25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

White Blossom Care Center Notifies Residents of Improper PHI Access

Posted By on Jul 3, 2017

White Blossom Care Center in San Jose, CA has started notifying approximately 800 of its residents that some of their protected health information has been inappropriately accessed and acquired by a former employee.

The care center was recently alerted to the potential data security incident and launched an investigation to determine whether a data breach had occurred. A third party technical security expert was brought in to assist with the investigation.

The investigation confirmed that data had been obtained by the former employee, although it was not possible to tell when data were accessed and acquired.

The types of information accessed and acquired by the former employee includes residents’ full names, along with insurance provider names and account numbers, dates of birth, Social Security numbers and medical information such as diagnoses, procedures performed and details of medications. White Blossom Care Center believes only a limited number of the acquired files contain the above information. Based on the information available, the care center believes that credit card/debit card information of other financial data were not accessed or acquired.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The incident has been reported to law enforcement and the care center is continuing to assist in the law enforcement investigation. Appropriate state and federal agencies have also been notified of the incident.

No evidence has been uncovered to suggest any of the information obtained by the former employee has been used inappropriately, but out of an abundance of caution, all affected residents have been offered identity theft protection services for a period of 12 months without charge.

The care center has advised all residents that safeguards had been introduced prior to this incident to prevent unauthorized access and keep personal information secure. However, the incident has prompted the care center to review its safeguards and improvements will be made as appropriate. Employee computer user accounts and passwords have also been reconfigured to further restrict access to sensitive information.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist