Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

UW Medicine exposed information from nearly 1 million patients in December

news that informs graphic
Adrian Florez
/
KNKX

In what officials say is the result of human error, University of Washington Medicine mistakenly exposed information from nearly 1 million patients for about three weeks late last year.

Internal files were visible through online search starting Dec. 4, 2018. The hospital system became aware of the issue Dec. 26, after a patient searched their own name and reported seeing the file.

The files that were exposed were kept whenever UW Medicine shared medical information with outside parties, such as law enforcement or public health agencies. They contained patient names, internal medical record numbers, a description of what was shared, and who received the information.

"So it would say 'this test was performed,' not the results. It could say 'clinic notes.' It could say, 'screened for a study,'" said UW Medicine Chief Medical Officer Tim Dellit, adding that the name of the test or the study could also be included.

Dellit said he thinks the risk to patients is low because actual medical records, financial information and social security numbers were kept safe.

Still, the hospital system is notifying 974,000 patients via letter about the exposure. That includes people who received medical care or participated in studies — individuals spanning all 50 states, Dellit said.

UW Medicine also has hired an outside consultant and has notified the Office of Civil Rights.

"We think we've put in very good processes to prevent this from occurring again, but we also want to verify that and confirm that," Dellit said.

The exposure happened because of a "database configuration error," Dellit said. Files that were being held in a private test environment were somehow moved to a production environment, allowing them to be searchable online.

UW Medicine was able to immediately make the files private again on Dec. 26 after learning about what had happened. But the hospital system continued to work with Google through Jan. 10 to make sure nothing was saved on the search engine. 

Dellit said the hospital system took another two months before informing the public to analyze which specific patients were affected and to put systems in place to answer patients' questions.

Affected patients should be receiving a letter within the next few days. But anyone with questions can find out more on a special website or by calling (844) 322-8234.

Reagan Dunn, a member of the King County Council, announced Wednesday that he would introduce legislation calling for a commission to investigate the breach. 

A Seattle native and former KNKX intern, Simone Alicea spent four years as a producer and reporter at KNKX. She earned her Bachelor's of Journalism from Northwestern University and covered breaking news for the Chicago Sun-Times. During her undergraduate career, she spent time in Cape Town, South Africa, covering metro news for the Cape Times.