Regulation (MDR) [11] which are appropriate to the risk class, the type of product and the size of the company in order to ensure sufficient financial coverage of its potential liability in accordance with Product Liability Directive 85/374/EEC [12]. The national legislator is free to adopt stricter regulations. Additionally, from May 26, 2020, special attention must be paid to manufacturers not established in one of the member states. According to Art. 11 para. 1 MDR, a sole authorized representative has to be designated. This representative can then (jointly and severally with the manufacturer) be liable according to Art. 11 para. 5 MDR if the manufacturer does not comply with the obligations laid down in Art. 10 MDR [13].

Furthermore, liability under Section 82 GDPR might also be possible as laboratory results are personal data if they are not treated anonymously. For this to happen, however, there would first have to be a violation of the GDPR. Moreover, it is highly questionable whether health damage due to wrong medical treatment following false data is covered by the scope of protection. If, however, such a claim was possible, the patient would even benefit from a presumption of fault.

Liability of the notified body

While a liability of the notified body (Art. 2 para. 42 MDR and Section 15 MPG) was discussed as well [8], the German Supreme Court, following a decision of the Court of Justice of the European Union, decided that the notified body is usually not liable for defective medical devices [14]. However, this obligation may exist on a case-by-case basis if the notified body has reasons to believe that the product is defective [15].

Liability of the distributor or supplier

There is no special liability regime for the distributor or supplier. Thus, they can only be liable under contract or tort law if they breach their duties. This can, for example, be the case if the device is damaged during transportation or storage. Something else can only apply if the manufacturer of the product cannot be identified, then each supplier is considered its manufacturer (Section 4 para. 3 ProdHaftG).

Liability of the laboratory physician

Even if not deemed the manufacturer, the laboratory physician can still be liable if he causes the false laboratory data (e.g. by incorrectly operating the medical device or contaminating the sample) or ignores an obvious malfunction of the medical device. Most notably, the laboratory has maintenance and repair obligations for their medical devices. Details are specified in the Medical Device Operator Regulation (MPBetreibV) [16]. This regulation stipulates, among other things, that the user must ensure that a medical device is functional and in proper condition before use and must observe the instructions and other safety-related information and maintenance instructions attached (Sections 7 ff. MPBetreibV). Additionally, the devices may only be operated, used and maintained by persons who have the necessary training or knowledge and experience (Sections 4 and 5 MPBetreibV). As those are protection statutes, their violation can result in tortious liability according to Section 823 para. 2 BGB [8].

Additionally, in contrast to the manufacturer, the laboratory physician and the patient have a contractual relationship. Although the two parties are not directly connected to each other in the case of an assignment by the attending physician, the attending physician concludes a contract with the laboratory physician as a representative on behalf of the patient pursuant to Section 164 para. 1 BGB [17], [18], [19]. For such examinations that are medically necessary and which the patient must expect, an implied power of representation is to be assumed [18], [20]. The laboratory physician is thus obliged by the contract not to use a defective medical device or falsify the laboratory results. These are ancillary contractual obligations. If the operator or user culpably violates this obligation, he is (in addition to tort claims under Section 823 BGB) contractually obliged to compensate any damages under Section 280 para. 1 BGB [7]. Both the contractual and the tortious liability have in common that they require negligent or intentional fault, Section 276 para. 1 sentence 1 BGB. According to Section 276 para. 2 BGB, someone acts negligently if they fail to exercise reasonable care. Any type of negligence is sufficient so that even the slightest breach of duty gives rise to liability. The scope of contractual claims, although usually congruent with tort law, is easier to enforce due to the presumption of fault according to Section 280 para. 1 sentence 2 BGB. Additionally, the patient may be entitled to additional claims from warranty law due to the false laboratory result and can therefore, for example, demand subsequent corrections or withdraw from the contract with the laboratory physician.

If, however, the laboratory physician is not at the same time the operator of the laboratory, both the operator and the laboratory physician are the addressees of the duties of the MPBetreibV and thus, in that respect, both can be liable for a violation of their respective duties under Section 823 para. 2 BGB. Furthermore, a liability according to Section 823 para. 1 BGB can be considered due to organizational fault of the laboratory. Organizational fault exists when the responsible body has not organized the delegation of duties in a way that ensures proper selection and continuous supervision of operational processes and staff activities and to avoid, as far as possible, injury to third parties. Further specifications of this duty can be found in the Guideline of the German Medical Association on Quality Assurance of Medical Laboratory Examinations [21] and the German Act Governing Medical Technical Assistants [22], [23].

Additionally, the operator can also have a contractual liability if the contract is not concluded directly with the laboratory physician but with the laboratory operator. In this context, the fault of the laboratory physician (now himself only liable under tort law) can be attributed via Section 278 BGB and can also cause a liability of the operator under tort pursuant to Section 831 BGB as principal for the actions of his vicarious agents. However, the principal can exculpate himself and thus release himself from liability if he can prove that he has exercised reasonable care when selecting and monitoring the equipment and personnel (Section 831 para. 1 sentence 2 BGB). In practice, this proof is difficult to provide [7]. However, the so-called decentralized exculpatory evidence (“dezentralisierter Entlastungsbeweis”) is possible in larger hospitals, if the hospital clinic management can exculpate itself by showing that it had carefully selected and supervised not the attending physician and nursing staff, but the staff charged with the actual supervision [24].

Liability of the attending physician and nursing staff

While especially the attending physician can be liable according to the above-mentioned principles (e.g. if he and the laboratory physician are the same person), there is still the possibility of separate liability due to a different kind of fault. This might be the case, if the attending physician or nursing staff falsify the laboratory result themselves. If this is the case, a liability according to Section 823 BGB or – if there is a directly contractual relationship between patient and attending physician – contractual liability (Section 280 BGB) can be considered as this constitutes an error in treatment.

Liability of the hospital

If damages occur in the hospital, the injured party may also claim damages from the operator of the hospital. As a rule, the patient concludes a treatment contract (Section 630a para. 1 BGB) with the hospital operator [18]. If the hospital has its own laboratory or in case of point-of-care testing (POCT), the above-mentioned liability aspects for laboratories apply accordingly. The laboratory physician is both performance and vicarious agent of the hospital (Sections 278 and 831 BGB). Moreover, the fault of the nursing staff or the attending physician (see section above) is attributed to the hospital operator pursuant to Section 278 BGB and can thus cause contractual liability of the hospital. Also, in the law of tort, the hospital operator is liable as principal for the actions of his vicarious agents if he cannot exculpate himself (Section 831 BGB). Irrespective of this, however, liability on the part of the hospital under contract and Section 823 BGB may be considered regarding own implementation and/or organizational fault (cf. above for laboratories) [7].

Overlapping liabilities and the concept of damage

After investigating the constellations above, it becomes clear that there will often be more than one possible target for claiming damages. If this is the case, the claimant has the free choice of which debtor he wants to take action against, as regularly all debtors will be jointly and severally liable for the full damage caused. The assignment of the compensation according to the proportions of the responsibilities of each of the parties involved can then be achieved by the party against which claims have been asserted taking recourse. Concerning the relationship between employer and employee, the latter is regularly entitled to an at least partial – depending on his degree of negligence – release from liability vis-à-vis his employer (“in-company damage compensation”).

As a basis for all these claims, however, there is always the requirement of a monetary damage, Section 253 para. 1 BGB. In the field of medical law, as a rule, this will be compensation due to bodily injury or damages to the health of the patient. Beyond that, there can also be a claim for non-monetary damages as, for example, damages for pain and suffering, see Section 8 para. 2 ProdHaftG and Section 253 para. 2 BGB for the respective statutes.

Storage and deletion obligations of clinical laboratory testing

Legal landscape

Different legal regulations give rise to different documentation and storage obligations concerning clinical laboratory testing. These storage periods are generally intended to ensure the availability of data for evidence and documentation purposes [25]. But also, after a certain amount of time, data have to be deleted to prevent a violation of the patient’s right to privacy.

Section 10 para. 3 of the (Model) Professional Code for Physicians in Germany (MBO-Ä) [26] imposes a 10-year storage duty for all medical records upon the doctor. Alternatively, they are obliged to ensure that they are taken proper care of (Section 10 para. 4 sentence 1). It has to be noted that this provision solely imposes a duty to store and no duty to destroy.

In accordance with the provisions of Section 10 para. 3 MBO-Ä, Section 630f para. 3 BGB also specifies that in case of a treatment contract, the attending physician must keep the patient’s data for a period of 10 years after completion of treatment. Neither the MBO-Ä nor the BGB, however, can suspend certain legal provisions concerning storage and destruction in certain sub-sectors of medicine that mostly mandate longer storage periods [27].

For example, the German Transfusion Act (TFG) [28] stipulates a retention period of at least 15 years, in some cases even 20 or 30 years, for most records (see §§ 11 I, 14 III TFG). If it is no longer necessary to keep the records, the data must be deleted or destroyed, Section 14 para. 3 TFG.

According to Section 12 of the German Genetic Diagnosis Act (GenDG) [29], the results of genetic examinations must be stored for 10 or 30 years, depending on the purpose of the examination, and then be destroyed or blocked. These duties lie with the doctor, but in case of the commissioning of a third person or institution the duty is imposed upon this third party, Section 12 GenDG.

The aforementioned special legal regulations for storage of data are flanked by data protection laws. Especially the new GDPR applies. According to Art. 17 para. 1 lit. a)–c) GDPR, there are express obligations to delete data under certain circumstances, which essentially overlap with the above-mentioned provisions. However, there is no deletion obligation if the deletion would be contrary to statutory retention periods, Art. 17 para. 3 lit. b) GDPR. Such storage obligations are laid down in the above-mentioned regulations.

The GDPR does not directly define the term “delete”. However, in the sense of Section 3 para. 4 no. 5 of the old German Federal Data Protection Act [30] this means rendering data unrecognizable, so no human can recognize them anymore [31], [32]. As a rule, the simple deletion of the data and every backup is sufficient, even though, by usage of expensive soft- and hardware, the data could be unauthorizedly restored. This however would be a criminal offense and thus is not to be taken into account [32].

Required measures

The deletion obligation only exists with regard to data for the processing of which the medical person or institution is responsible (cf. Art. 4 no. 7 GDPR, Section 3 no. 5 GenDG, and Sections 11 para. 1, 2, 14 para. 1, 3 TFG). If the data was previously rightfully, e.g. due to legal obligations or an agreement with the patient, disclosed to other recipients (cf. Art. 4 no. 9 GDPR), they are regularly subject to their own deletion obligations. On the part of the initially disclosing medical person, in turn, there are notification obligations, inter alia about any deletion of data, pursuant to Art. 19 GDPR. Any rectification or erasure of personal data or restriction of processing carried out shall be communicated to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. This would be the case, for example, if the identity of the recipient could only be determined with massive effort or could not be determined at all. The obligation to inform, however, does not constitute any obligation of the person originally responsible to ensure that each recipient deletes the data, especially if other deletion periods apply.

Appropriate technical and organizational measures must be implemented to ensure compliance with the requirements of the GDPR and other previously mentioned provisions (cf. Art. 24 para. 1 GDPR, Section 10 para. 5 MBO-Ä). The deletion periods to be complied with must be documented [33]. Accordingly, individual deletion periods are to be included in a record of processing activities pursuant to Art. 30 para. 1 lit. f) GDPR. The documentation of specific examination and analysis results should be designed in such a way that they are easy to separate from other medical documents [34]. In view of the complexity in the laboratory medical context, a comprehensive deletion concept must be implemented as well as an authorization management system to ensure that only authorized personnel have the necessary access to the respective data. In the event of violations of the above regulations, those responsible expose themselves to the risk of fines. For example, violations of the obligations arising from Art. 17 GDPR can be punished with a fine of up to €20 million or up to 4% of last year’s annual turnover pursuant to Art. 83 para. 5 lit. b) GDPR.

Correspondence: Prof. Dr. iur. Ulrich M. Gassner, Mag. rer. publ., M. Jur. (Oxon.),Institute of Bio Law, Health Law and Medical Law, Faculty of Law, University of Augsburg, Universitätsstr. 24, Augsburg 86159, Germany, Tel.: 0049 821 5984590, Fax: 0049 821 5984591

Author contributions: All the authors have accepted responsibility for the entire content of this submitted manuscript and approved submission.
Research funding: None declared.
Employment or leadership: None declared.
Honorarium: None declared.
Competing interests: The funding organization(s) played no role in the study design; in the collection, analysis, and interpretation of data; in the writing of the report; or in the decision to submit the report for publication.

References

1. German Criminal Code (Strafgesetzbuch (StGB)) in the version promulgated on 13 November 1998, Federal Law Gazette [BGBl.] I p. 3322, last amended by Article 1 of the Law of 24 September 2013, BGBl. I p. 3671 and with the text of Article 6(18) of the Law of 10 October 2013, Federal Law Gazette I p. 3799.Suche in Google Scholar

2. The Act on Medical Devices (Medical Devices Act – Medizinproduktegesetz (MPG)) of 2nd August 1994 (Federal Law Gazette [BGBl.] I, p. 1963), in the version of 7th August 2002 (Federal Law Gazette I, p. 3146), last amended by Article 12 of the Act of 24th July 2010 (BGBl. I, p. 983).Suche in Google Scholar

3. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).Suche in Google Scholar

4. Act on Liability for Defective Products (Product Liability Act – Produkthaftungsgesetz (ProdHaftG)) of 15 December 1989 (Federal Law Gazette [BGBl.] I p. 2198), last amended by Article 180 (5) of the regulation of 31 August 2015 (BGBl. I p. 1474).Suche in Google Scholar

5. German Civil Code (Bürgerliches Gesetzbuch (BGB) in the version promulgated on 2 January 2002 (Federal Law Gazette [BGBl.] I page 42, 2909; 2003 I page 738), last amended by Article 4 para. 5 of the Act of 1 October 2013 (BGBl. I page 3719).Suche in Google Scholar

6. Koyuncu A, Müller DC. Medizinproduktehaftung – Auskunftsansprüche, Beweisfragen und Hinweise zur Anwenderkommunikation. Medizin Produkte Recht 2012;5:158–65.Suche in Google Scholar

7. Weimer T. Medizinproduktehaftung – Straf- und zivilrechtliche Haftung der Anwender und Betreiber von Medizinprodukten – Teil 3. Medizin Produkte Recht 2007;5:119–24.Suche in Google Scholar

8. Ortner R, Daubenbüchel F. Medizinprodukte 4.0 – Haftung, Datenschutz, IT-Sicherheit. Neue juristische Wochenschrift 2016;40:2918–24.Suche in Google Scholar

9. Heil U, Mayer-Sandrock A. § 23 Produkthaftung für Medizinprodukte. In: Dieners P, Anhalt E, editors. Medizinprodukterecht, Praxishandbuch. München: CH Beck, 2017:835–86.Suche in Google Scholar

10. Koch R. Folgen der „Boston-Scientific“-Urteile des EuGH vom 5. 3. 2015 (VersR 2015, 900) und des BGH vom 9. 6. 2015 (VersR 2015, 1038) für die Produkthaftung und die Betriebs- und Produktha ftpflichtversicherung. Versicherungsrecht 2015;34:1467–76.Suche in Google Scholar

11. Regulation (EU) 2017/745 of the European Parliament and of the Council of 5 April 2017 on medical devices (Medical Devices Regulation – MDR), amending Directive 2001/83/EC, Regulation (EC) No 178/2002 and Regulation (EC) No 1223/2009 and repealing Council Directives 90/385/EEC and 93/42/EEC.Suche in Google Scholar

12. Council directive of 25 July 1985 on the approximation of the laws, regulations and administrative provisions of the Member States concerning liability for defective products (85/374/EEC).Suche in Google Scholar

13. Schilbach D. Update zur Medizinprodukteverordnung – Einführung einer gesetzlichen Produkthaftung für den „bevollmächtigten Vertreter“? Medizin Produkte Recht 2016;3:82–90.Suche in Google Scholar

14. BGH, judgment of 22. 6. 2017 – VII ZR 36/14.Suche in Google Scholar

15. ECJ, judgment of 16. 2. 2017 – C-219/15.Suche in Google Scholar

16. German Medical Devices Ordinance (Medizinprodukte-Betreiberverordnung) of 20 December 2001 (Federal Law Gazette [BGBl.] I p. 3854), last amended by Article 3 (5) of the Ordinance of 27 September 2016 (BGBl. I p. 2203).Suche in Google Scholar

17. Kern BR. § 40 Der Abschluss des Arztvertrags. In: Laufs A, Kern BR, editors. Handbuch des Arztrechts, 4th ed. München: C.H. Beck, 2010.Suche in Google Scholar

18. Lipp V. III. Der Behandlungsvertrag. In: Laufs A, Katzenmeier C, Lipp V, editors. Arztrecht, 7th ed. München: C.H. Beck, 2015.Suche in Google Scholar

19. Spickhoff A. Anmerkung zum Urteil des BGH vom 14.1.2010 (III ZR 188/09) – Zum Umfang der Vertretungsmacht des Hausarztes bei der Beauftragung eines externen Laborarztes und medizinisch notwendige ärztliche Versorgung. JuristenZeitung 2010;9:470–1.10.1628/jz-2010-0070Suche in Google Scholar

20. District Court (Landgericht) of Dortmund, judgment of 19.10.2006 – 4 S 62/06. Neue juristische Wochenschrift Rechtsprechungs-Report, 2007:269.Suche in Google Scholar

21. German Medical Association. Guideline of the German Medical Association on Quality Assurance of Medical Laboratory Examinations (RiliBÄK 2014). Deutsches Ärzteblatt 2014;111:A1583–618.Suche in Google Scholar

22. German Act Governing Medical Technical Assistants (MTAG) of 2 August 1993 (Federal Law Gazette [BGBl.] I p. 1402), last amended by Article 21 of the Act on 18 April 2016 (BGBl. I p. 886).Suche in Google Scholar

23. Gassner UM. 26 Liability issues relating to POCT. In: Luppa PB, Junker R, editors. POCT – Patientennahe Labordiagnostik, 3rd ed. Berlin, Heidelberg: Springer, 2017:261–8.10.1007/978-3-662-54196-8_26Suche in Google Scholar

24. Deutsch E. Das Organisationsverschulden des Krankenhausträgers. Neue juristische Wochenschrift 2000;24:1745–8.Suche in Google Scholar

25. Bundesrats-Drucksache 633/08 of 29 August 2008:1–99.Suche in Google Scholar

26. (Model) Professional Code for Physicians in Germany ((Muster-)Berufsordnung-Ärzte (MBO-Ä)), Deutsches Ärzteblatt 1997; 94(37); A-2354/B-2008/C-1890.Suche in Google Scholar

27. Kienzle HF, Smentkowski U. Streitschlichtung und Behandlungsfehlerprophylaxe – Fallberichte aus der Gutachterkommission Nordrhein – heute: Aufbewahrungspflichtverletzung. Medizinrecht 2013;1:27–8.10.1007/s00350-012-3320-1Suche in Google Scholar

28. German Transfusion Act (Transfusionsgesetz (TFG))of 28 August 2007 (Federal Law Gazette [BGBl.] I p. 2169), last amended by Article 3 of the Ordinance of 18 July 2017 (BGBl. I p. 2757).Suche in Google Scholar

29. German Genetic Diagnosis Act (Gendiagnostikgesetz (GenDG)) of 31 July 2009 (BGBl. I p. 2529, 3672), last amended by Article 2 para. 1 of the Ordniance of 4 November 2016 (BGBl. I p. 2460).Suche in Google Scholar

30. German Federal Data Protection Act (Bundedatenschutzgesetz-alt (BDSG-alt) of 14 January 2003 (Federal Law Gazette [BGBl. I p. 66), last amended by Art. 1 of the Ordinance of 14 August 2009.Suche in Google Scholar

31. Herbst T. B. Art. 17 DS-GVO. In: Kühling J, Buchner B, editors. Datenschutz-Grundverordnung/BDSG, Kommentar, 2nd ed. München: C.H. Beck, 2018.Suche in Google Scholar

32. Schillhorn K, Heidemann S. Gendiagnostikgesetz – Kommentar für die Praxis, 2nd ed. Heidelberg: medhochzwei, 2017:457.Suche in Google Scholar

33. Keppeler LM, Berning W. Technische und rechtliche Probleme bei der Umsetzung der DS-GVO-Löschpflichten. Zeitschrift für Datenschutz 2017;7:301–52.Suche in Google Scholar

34. Stockter U. § 12 GenDG. In: Prütting D, editor. Medizinrecht Kommentar, 4th ed. München: C.H. Beck, 2016:1094–6.Suche in Google Scholar

Received: 2018-06-29

Accepted: 2018-08-17

Published Online: 2018-09-25

Published in Print: 2018-12-19

Artikel in diesem Heft

https://doi.org/10.1515/labmed-2018-0080

Schlagwörter für diesen Artikel

data processing; deletion obligations; laboratory testing; legal aspects; liability; storage periods