From the web site of Cardiology Associates, P.C.:
Cardiology Associates is committed to maintaining the privacy and security of our patients’ information. This notice is to inform our patients of an incident involving some patients’ personal information.
We have no evidence that any patient information has been used in any way, but want to inform our patients that on July 5, 2016, we learned that an employee may have accessed or used patient information outside the employee’s job duties. We immediately began an investigation and discovered that on May 2, 2016 the employee emailed a list of patients to their personal email address without a business reason to do so. We are contacting affected patients because their names, dates of birth, health insurance identification numbers, and in some instances, Social Security numbers were included on that list. Please note that there was no information about patients’ medical care on the list. Upon learning of this, we contacted law enforcement and dismissed the employee from the organization.
This incident did not affect all patients. It affected less than 2% of our patients.
We have no evidence that the patient information has been used in any way, but in an abundance of caution, we mailed letters to affected patients on August 5, 2016. We are offering free credit monitoring and identity protection services to all affected patients and have established a dedicated call center to answer patients’ questions about the incident. If you believe that you are affected but do not receive a letter by August 19, 2016, please call 1-888- 839-9224, Monday through Friday, from 9:00 a.m. to 9:00 p.m, Eastern Time.
We deeply regret any concern this may cause our patients. In addition to terminating the employee, to help prevent this from happening again, we are re-enforcing with our staff our strict policies and procedures in maintaining the confidentiality of patient information.
The incident was reported to HHS on August 10 as affecting 907 patients.