A spreadsheet used by UK’s COVID-19 contract tracing team that contained the names of several hundred students and some employees was accessible by those with a UK email address.

This information was first revealed in a Herald-Leader article then confirmed in a campus-wide email Sunday.

The contact tracers used a file sharing platform to notify those who received negative COVID-19 tests in part of UK’s Phase 1 testing that anyone with a UK email address could access.

“As soon as we realized this issue, the files in question were moved to a private and secured location,” said UK spokesperson Jay Blanton.

Personal information, including: names, birthdates, and negative COVID-19 test results may have been viewed. 

“Only those with active UK credentials would have been able to view the files. We are able to determine who accessed the files in an unauthorized manner and plan to follow up with each individual,” said Blanton.

None of the information accessible is considered protected under the Health Insurance Portability and Accountability Act (HIPAA). However, some of the available information for students is protected by the Family Educational Rights and Privacy Act (FERPA).

UK will be reaching out to those who were impacted this week.

Those with questions on this issue can email [email protected] or visit UK’s COVID-19 information site.