04/20/10: Greenville MRI - New Facility
-----------------------
10/07/09: Eastern Radiologists addresses patient concerns relating to UNC computer security breach
-----------------------
10/02/09: Eastern Radiologists Participates in October Breast Cancer Awareness Month
-----------------------
Eastern Radiologists addresses patient concerns relating to UNC computer security breach
10-07-09
This page has been created in response to a recent mailing from University of North Carolina at Chapel Hill, (UNC-CH) regarding a security breach in their mammography data system.
It is important to point out that, according to UNC-CH, there is no definitive evidence that their security breach has resulted in any patient’s personal information being acquired by any individual or group. The letter you received from UNC-CH was sent for the purpose of full and open disclosure.
Eastern Radiologists, Inc. sincerely regrets any confusion or inconvenience this has caused. Additionally, we would be happy to speak to you regarding any questions or concerns you may have regarding this matter. Please call your nearest ERI office if you still have questions after reading the information presented below.
ERI Breast Imaging Center – Greenville 252-754-5227
ERI Washington 252-946-2137
ERI Kinston 252-527-7077
In addition, you may access additional information at the Carolina Mammography Registry Web Site at the following link:
http://www.unc.edu/cmr
Below you will find a list of frequently asked questions.
Q. What exactly happened?
A. UNC-CH discovered that a computer at the Carolina Mammography Registry was infected with a computer virus sometime between 2007 and July 2009. That computer held a database of mammography records from the past several years. There is no indication that the virus involved any of the data but since that computer had patient information the decision was made to inform everyone about the possibility that their information was involved.
Q. I had a mammogram done at Eastern Radiologists (ERI). Why am I getting a letter from UNC?
A. Along with 35 other medical practices in North Carolina, we have participated in the Carolina Mammography Registry (CMR) which is administered by UNC-CH. They provide us with Quality Assurance data which is required by the Food and Drug Administration’s, (FDA) Mammography Quality Standards Act, (MQSA). In addition, CMR collects data as part of its participation in the National Mammography Database which anonymously compiles mammography statistics.
Q. I don’t remember giving my consent for my personal information to be sent to UNC for this study?
A. Mammography follow up is part of your medical care. The document you sign upon registration at ERI allows us to use your information as related to the provision of your health care and is in compliance with federal requirements regarding protected health information, (PHI).
Q. What was the nature of the personal information sent?
A. The data sent to UNC-CH included your name, address, date of birth, phone number and ethnicity, and mammography history (when a mammogram was done and if it was normal or abnormal). We did not include any personal insurance information, social security number, or financial data.
Q. Why was the data not encrypted or otherwise protected?
A. The data ERI sent to UNC-Ch was sent securely. Unfortunately, the UNC-CH computer was breached after the data was sent.
Q. Why did it take 2 years to discover the problem?
A. This is a question for UNC-CH. Please call their toll free number 877-434-3065 between the hours of 9:00 am to 6:00 pm Monday – Friday.
Q. How do I make sure ERI does not share my personal information for any purpose other than as related to my medical care?
A. Personal information is treated with the strictest care by ERI. The Carolina Mammography Registry was used as a means for us to link your records with statewide tumor registry as part of our required ongoing quality assurance program. This is not a research study and is part of your medical care. This is not a function that we can perform at ERI and must be done at a facility like UNC that has the necessary linkage to the state registry.
Statistical data collection and other research that may be performed by us or UNC is done in an anonymous fashion without any identifying information.
We routinely review our security and privacy policies and will continue to do so in light of recent events. At the present time we have suspended any data transmission to UNC.
Q. What do I need to do now?
A. At this time, we believe that the risk of identity theft for individuals involved in this incident is low. We have had no indication that any information was misused or even viewed by any unauthorized individuals. However, you may wish to monitor your credit report through one of the three main credit reporting bureaus (Experian, Equifax or TransUnion).
Again, Eastern Radiologists apologizes for any confusion this unfortunate incident has caused. We respect our patient’s privacy and strive to protect it while providing the best possible care we can.