You may also like ACC Now | WakeEd | Mouthful | Techn&ology
News
Web Search powered by YAHOO!
Campus Notes
Campus Notes is your one-stop shop for news and notes related to Triangle universities and community colleges. We'll cover it all here, from policy discussions to the silly things those crazy college kids are doing. Got an idea? Request? Criticism? Let us know. eric.ferreri@newsobserver.com.
No consent needed for UNC mammogram study that was hacked
Submitted by eferreri on 10/13/2009 - 15:40
Radiologists who submit mammography data to a UNC medical school registry do not need patient consent to do so, a UNC Health Care spokeswoman said Tuesday.
Federal regulators waive consent requirements for projects like the Carolina Mammography Registry because it is a population-based study dealing with hundreds of thousands of pieces of data, said Karen McCall, the UNC Health Care spokeswoman.
A server housing much of the registry's data was hacked recently.
As many as 160,000 patient files may have been exposed, including 114,000 social security numbers. (That's fewer than officials thought originally).
And university officials say there is no evidence that any data was downloaded. University officials don’t know who the hacker is but think it originated in eastern Europe.
Many women only learned they were participants in the study when they received letters from UNC-CH detailing the security breach.
The registry is a 14-year-old project that collects and analyzes mammograms submitted by dozens of radiology offices across the state. Prior to its creation, federal regulators waived any requirement that patients be asked for their consent.
“There are so many participants that the cost of getting permission would be prohibitive to the point of not being able to do the study,” McCall said.
Read more in Wednesday's News & Observer.
Want to post a comment?
In order to join the conversation, you must be a member of newsobserver.com. To register or to log in using your existing account, click here.Advertisements
Comments
No consent needed
Wed, 10/14/2009 - 20:59 — acts36“There are so many participants that the cost of getting permission would be prohibitive to the point of not being able to do the study,” McCall said. What about the "cost" to the 160,000 women whose personal information was stored on an unsecured server? The University learned of the breach in July yet my letter informing me was dated October 4th. Now I get the added "cost" of paying for monthly monitoring of my information because the university isn't really sure when the breach occurred. Since according to the letter I received, my social security number, name, address and insurance information was breached, I can't afford to take any chances.
It is unfortunate for the person who devoted 14 years of her life to a study was undermined by the carelessness of whoever had the responsibility of ensuring that particpants' data was securely stored. I called the registry and requested that all my personal information be removed immediately and I doubt I will be the only one to do so.
Quite frankly, I feel the university deserves to lose funding for their carelessness. Somebody dropped the ball on this one!
Computer hacked
Wed, 10/14/2009 - 10:38 — workinComputer security staff responsible probably held by one of the jobs where they waived the search. They can't find the emails at State regarding Easley's hiring and can't protect this data that they didn't even inform us they were collecting. They may get my tuition but don't hold your breath for my donation.