Radiologists who submit mammography data to a UNC medical school registry do not need patient consent to do so, a UNC Health Care spokeswoman said Tuesday.
Federal regulators waive consent requirements for projects like the Carolina Mammography Registry because it is a population-based study dealing with hundreds of thousands of pieces of data, said Karen McCall, the UNC Health Care spokeswoman.
A server housing much of the registry's data was hacked recently.
As many as 160,000 patient files may have been exposed, including 114,000 social security numbers. (That's fewer than officials thought originally).
And university officials say there is no evidence that any data was downloaded. University officials don’t know who the hacker is but think it originated in eastern Europe.
Many women only learned they were participants in the study when they received letters from UNC-CH detailing the security breach.
The registry is a 14-year-old project that collects and analyzes mammograms submitted by dozens of radiology offices across the state. Prior to its creation, federal regulators waived any requirement that patients be asked for their consent.
“There are so many participants that the cost of getting permission would be prohibitive to the point of not being able to do the study,” McCall said.
Read more in Wednesday's News & Observer.