News

newsobserver.com blogs

Campus Notes art

Campus Notes

Campus Notes is your one-stop shop for news and notes related to Triangle universities and community colleges. We'll cover it all here, from policy discussions to the silly things those crazy college kids are doing. Got an idea? Request? Criticism? Let us know. eric.ferreri@newsobserver.com.

Why no consent required for hacked UNC-CH mammogram study

Submitted by eferreri on 10/20/2009 - 10:40
Bookmark and Share

The UNC Chapel Hill med school mammography study victimized by a computer hacker did not need to get the consent of patients whose data was submitted to it due to a federal regulation related to studies of large populations.

Judging from the emails and phone calls I've received over the last week since writing this story, that explanation isn't sitting well with many of the more than 100,000 women whose social security numbers and other personal information was exposed when the hacking took place.

Some folks have asked about the federal regulation. Well, here you go: Click here for the government website and scroll down to the section 46.116 (d)

Here's what it says:
 
An IRB may approve a consent procedure which does not include, or which alters, some or all of the elements of informed consent set forth in this section, or waive the requirements to obtain informed consent provided the IRB finds and documents that:

    (1) The research involves no more than minimal risk to the subjects;

    (2) The waiver or alteration will not adversely affect the rights and welfare of the subjects;

    (3) The research could not practicably be carried out without the waiver or alteration; and

    (4) Whenever appropriate, the subjects will be provided with additional pertinent information after participation.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Hacking Mammography Data

Thu, 10/22/2009 - 22:21 — gpbaker

"adversely affect the . . .welfare of the subjects" is questionable. What is further questionable is why, if the hacking occurred in 2007, we are just being notfied? Damage to our identities has been done by down. Horse is out of the barn and gone. Further, by 2007, encryption of data should have been done at the time of data input, not after the fact. This eliminates the chance of hacking of any servers, much less intermediary servers. Was that waiver still in effect in 2007? The rules/regs governing data protection are constantly changing. Finally, are there any patients interested in class action pursuit?

No consent needed....

Tue, 10/20/2009 - 12:22 — acts36

(1) The research involves no more than minimal risk to the subjects;
(2) The waiver or alteration will not adversely affect the rights and welfare of the subjects;
hmmmmmmmm.....I would say that the mammography study failed the first two....I plan to pursue this to see if I am correct!

Cars View All
Find a Car
Go
Jobs View All
Find a Job
Go
Homes View All
Find a Home
Go

About the blogger

Eric Ferreri covers higher education and general news.

Want to post a comment?

In order to join the conversation, you must be a member of newsobserver.com. To register or to log in using your existing account, click here.
Advertisements