I've heard from a lot of readers concerned about their personal data being compromised when a UNC Chapel Hill computer server was hacked.
These women, whose mammograms and related personal information were submitted by radiologists to a UNC-CH medical school study, have been asking one question more than any other lately: Why does UNC need social security numbers, dates of birth and other personal information for a medical study?
Karen McCall, a spokeswoman for UNC Health Care, explained today that the study tracks the mammograms of individual patients over time. So, if you have a mammogram each year and it is submitted to the study, someone will analyze it and look for patterns or suggestions that cancer either has developed or could in the future.
Thus, the personal data is necessary because they're examining specific cases, not just using data in aggregate.
"They're tracking people," McCall said. "They're trying to find out if they get cancer. Years ago, they used Social Security numbers. That's how we identified people. The radiologist is responsible for tracking the person for a long time. They give this responsibility to the registry, and the registry reports back to them. So they have to know who the people are."
The university ceased using Social Security numbers as identifiers in 2007, she said.
McCall explained further that this data was stored on two computer servers. One was secure, with all the data "coded," and scrubbed of personal information. But before that happened, it was stored on what she called a "transition" server.
That's the server that got hacked.