This past December, UW Medicine experienced an exposure of protected health information (PHI) when an error in a database configuration made protected internal files available on the internet and visible by search. The files contained information about reporting that UW Medicine is legally required to make. When we learned about the exposure of the files to the internet, we took immediate steps to remove the information from the site and initiated appropriate measures to remove saved information from any third-party sites.
Yesterday, February 19, we began mailing letters to approximately 974,000 patients to alert them of this exposure and have reported this incident to the Office for Civil Rights. As part of the regulatory requirements, we also are notifying the media today, posting information to a dedicated website and making available a toll-free number for patients to call with questions. This website and call center are being managed by a trusted vendor on behalf of UW Medicine.
To find out more about this exposure, please read our FAQs posted on the Huddle website. If you receive questions from patients, please direct them to uwmedicine.org where we are posting a message on the home page about this incident.
We take patient confidentiality very seriously and apologize for any distress this may cause our patients and their families. We are reviewing our internal protocols and procedures to prevent this from happening again.
Sincerely,
Paul G. Ramsey, M.D.
CEO, UW Medicine
Executive Vice President for Medical Affairs and
Dean of the School of Medicine,
University of Washington