Wake Radiology :: UNC-Mammography Registry FAQs

From The President Practice Overview History of Wake Radiology Our Physicians Physicians Emeritus Wake Radiology Staff Employment Opportunities Corporate Media Kit WR Data Center / IT Support

Offices Hospitals

Adult Procedures Pediatric Procedures

Body Imaging Emergency Radiology Interventional Radiology & Vein Therapy Center Pediatric Imaging Musculoskeletal Imaging Neuroradiology Imaging Women's Imaging PET·CT Breast MRI

Welcome to Wake Radiology Preparing for an Exam Patient Post-Procedure Instructions Mammogram Appointment Request Breast Cancer Risk Calculator Vein Consultation Form MRI Safety Checklist (English) MRI Safety Checklist (Spanish) Film Release Consent Form Patient Feedback Insurance Plans & Info Financial/Billing Info Online Payment Center Trusted Online Resources

Welcome to Wake Radiology Our Physicians Physician Decision Support Trusted Online Resources Wake Radiology Education Scannings Newsletter CPT Code Lookup CMS Signature Guidelines

WR In The News News Videos

UNC-Mammography Registry Frequently Asked Questions

Last updated 10/28/09

Q. I had a mammogram done at Wake Radiology. Why am I getting a letter from UNC?

A. Along with 35 other radiology groups, Wake Radiology participates in a large study of mammography patients conducted by UNC and funded by the National Institutes of Health (NIH). This study is known as the Carolina Mammography Registry (CMR). The registry has been collecting data for the last 12 years without incident. The registry experienced a security breach on one of its websites and your personal information may have been obtained by a “hacker.”

Q. I don’t remember giving my consent for my personal information to be sent to UNC for this study.

A. The federal regulations that govern research involving human subjects allow for some kinds of research to be conducted with a “waiver of consent,” provided that certain criteria are met. The Carolina Mammography Registry was first reviewed in 1993 and has been reviewed on an annual basis ever since by an oversight committee that is independent from the researchers, called the Institutional Review Board (“IRB”). After much discussion and careful review, the IRB agreed that this project could proceed without direct consent of patients whose records were used. There is a more in-depth discussion of this question on the CMR website in their Frequently Asked Questions document at http://www.unc.edu/cmr/breach_faq.pdf. Click on the link to go there.

Q. Why did it take two years to discover the hack?

A. This is a question for UNC. Please call their toll free number 877-434-3065 between the hours of 9:00am to 6:00pm Monday–Friday.

Q. What was the nature of the personal data sent.

A. The data included your name, address, phone numbers, ethnicity, and Social Security Number. We did not send your date of birth, any insurance information nor any credit card or bank data.

Q. Why was it necessary to send my personal information? Why did you not strip any personal information before sending the data?

A. In fact, this is what we wanted to do. However, the UNC study personnel informed us that they needed the personal data to match exams that were done for the same person at different facilities. Thus, for example, if you had a mammogram done one year at Wake Radiology and the next year at a different facility, the study manager would need to be able to combine those two to get a full history for you.

Q. Why was the data not encrypted or otherwise protected.

A. When we sent the data to UNC it was encrypted and password protected. We are always concerned about keeping information secure and were very careful to ensure that the files we sent them were not readable without the key.

UNC may be able to shed more light on this question. Please call their toll free number 877-434-3065 between the hours of 9:00am to 6:00pm Monday-Friday.

Q. If the problem was discovered in late July, why has it taken two months for UNC to notify me?

A. Wake Radiology only learned of this potential breach when we read about it in the News and Observer on Friday September 25th. On that day, we immediately suspended the transmission of any further data to the CMR study.

UNC may be able to provide more insight into the two month delay in notification. Please call their toll free number 877-434-3065 between the hours of 9:00am to 6:00pm Monday–Friday.

Q. Why did Wake Radiology participate in this study in the first place?

A. Wake Radiology, along with 35 other radiology groups in the state contributed data to the CMR in the hope and expectation that the pooled data would demonstrate patterns that could lead to earlier and better detection of breast cancers and improved treatments thus improving public health. Studies such as the CMR are an essential element in moving the science forward.

Q. Was Wake Radiology paid to send data to the study?

A. Absolutely not. In fact we expended a great deal of energy and resources ourselves to ensure the quality and confidentiality of the data. Our only purpose for contributing to the registry was to advance the science of detection and treatment of breast cancer.

Q. I had a mammogram at Wake Radiology but have not received a letter from UNC. Was my data vulnerable?

A. UNC has determined which patients may have been affected by this incident. They are being conservative and notifying everyone who might have been involved. We understand from UNC that all letters have now been mailed. If you did not receive a letter, you can assume that your data is safe.

Q. How do I make sure that Wake Radiology does not share my personal information for any other study?

A. Wake Radiology recognizes that it is important to act quickly to assure patients that their personal information remains confidential. Therefore we are committing to the following steps:

1. Before this incident, Wake Radiology did not share personal data with any study other than the one in question. At this time we have terminated our participation in the Carolina Mammography Registry and have requested that they expunge any and all personal information of our patients from their records.

2. We are also committing to sharing only de-identified and anonymized data for any future study involvement (unless mandated otherwise by federal or state laws).

3. We are in the process of stripping all but the last 4 digits of patient’s Social Security Numbers from our clinical systems.