Information for approximately 974,000 UW Medicine patients was exposed after a "data error."
According to UW Medicine, files including patient names and record numbers became available and visible on the internet on Dec. 4. The files did not contain medical records, financial information, or social security numbers, according to UW Medicine.
UW Medicine became aware of the issue on Dec. 26.
Because Google had saved some of the files before Dec. 26, UW Medicine worked with the company to remove them and prevent them from showing up in search results. All saved files were removed by Jan. 10.
"We regret that this incident occurred and sincerely apologize for any distress this may cause our patients and their families. UW Medicine is committed to providing quality care while protecting patients’ personal information. We are reviewing our internal protocols and procedures to prevent this from happening again," a statement reads.
UW Medicine is in the process of distributing letters to the affected patients and reported the incident to the Office of Civil Rights.
King County Councilmember Reagan Dunn announced Wednesday he would introduce legislation calling on County Executive Dow Constantine to create a commission to investigate the "potential breach of health records."
“This is a breach of data, but it’s also a massive breach of the public’s trust,” Dunn said. “That’s why I am immediately introducing legislation requesting the County Executive to form a commission to investigate what went wrong, why it happened, and how to ensure this never happens again. The public deserves so much better.”
UW Medicine says after learning of the problem, "immediate steps" to remove the information were taken.
“We think we’ve put in very good processes to prevent this from ever occurring again, but we also want to verify that and confirm that with an external organization to look as well,” said Tim Dellit, Chief Medical Officer at UW Medicine.
In general, according to UW Medicine, the files made public were those used to document when it shared patient information as required by law. That includes a description of what information was shared, and the reason for disclosure.
"In general, the files described what parts of your medical record were shared, not your actual health information."
The database affected by the error is used to keep track of the time UW Medicine shares patient health information that meets legal criteria. It is required to track the information by HIPAA law.
ID Experts, a trusted vendor, will be managing a call center and website for patients with questions on behalf of UW Medicine beginning Feb. 20. The call center hours are Monday through Friday from 5 a.m. to 5 p.m. The toll-free number is 844-322-8234.
“We encourage patients if they have questions, we have set up a link on our UWMedicine.org website where they can link from there to a dedicated website where there will be FAQs available for the patients to get more information,” Dellit said.