The Security Scrutinizer with Howard Anderson

Social Media Abuse Leads to Jail Time

An Eye-Opening Lesson About Patient Privacy

Looking for a way to call attention to the potential consequences of abusing the use of social media? Then share the story of an Oregon nursing assistant who just spent eight days in jail for invasion of personal privacy.

See Also: Breaking Free from VPN Limitations: Simplifying Remote Access Security

Nai Mai Chao's Facebook page included graphic photos of patients at a nursing home, along with derogatory comments, according to several news media reports. She denied taking the photos, but admitted posting them. As a result of her conviction on the misdemeanor charge, Chao was sentenced to the jail time, two years of probation, plus community service and was ordered to pay a $500 fine. She also surrendered her nursing certificate and was fired from her job at the Regency Pacific Nursing and Rehab Center in the Portland suburb of Gresham.

In a creative move, the judge in the case ordered Chao to write a 1,000-word apology to a patient that "should be an insightful look at why the defendant did what she did," according to the Associated Press. If the essay doesn't meet that standard, the judge ruled, she could be charged with violating her probation. She also was forbidden for two years from working in a job that would require her to care for children or the elderly. And, of course, she was told to avoid using social media or photographing people without their consent.

Kelley Cloyd, a prosecutor in the case, said, "It's a good lesson that we need to be responsible about things we are posting online," according to the news site

Patient privacy can be violated in many ways on social media. In this particular case, some nursing home workers were able to recognize one of the patients even though the photo didn't show his face. In other cases, discussing patients without naming them can reveal enough details to create a privacy violation. And, of course, discussing patients by name on Facebook, Google Plus, Twitter, MySpace or other social media is a clear HIPAA violation.

Does your organization have a social media policy in place? Does it have a zero-tolerance policy when it comes to privacy violations? And has your organization educated all staff about its policies as well as potential legal sanctions? Even if you've taken these steps, it's advisable to provide ongoing awareness campaigns. And that includes sharing news stories about those who have abused social media and suffered the consequences.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.