HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

White Blossom Care Center Notifies Residents of Improper PHI Access

White Blossom Care Center in San Jose, CA has started notifying approximately 800 of its residents that some of their protected health information has been inappropriately accessed and acquired by a former employee.

The care center was recently alerted to the potential data security incident and launched an investigation to determine whether a data breach had occurred. A third party technical security expert was brought in to assist with the investigation.

The investigation confirmed that data had been obtained by the former employee, although it was not possible to tell when data were accessed and acquired.

The types of information accessed and acquired by the former employee includes residents’ full names, along with insurance provider names and account numbers, dates of birth, Social Security numbers and medical information such as diagnoses, procedures performed and details of medications. White Blossom Care Center believes only a limited number of the acquired files contain the above information. Based on the information available, the care center believes that credit card/debit card information of other financial data were not accessed or acquired.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The incident has been reported to law enforcement and the care center is continuing to assist in the law enforcement investigation. Appropriate state and federal agencies have also been notified of the incident.

No evidence has been uncovered to suggest any of the information obtained by the former employee has been used inappropriately, but out of an abundance of caution, all affected residents have been offered identity theft protection services for a period of 12 months without charge.

The care center has advised all residents that safeguards had been introduced prior to this incident to prevent unauthorized access and keep personal information secure. However, the incident has prompted the care center to review its safeguards and improvements will be made as appropriate. Employee computer user accounts and passwords have also been reconfigured to further restrict access to sensitive information.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.