A Garden City-based radiology practice has sent letters to 97,000 patients informing them that an employee had unauthorized access to their personal information.
In its letter, NRAD Medical Associates says the practice discovered on April 24 that "an employee radiologist accessed and acquired protected health information from NRAD's billing system without authorization."
The worker is "no longer employed at the practice," according to a "Patient Q-AND-A" distributed by NRAD. Mark Smith, a spokesman, said he could not comment on the employee because of ongoing investigations.
Shams Tarek, a spokesman for Nassau County District Attorney Kathleen Rice, said NRAD contacted the DA's office, which is investigating with the help of the Nassau police.
The breached information included names and addresses, dates of birth, Social Security numbers and health insurance information, including diagnosis and procedure codes, the letter said.
The practice said it had "no indication that the information has been disclosed to or used by any third parties and no evidence that your credit card banking or other financial information was accessed."
The letters were sent to patients "in waves," starting June 17, Smith said. The practice said the 97,000 patient files represent about 12 percent of the more than 800,000 patients NRAD has treated in the last two decades. The practice includes 56 radiologists, radiation oncologists and doctors in other medical specialties.
NRAD, which has 18 locations, most of them in Nassau, recommended that notified patients immediately contact a credit bureau to place a fraud alert. It also established a hotline for patients to call with questions: 800-926-8180. Patients can also get information online at www.nrad.com/files/ nrad-answers_2014_06_13.pdf.
Breaches of medical information are a growing problem. The federal Department of Health and Human Service's Office for Civil Rights said in its latest report to Congress that from September 2009 to December 2012, the office received 710 reports of breaches of health information affecting about 22.5 million people. Most were the result of theft, the report said.