NRAD Medical Associates, a radiology practice based in Garden City, N.Y., has notified 97,000 patients saying an employee had unauthorized access to their personal information, according to a Newsday report.
According to the organization’s letter to patients, on or about April 24, it was discovered that an employee of the practice accessed and acquired protected health information (PHI) from NRAD’s billing system without authorization. The information included patient names and addresses, dates of birth, social security numbers, health insurance, diagnosis codes, and procedure codes.
NRAD officials say they have no indication that the information has been disclosed or used by any third parties, and have no evidence that any financial information was accessed. The practice says there is very low risk from this event and the data breach has been contained. The organization also said the employee is no longer working at the practice.
About the Author
Rajiv Leventhal
Managing Editor
Rajiv Leventhal is Managing Editor of Healthcare Innovation, covering healthcare IT leadership and strategy. Since 2012, he has been covering health IT developments for the publication's CIO and CMIO-based audience, and has taken keen interest in areas such as policy and payment, patient engagement, health information exchange, mobile health, healthcare data security, and telemedicine.
He can be followed on Twitter @RajivLeventhal