Sermo Strikes Back: A Physicians’ Online Community Lashes Out Against Bloggers Who Publicize Security Gap

9/26/07

When I saw over the weekend that two different blogs had posted on the apparent ease of hacking into Sermo, the password-protected social network for physicians, my first thought was: “Those docs are going to be pissed.” Sermo, after all, promises physicians a secure, closed environment where they can consult with their peers, and if there’s one thing I know about doctors, it’s that they take the peer part—that whole MD thing—awfully seriously. So I was thinking that the Cambridge, MA-based startup and its founder and CEO, Daniel Palestrant, must be getting inundated with feedback from angry physicians taking them to task for evidently leaving a door open to the riff-raff.

As is my track record with Sermo, I got things partly right. According to Palestrant, “all hell broke loose” when word of the blog entries—one including step-by-step instructions for gaining access to Sermo without having an actual MD, and one claiming to have done so without spelling out exactly how—reached the Sermo community. And from comment threads on Sermo (no I didn’t hack in; Sermo provided screenshots), and on the blogs themselves, it seems that many Sermo users are indeed angry—but at the bloggers, not Sermo.

A comment on Sermo, directed toward the authors of the how-to post, is typical in its sentiment, if not in its relatively mild language: “Why would you publish the method for subverting SERMO to the public? This forum is something I value. How dare you compromise that! Shame on you.” Another asks: “Can’t we meet at least one place as peers, without malpractice lawyers, MD wannabes, and certified dogooders horning in to tell us how we should be doing things?” (Elsewhere, journalists are also singled out as persona non grata. Ouch.)

A few of the Sermo comments defend the bloggers, mainly on the grounds that they’re benefiting the community by exposing an important security loophole, but by and large the contempt for them is eye-popping. One user suggests waging an advertiser boycott against Medgadget, an MD-authored blog on emerging medical technologies, which published the how-to post. Others offer thinly veiled suggestions that the post’s authors be reported to their state medical board and the Drug Enforcement Agency for outlining how non-physicians can “impersonate” a physician on Sermo, in part by obtaining a real doctor’s DEA prescribing number. (Medgadget defends itself in an open letter to Palestrant posted this morning.)

Palestrant swears, by the way, that none of Sermo’s employees are anonymously weighing in to tip the discussion in the company’s favor, a la Whole Foods or Constant Contact. And of the 10 to 20 calls he and his team have fielded so far, he says, “we haven’t had one physician who isn’t supportive of Sermo.” To Palestrant, the fact that many Sermo users have circled the wagons to protect the site is an indicator of the year-old online community’s vitality. “As a scientist,” he says, “one of the signs of life is seeing an organism defending itself.” My sense is that Palestrant is a lemons-to-lemonade sort of guy to begin with, and that he’s really enjoying the fact that, rather than blaming him, Sermo users are helping him squeeze the fruit.

As of yesterday, Palestrant says, Sermo had installed a patch (already in the works before all the drama, evidently) that should render Medgadget’s instructions for gaming Sermo’s physician-authentication system useless. Where the previous system required registrants to provide several publicly available pieces of information to prove that they’re licensed physicians, the new system requires some data that should be available only to the individuals. (Previously registered users will have to be re-authenticated the next time the log in, Palestrant says.) Still, Palestrant says, “there’s no such thing as bulletproof security”—and putting up more roadblocks for poseurs inevitably raises the barrier to entry for legitimate users.

At the risk of drawing fire from the “Sermaphrodites” (their term, not mine), I think all the focus on exposing and patching the security gap misses a key point: there are plenty of people with MDs who are also lawyers, pharma reps, industry consultants, and (heaven forfend!) journalists. Which begs the question of just how closed a closed community needs to be in order to function and thrive. And with Sermo looking to use the information generated by its community in more and more ways—including as the basis of a Wikipedia-like medical reference source and in partnerships with the AMA and FDA—I think it will become increasingly important to understand the influence of those legitimate users whose first priority is not patient care.

By posting a comment, you agree to our terms and conditions.

  • http://www.medgadget.com Bruder

    Michael,

    What’s amusing is that you seem to think its more relevant whether Dr O is single or double boarded than whether those thousands on Sermo are MD’s at all. Dr O was simply defending his own credibility while under attack of not even being a doctor.
    I think this is the real question you’re avoiding: do you care whether the doctors on Sermo are real doctors or not? Or is only Dr O’s double boarding important to verify?

  • Michael

    Bruder –

    Lets put the question of Sermo aside and put aside or even for the sake of the argumetn agree with you that Dr O is an excellent, well trained doctor and is Director at his hospital unit because he is recognized by all in the hospital as being the brightest and the best doctor and leader.

    OK, lets get down to the issue I keep trying to raise.

    You are the editor of medgadget.com or any other media, including an internet site, and you have hired Dr. O to be a reporter. Later on you find in his CV that he said he was double board by the American Board of Anesthesiology and the American Board of Echocardiography.

    You now find out that in medical circles and in hospitals that the term boarded is taken to mean boarded in one of the specialties recognized by the American Board of Medical Specialties and his Anesthesia board is recognized but his Echocardiography is not and it is called the National Board of Echocardiography on its web site NOT the American Board of Echocardiography.

    As an editor, would that concern you? That is the question I hope you will answer.

  • Michael

    Bruder

    Let me make it even easier for you to answer, and lets says it was not Dr O but another completely different doctor, a Dr. X. and the site is not medgadget.com but brudermedtechreport.com

  • Michael

    Bruder –

    Separate from my questions above, which I hope you will answer, regarding your comments on 9/29/07 2:15 pm, I would like to make some points.

    You seem readily willing to question the credibility of Dr. P on Sermo, but not Dr O on Medgadget.

    The FAQ on Sermo make everyone aware that non-doctors may post and monitor what is going on, and now they are aware that non-doctors may join and post as doctors and now the doctors know and would imagine they can come to their own conclusions and decide what they want to do.

    If the purpose of medgadget is to report news, then you have. If the purpose is to play hardball with Sermo and DR. P, then why are you surprised that some will want to play hardball back in regards to medgadget and Dr. O.

    I guess Dr. O et al at medgadget need to decide just what is the purpose of medgadget.

    No, I do not know what is Dr P’s purpose at Sermo – only talking about medgadget now.

  • Judy

    Fundamental Points raised by the Sermo’s “questioners”: (Ostrovsky, Grohol, Nick, Bruder, Joe, Justin, Andrew (while Andrew says he agrees with Michael, his points clearly don’t)

    Fundamental Proposition (as it seems to me at least) – Sermo is Not Acting in a Trustworthy Fashion:

    1. There’s no way to confirm that every doctor on Sermo is a real practicing MD using publicly available information on Doctors
    2. Sermo already knew there were problems and did nothing about it
    3. Sermo and its supporters should have welcomed this information as an opportunity to make positive changes to its business vs. attacking those who discovered the flaws
    4. Sermo’s method of making money and its reaction to these challenges to its credibility over the past week demonstrates an inherent conflict of interest with how the vast majority of physicians want to leverage Sermo’s service. Additional points I found interesting:
    a. Even if you could assure everyone was an MD with whatever security patch you could imagine, it still would be not be sufficient because so many MDs actually work for Industry – and these MDs would have a high degree of motivation to affect what’s being “talked about” on Sermo
    b. Because Sermo earns its money by selling physician data (and therefore obviously the information being sold is cannot be made public or else there would be nothing to sell), there’s no way to be sure how legitimate the questions and answers on Sermo are beyond taking Sermo’s word for it (see bullet C)
    c. Based on Sermo and its anonymous supporters’ reactions to the holes in how it operates, and that to earn an ROI for its shareholders necessitates them at least appearing to be credible, taking Sermo’s word for it seems increasingly hard to justify based on the empirical facts (as opposed perhaps to personal knowledge of Sermo’s management team).

    Fundamental points raised by Sermo’s “supporters” in addressing the fundamental issue of a conflict of interest: (John, James, Michael, and excerpts from Dr. P’s original comments in the first post)

    Basic responses to these questions:
    1. MedGagdet and others should not have told anyone beyond Sermo about their discovery
    2. The MedGagdet author pads his resume, so his arguments must be wrong
    3. We should all please stop talking about this and move on
    4. Sermo is a private company so doesn’t need to share information with anyone
    5. Rebecca Zacks, editor of this site, I think you are impressive!

    Hmmm… I’ll score the first round Questioners 1, Sermo Supporters 0

  • http://www.medgadget.com Bruder

    Michael,

    Again you’re forgetting that this is an issue with Sermo, not Medgadget. And we’re satisfied with Dr O’s credentials.
    Judy, thank you for the summary of the points, and I think they make clear that the issue is being obfuscated by certain parties. Also, I’d give the Sermo Supporters a partial point for their opinion of Rebecca Zacks.
    Moreover, I just discovered an article from a year ago which points to this very fact that fakesters have infiltrated Sermo long ago and try to undermine the products of certain companies over others.
    http://www.democrats.org/page/community/post_group/CampaignPoliticialJobs/CLrp

  • Michael

    Bruder –

    If you are satisfied with how Dr O represented his credentials and it meets the standards of medgadget.com, then so be it.

    Everyone in this discussion can make up their own mind as to how to view it.

    Are the importance of the words of a doctor in discussing this topic proportional to the number of boards, or his/her position in a hospital or university setting. Certainly if talking about a clinical medical issue, that may carry weight, but this is not about a clinical field, so does it make a difference. I know doctors who are triple boarded in boards recognized by the American Board of Medical Specialties so should we defer to them on this issue because they have triple boarded? How about all the people who are not boarded at all – are their words less valuable. Of course not.

  • Michael

    There are a number of issues here. There is certainly the issue of Sermo of which there are legitimate questions raised about Sermo.

    The other issue deals with credibility.

    To me if you find something that is misleading about something or someone with which you are familiar, then it raises the question about how do you accept things about which you know far less.

    A reporter is only as good as his/her credibility and a site or newspaper, TV or any other media source is as good as their standards.

    There is an old saying: “you pays your money and takes your choice.” Fortunately the internet has given us a large number of choices “to takes.”

  • Judy

    If I understand the last post correctly, let me add another bullet to the Sermo Supporter’s “Basic Reponses” from my earlier post

    6. Relative to other sites that could be taking advantage of you, Sermo is not that unscrupulous

    Err… Still Questioners 1, Sermo Supporters 0 on my scorecard.

  • http://www.medgadget.com Bruder

    Michael,

    If you don’t think its relevant whether someone is single or double boarded for this discussion, how about you stop focusing on nitpicking that issue?

    As for you claiming that this has something to do with credibility of Medgadget reporting on this, then you’re just being silly because in the long run, there is no need for credibility here. The issue is very clear that Sermo is compromised. As I said before, you don’t need an expert to see that the door is open. If a ten year old would have noticed this, it would have been just as true. So I say again, stop focusing on Medgadget on this one. Its about Sermo, not Medgadget.

  • Edward

    For Joe 9/28/07 9:07 pm

    You asked for an impression of what the Sermo client side looking glass is like in the interests of disclosure. Well here you are.

    http://www.fda.gov/ohrms/dockets/dockets/07n0016/07n-0016-ts00028-frost.pdf

  • Judy

    OH MY GOD!!! CHECK OUT PAGE 10!

    “Watched Physicians” !?!? I thought Sermo was anonymous??

    We propose posts of interests?!? I thought the content was not influenced???

    Page 11 – Most active taggers – AGAIN BY NAME!

    “Watchlist”… This is like a twisted CIA movie!

    Forget the scorecard metaphor of Questions vs. Sermo Supporters. I no longer want to watch in this game… Glad I’m not a Sermo shareholder.

  • Michael

    Bruder –

    I cannot think of a better statement about the journalism of medgadget.com than to quote your very words as you have said i best:

    “As for you claiming that this has something to do with credibility of Medgadget reporting on this, then you’re just being silly because in the long run, there is no need for credibility here.”

    Being sarcastic, “there is no need for credibility here” might just make a good masthead saying for medgadget.com

    Wonder what Rebecca at xconomy.com would think about that – any response Rebecca?

  • judy

    credibiliy blah blah blah…

    DID YOU SEE PAGE 10 ?!?!?

  • http://www.medgadget.com Bruder

    Wow, indeed. It does look like real names being used, because just on page 11, they’re using nick names. How absurd is that, when the doctors themselves don’t know who is who?

  • Michael

    Duh – of course Sermo knows who goes by which user name. They do give out money to the members for different reasons so they have to a real name for the check and an address to which to send it. Talk about a lack of credibility of being knowledgeable.

  • Judy

    Excerpts from Sermo’s privacy policy from http://www.sermo.com:

    3. HOW INFORMATION MAY BE SHARED
    a. Sharing
    Sermo may share aggregated demographic information with Sermo’s partners. This is not linked to any personal information that can identify any individual person.

    e. Forums Including Ticket Titles and Posts, Ticket Votes, Discussion Boards and Blog Comments

    When you participate in a http://www.sermo.com Forum including, but not limited to, Ticket Titles, Ticket Posts, Ticket Votes, Discussion Boards, and Blog Comments, Your name or alias and IP address may be recorded for purposes of maintaining Your own account within the Forums and preventing abuses of the forum (see forum or online community rules for more details). This information is not used to monitor Your activity within a forum, nor is it used to identify You outside http://www.sermo.com in any way.

    I’m no lawyer – but Page 10 and 11 look like they clearly violate the privacy policy they have shared with all of the physicians who have ever used Sermo.

    Anyone out there with a law degree to comment here?

  • Judy

    Michael – time to stop now. No one will believe that FDA is sending checks to Sermo docs, and no one will believe that Sermo built the “watchlist” as shown in Pages 10 and 11 with individual physician names because it makes Sermo’s accounts payable process easier.

    Michael – It’s really time to stop now…

  • Michael

    Judy

    Medgadget showed there was a securiy problem at Sermo, what you and others are now pointing out is known and is evidently on Sermo, so every member on Sermo can read it and decide for him/herself and is not news.

    The issue is an internet security issue which is not a medical issue, so Dr O’s medical CV is irrelevant to this technical issue BUT DR O is the one who brought it up in his and his listing of his qualifications, which has nothing to do with the security issue at Sermo, is a reflection of his credibility and despite what Bruder (whose name links to medgadget) says, in an internet site that wants readers, credibility is important.

  • Michael

    Judy – lets say for the sake of argument that everything you say about Sermo is right.

    Is the credibility of the people reporting and the web site important or is it only the story that matters.

    Bruder has said “there is no need for credibility here.”

    Rebecca has said “As an editor, I’d certainly have a problem with a journalist who wrote for my publication padding his resume or otherwise misrepresenting his professional background–that holds whether the publication is online or in print.”

    Judy what is your opinion?

  • http://www.mexicomedstudent.com/ enrico

    I’m a med student (the 35yo kind, not the 25yo kind) who was a prior computer administration and security professional. I’d list my credentials, but I fear “Michael” might be outside my window with binoculars w/in 12 hours (might not, since there’d be no wireless there to post comments).

    Hey Mikey, Dr. O. (whom I have never met and only email corresponded with briefly yesterday) has everything out there on the table. Who the hell are you? What are your credentials that can be independently verified? Do you have 2+ board certifications that justify the indignation of Dr. O. having “misrepresented” himself? We’ll never know, will we, because your ad-hominem attacks are shielded behind your lame curtain of pseudoanonymity. (at least I have the gonads to post as the real me, complete with a link trail)

    But then I found this, doing a quick comment recap just now: “[Michael is] in the health field and interested in technology.” STOP THE PRESSES! Man, I wish I hadn’t wasted those minutes typing the above. “Health field” can mean anything, but it has big, neon “NOT A PHYSICIAN” blinking behind it. So all of this “high brow” opinion from a non-Sermo user. Yeah, I gotta go back to watching some paint dry now.

  • Michael

    Enrico –

    Most of your comments speak for themselves far better than I could so I will not make any comment.

    There are two issues here and I, of late, have been discussing the one about credibility.

    There certainly is a security problem at Sermo about non-doctors joining, but a lot of the other issues raised are not clear cut at this time.

    With all the media, including the internet and sites like this, it becomes a formidable task to know to whom to listen. That is where the question of credibility comes in. If you are reading something about which you are not completely knowledgeable, the credibility of the reporter and the site are important in deciding how to accept it.

    For whatever reason, Dr O chose to use his medical credentials to strengthen his position in regards to a non-medical issue, so he opened the door to the issue and represented himself to doctors which was not completely forthright.

    As a third year medical student you may very well not understand the meaning of being board certified, in the US, and just what boards are accepted by the medical community and hosptials as legitimate in calling yourself board certified. I would expect in time if you take a residency in the US and become board certified by one of the boards of the American Board of Medical Specialties, you will then understand it.

  • http://www.medgadget.com DrO

    Michael:

    How is my credibility compromised? By the fact that I said that I am “double boarded”? I did not even know that double boarded necessarily means being certified by boards that are members of the American Board of Medical Specialties. (for those that still don’t understand, his definition of double means being certified in cardiology and radiology, for example, i.e. medical specialties). I thought once I have two certificate with “Diplomate of … Board,” that’s enough.

    My second board (in addition to American Board of Anesthesiology, a member of American Board of Medical Specialties), is not in holistic medicine, not in acupuncture, not in Chinese medicine, not in foot massage, but in echocardiography from the American Board of Echocardiography. In other words, echocardiography for open heart surgeries.

    SO WHAT CREDIBILITY PROBLEM DO YOU, sir, HAVE?

  • Michael

    Enrico

    As a third year medical student you will over the years be reading a lot medical journals and web sites and you will need to learn how to weed through all them and the credibility of the author and especially the journal in which it is published, will be important. Perhaps in ten years after you have finished all your training you will look back and understand the meaning of board certification and the importance of credibility.

  • http://www.medgadget.com DrO

    Michael:

    How is my credibility compromised? By the fact that I said that I am “double boarded”? I did not even know that double boarded necessarily means being certified by boards that are members of the American Board of Medical Specialties. (for those that still don’t understand, his definition of double means being certified in cardiology and radiology, for example, i.e. medical specialties). I thought once I have two certificate with “Diplomate of … Board,” that’s enough.

    My second board (in addition to American Board of Anesthesiology, a member of American Board of Medical Specialties), is not in holistic medicine, not in acupuncture, not in Chinese medicine, not in foot massage, but in echocardiography from the American Board of Echocardiography. In other words, echocardiography for open heart surgeries.

    SO WHAT CREDIBILITY PROBLEM DO YOU, sir, HAVE?

  • Michael

    Dr O – with all due respect, I really find it hard to believe that you were not aware of the meaning of board certification and the American Board of Medical Specialties.

    For whatever reason, you felt that was important in convincing others in regards to your points about Sermo which are not at all related to your medical specialty, to cite your double boards so you opened the door.

    The web site you cited for your second board says “National” not “American” as has been pointed out before but you still use the term “American” (like in the American Boards of Medical Specialties) rather than National. Is that meant to mislead,or just sloppy?

    Everyone can decide for themselves what is important as to credibility. I think your credibility has been hurt. Others may disagree. I hope to learn more about Sermo, but right now would prefer a report from Rebecca at this site rather than you at medgadget – but that is just my opinion. As I said before, “you pays your money and takes your choice” and now I would chose this site and others can pick whatever they want.

  • Michael

    Besides Rebecca with her qualifications, is there anyone else still reading this who has journalistic qualifications who would like to venture into the “lion’s den” and make a comment about credibility in the media.

    Not at this time interested in Sermo or in medical or internet security or technology qualifications, but journalistic qualifications since these internet sites are part of the media.

    I make no claims of any journalistic qualifications like Rebecca has.

  • http://www.medgadget.com DrO

    Michael:

    Here’s just for you:

    National Board of Echocardiography. NATIONAL. Thank you very much. Like in National League, not American League, not like in American Boards of Medical Specialties. But more like in National Boards of Medical Specialties.

    Are you boarded through the National Boards of Medical Specialties in “sloppy thinking” category? You should apply.

  • http://www.medgadget.com DrO

    I am a journalist. I get press passes. I broke exclusive stories. I write, and I bring news to many people every day: medtech news. Our site is an official Google News source. We are “media sponsors” at different conferences. We were the only news organization reporting from Frost&Sullivan medical devices awards. Companies contact us with press releases, b/c they want us to report about their wares.

    Just because you don’t like us, doesn’t mean we are not journalists.

  • Alice

    Reading through these posts feels a bit like watching a car crash that is so ugly, yet I can’t avert my glance. I think the worst part is that all this vitriol distracts from the important question, which is what can Sermo do to strengthen its security?

    I’m not a doctor; my expertise is around social networking and new technology. I’m intrigued by Sermo’s business model. The idea that this closed community needs to be air tight is a little absurd to me. First, there are no real absolutes in security. Second, and most importantly, a community like Sermo’s tends to be self-correcting. The evil impostors can only wreak so much havoc before the wisdom of the crowd intervenes.

    I think some of the behavior demonstrated here is a shame. Sermo is a great idea. It has taken the model of social networking and given it a powerful context that could be meaningful to so many. I’m not trying to argue that it doesn’t have an achilles heel…look at Microsoft?!

    It appears to me that the Medgadget folks have an agenda; your words about Sermo go beyond the issue at hand; it’s personal. I can’t find any proof that Sermo’s actions are intentionally deceptive or malicious (some of these posts make them out to be down right sinister).

    It would be more interesting and useful to see a dialog that explores the larger question of how innovative companies can be effective while successfully tackling these complex security issues.

  • Michael

    Dr. O

    Since you are a journalist with a press pass I am sure you realize just how important credibility and attention to detail.

    My comment about “sloppy” was not being sloppy about being boarded, but being sloppy by continuing to refer to it by the wrong name in a way that makes it sound like all the American boards which are part of the American Board of Medical Specialties. That is certainly being sloppy with an important detail and raises further questions about credibility.

    I have looked at your website and there is a lot of very good reports about technology and medicine and the latest gadgets in medicine.

    Your response to my use of the word “sloppy” in reference to your using American and not National is very interesting. Rather than just admitting there was an error, you make light of it and attack me.

    If I remember correctly, a while back there were some questions raised about the New England Journal of Medicine (NEJM). If I remember correctly the NEJM quickly admitted the problem and immediately corrected it rather than denying it or attacking those who pointed it out. On the other hand there have been stories in the main stream media about errors, false stories, padded and made up CVs where the newspaper did not admit it quickly and did not quickly take action.

    No one, or media source, is perfect, but quickly admitting and correcting mistakes and not denying or attacking, is part of credibility of a news source, whether it be the NEJM or the New York Times or medgadget.com

    As I have said, these are my opinions. I do not have a press pass or any journalism training or experience like Rebecca has, but that does not mean that what I consider important as regards to credibility is wrong.

    Whether you want to admit the problem and publicly take care of it or just maintain the status quo of not admitting it, making light of it and attacking others is your choice. In my opinion how and what you do also reflects on the issue of credibility.

  • http://www.medgadget.com DrO

    Robotic Michael:

    It seems that no matter what I say gives the same result: raises further questions about my credibility within your sloppy thought process.

    What credibility are you talking about?

  • Andrew

    Alice,

    I think your points are well taken, but Sermo’s lack of security is now a minor issue relative to Sermo violating its own privacy policy by disclosing the identity of Sermo users to their industry clients. As Edward discovered in his post of 9/29/07 10:35 pm yesterday –

    http://www.fda.gov/ohrms/dockets/dockets/07n0016/07n-0016-ts00028-frost.pdf

    the FDA (AMA and other clients of Sermo?) are apparently given access and the actual IDENTITY of Sermo users and their activity on Sermo using tracking, surveillance and dashboard capabilities, violating its own terms of service and privacy policy (see page 10 & 11 of the above document). If Sermo’s own marketing and privacy policy states they only disclose AGGREGATE information to their industry clients, yet their products to industry reveal IDENTIFIABLE information that allows them to track individual physicians, then THAT is the bigger problem for Sermo. If full disclosure is Sermo’s policy then the above document outlining exactly how much identifiable information is disclosed to third parties should be made front and center to Sermo users. It is only then that Sermo users can decide whether or not they would like to participate. Thus, this is no longer a technical issue, but a policy issue.

  • Michael

    Dr O

    Regarding your comments “I am a journalist. I get press passes” and “Our site is an official Google News source” :

    There is a local town crier type of newspaper in my area and they used to have a woman with a press pass who would cover the local city and school news.

    Google has many news sources from all over the world, like Aljazeera.net from Qatar and Xinhua News Agency from China and including many in the US who politically slant their news. I am not aware that Google gives a “Good Housekeeping Award” for journalism.

    Google and a press pass have nothing to do with the question of credibility and excellence in journalism

  • Michael

    We need to keep the topics separate for NOW. One topic is Sermo and the other is credibility in journalism. They will ultimately intersect when deciding who to read in the continuing story of Sermo.

  • Alice

    Ok, I’m so intrigued by this that I went back to read Sermo’s privacy policy as well as their FAQs. I don’t get the conflict. They clearly distinguish personal information from a personal profile:

    “Your personal profile shall be available for viewing by other registered participants of Sermo and will be considered non-confidential and non-proprietary. Providing additional information in Your personal profile beyond what is required at registration is entirely optional and can be altered or removed by You at any time.”

    It seems to me they leave it up to the registrants to provide as much or little information as they feel comfortable revealing.

    Again…this just seems to me like a deflection from the real issue of security.

  • Michael

    Alice –

    Yes there is a problem with the security on Sermo as far as non-doctors being able to join. Lets agree to that.

    The question becomes in the on-going story, who and which source(s) are you going to rely on for more information.

    I believe that credibility, attention to detail and impartiality are extremely important in journalism.

    People can determine for themselves just who they will count on to be credible, attentive to details and impartial.

  • http://www.medgadget.com Bruder

    Michael,

    Really, how many times do you have to repeat your credibility line? Why is it that if you think credibility is important, you yourself do not provide your credentials? Why should we listen to a word you say if we don’t know a single fact about you? So, first identify yourself, then go after the minutiae details of others. Seriously, you are a figment of our imagination that simply will not drop it. You really are a broken record.
    I bet I have not succeeded in my trying to stop you, so I’ll ask you a question that should ease you into writing that thing you already wrote a number of times: is credibility important when we get our information?

  • Andrew

    Alice,

    You are citing Sermo’s policy as it pertains to the information that may be visible physician to physician, not the information Sermo Inc. may share with industry clients like the FDA, AMA, pharmaceutical companies, hedge funds, etc. The document shared by Edward yesterday was prepared for the FDA by Sermo Inc. and clearly shows on page 10 and 11 of the following document

    http://www.fda.gov/ohrms/dockets/dockets/07n0016/07n-0016-ts00028-frost.pdf

    that the FDA is given access to the identity and activity of INDIVIDUAL physicians using Sermo. This seems to contrast with Sermo’s own privacy policy which states:
    “3. HOW INFORMATION MAY BE SHARED
    a. Sharing
    Sermo may share aggregated demographic information with Sermo’s partners. This is not linked to any personal information that can identify any individual person.”
    And later –
    “Your name or alias and IP address may be recorded for purposes of maintaining Your own account within the Forums and preventing abuses of the forum (see forum or online community rules for more details). This information is not used to monitor Your activity within a forum, nor is it used to identify You outside http://www.sermo.com in any way.”

    I would agree that physicians are keenly aware that the information they choose to share in their profiles is “public” to the other physicians(scratch that) users of Sermo (again, the security problem underscores that a physician is unable to assume that Sermo is a physician-only site with 100% confidence), but the policy makes clear that such information IS NOT to be shared by Sermo outside of the physician-only(scratch that) user community. Sermo users have an expectation that their names, aliases, and other information that may identify them personally and individually shall remain within the confines of the Sermo user community – not the AlphaMD(the looking glass side of Sermo) user community (and Sermo has a contractual obligation to do so). Sermo is posting personally identifiable information – names and aliases – on their customer portals, which IS NOT DISCLOSED in their privacy policy or anywhere else.

    Again, I agree with you that security is a problem. No argument there. However, the second, and probably more important issue, is that Sermo’s own privacy policy appears to be inconsistent with the identifiable information disclosed to their industry clients like the FDA, among others.

  • Michael

    Bruder

    “Why is it that if you think credibility is important, ”

    It is obvious from this statement and what you said before, that in journalism you do not think credibility is important,

    “you yourself do not provide your credentials?”

    I am not claiming to be an expert about internet security matters or to have training and education about journalism or am the one making any claims about my CV, but I am a reader of the media and know the importance of credibility, attention to detail, and impartiality.

    The fact that you and perhaps others at medgadget, do not care about credibility is your choice how you run medgadget.

    Given a choice of reading about something with which you are not familiar, would you pick a news source known to be credible, attentive to detail and impartial or not – simple question.

  • Michael

    Andrew –

    You raise some good points. Hopefully there will be a good news source that will continue to report and keep us up to date.

    Wonder if Rebecca would like to do or oversee an investigative news report at xconomy on Sermo and the additional questions raised?

  • Alice

    Andrew, I’m trying to see your point. I’m looking at page 10 and 11. I’m looking at the privacy policy. I don’t see where you get that the FDA is “given access to the identity and activity of INDIVIDUAL physicans using Sermo.” Maybe I’m missing it.

    It seems that you are inferring the “physician to physician” statement. What I’m reading specifies “registered participants” which in my mind includes physicans and clients. It looks like an alias/user name is viewable in the panel but no other identifying information (unless doctors choose to disclose their identity in the profile, I guess).

    I suppose if anything, their wording might be vague but if a doctor is so concerned with their privacy, they will not provide any identifying information in their personal profile, yes?

  • Michael

    One of the reasons I suggested Rebecca is that her CV regarding journalism is impressive and I have found no reason to question it.

    Another reason is in the above discussion about the term “Sermaphrodites” she was very straight forward in her answer without making light or attacking. Same with her response to the question about any relationship of xconomy and medgadget -very straight forward without any personal attacks.

    These, as a non-professional when it comes to journalism, are some of the things for which I look.

  • http://www.medgadget.com Bruder

    Michael,

    What you’re saying is starting to make me think that you think credibility is important. I’d like to hear a little more from you on that.
    Also, you’ll be able to follow all the developments to this story on medgadget.com, all verified, credible, and fair. Or, Michael, you can continue reformulating your last dozen posts, switching words around, and using the thesaurus to get more variety into your singular thought. We’ll be following those developments here.

  • Michael

    Bruder –

    Being sarcastic to make a point, but I would guess, that Joseph Stalin in Stalinist Russia years ago, would have said your exact words about the news in Pravda.

    Quoting you again:
    “there is no need for credibility here”

  • Alice

    Hhhmmm…not to be an instigator but from what I’m reading, I’d lend more credibility for fairness to http://psychcentral.com/blog/archives/2007/09/22/sermos-9m-weak-security-model/
    than to Medgadget.

  • Matilda

    I would like to point out that the above referenced “dashboard” has been taken out of context. This is not an actual snapshot but a proposal over a year old as presented in the post it is taken out of context from.

  • http://www.medgadget.com Michael

    Michael,

    I’m sorry, but you yourself have nothing to add. Your contribution to this conversation is nonexistent. If nothing else, at least we’ve done something. You’re just a stupid repetitive troll who can’t seem to hold more than one argument in his mind. You say A, I respond with B. You say, C, and I respond with D. Then you say, but what about A? And I respond with B… Life must be nauseating for you.
    And yes, Michael, a ten year old’s credibility is good enough to tell me whether my house door is open or not. You probably were not able to discern that when you were 10, but I guess we’re all made of different stuff. I now prod you to continue asking about A.

  • Judy

    Matilda and all,

    How can you indicate that this

    http://www.fda.gov/ohrms/dockets/dockets/07n0016/07n-0016-ts00028-frost.pdf

    is taken out of context, and that is over a year “old” ?

    Point 1: Page 4 of this document states that current 3/07 Sermo is at 10,000 users, That’s 6 months ago, not 12, and clearly after Sermo launched with its current (now demonstrably false) assertion that it does not share specific information.

    Point 2: This is from the FDA’s website, not Sermo’s. There’s no way to argue that this is an internal Sermo document that is not shared beyond Sermo.

    Point 3: If you look at the middle column of Page 10 of this document, you see full physician first ad last names on the “Physician Watchlist” – not nicknames, not aggregate information, but first and last names, and the implication of “Watchlist” is that these physicians are personally tracked as to their activity.

    What more of a smoking gun do you need?

    If its a “context” problem, then maybe Enron was taken out of context too…

  • Michael

    To the Michael above whose name also links to medgadget along with Bruder and Dr O:

    No need for me to comment as your own words, along with Bruder’s and Dr O’s, say it all.

    You at medgadget certainly stick together – guess if all three of you say the same thing in attacking, it must be triply, not merely doubly, true.

    If you have read my posts, they are about credibility issues.