The UNC Chapel Hill med school mammography study victimized by a computer hacker did not need to get the consent of patients whose data was submitted to it due to a federal regulation related to studies of large populations.

Judging from the emails and phone calls I've received over the last week since writing this story, that explanation isn't sitting well with many of the more than 100,000 women whose social security numbers and other personal information was exposed when the hacking took place.

Some folks have asked about the federal regulation. Well, here you go: