I don’t know what you did this past weekend, but I spent a lot of mine watching the virtual fur fly in the comments section of my post from last week about Sermo, the password-protected social network for physicians run by the Kendall Square startup of the same name. That story had focused on Sermo users’ strikingly angry response to a pair of blogs that had publicized a weakness in Sermo’s system for authenticating would-be registrants as credentialed physicians. Clearly a healthy dose of that anger (from both sides) spilled over into the discussion here, and for the sake of everybody’s sanity I’m not going to rehash the debate over whether or not publicizing the security gap (which has since been patched) was the right move. But another issue emerged in our readers’ conversation that I think deserves some follow-up: The question of how much of the information about and generated by the site’s physician-users can be seen by Sermo’s clients, which include hedge fund managers, the American Medical Association, and the FDA.
The question arose when an Xconomy reader going by the name Edward posted a link to a set of slides that Sermo had used in a presentation to the FDA about how the agency might incorporate the doctors’ network in its medical-product safety efforts. Other readers, particularly one who goes by Andrew, noted some apparent discrepancies between the information disclosed in the client interface that the slides depicted and what’s allowed to be disclosed by Sermo’s privacy policy and terms of service. Some points were fine, but the big issues seemed to be that in some places the mock-up of the client view used individual physician’s real names, rather than aliases, and that it appeared to let clients monitor individual physicians’ activity on the site, in the sense that it showed how actively individual physicians were commenting, voting, and using a given tag.
I noticed, as did some Xconomy readers, that the client-view slides in question were clearly marked “Sample Information – Not Actual Data.” Still, I thought it was important to see if the privacy standards of the actual client interface that Sermo launched in April, called AlphaMD, jibes with what Sermo users expect. Hence yet another Sunday-evening e-mail to Sermo founder and CEO Daniel Palestrant.
On the question of whether clients can actually see real physician names, Palestrant wrote: “As you have identified, the views are fictional samples from a discussion document that was created prior to the launch of AlphaMD. Sermo has never, nor do we plan to, expose actual physician names on the site either to physicians or to clients. The actual version of AlphaMD that was launched does not and will not in the future expose actual physician names.”
Then there’s the question of whether clients’ ability to use aliases to track some of Sermo users’ activities within the site—which the real AlphaMD does allow, as does Sermo itself, for that matter—clashes with this language in the privacy policy: “When you participate in a www.sermo.com Forum…Your name or alias and IP address may be recorded for purposes of maintaining Your own account within the Forums and preventing abuses of the forum… This information is not used to monitor Your activity within a forum, nor is it used to identify You outside www.sermo.com in any way.”
To get at this point, I asked Palestrant, among other things, what Sermo meant by “monitoring” in this context. He replied, “We wanted to indicate that we would not in any way proactively oversee or moderate the activities of a physician on Sermo. But this is a ‘social community’ and we fully expect that users will want to keep track of each other particularly as they determine whose views they trust and that it would be appropriate for us to provide the tools to do so. While we can understand how someone could take a broader definition of ‘monitor’ to mean that we would not let users of Sermo keep track of other users and activities, this was not our intent and we will clarify the language to eliminate any confusion.”
Palestrant forwarded me a screenshot from the live AlphaMD interface to further clarify things (click the image for more detail). And he outlined in plain language Sermo’s key dos and don’ts for information disclosure. “We do not let clients see profiles of individual physicians. We do not provide actual names of physicians to clients or publications without the explicit permission of a physician… We do allow clients to see user names but again without any translation into an actual name. For voting detail, we do not even allow clients to see the user names. In this case we replace user names with a generic physician 1, 2…n designation.”
Palestrant posted a similar set of answers and explanations within Sermo itself, and from the looks of the comments he’s getting there, users are remarkably satisfied. But it strikes me that as more and more social networks spring up that are, like Sermo/AlphaMD, dependent on balancing exclusivity and openness, anonymity and reputation—and as more and more of the information we rely upon is generated within such networks—we’re all going to have to think very carefully about what privacy means, and what it’s worth.
(By the way, there are some remarkable similarities between the questions raised by the Sermo/AlphaMD setup and those raised by an venture-capitalist-ranking site, www.thefunded.com, which only allows entrepreneurs to join and which generates both public and private information. See Xconomist Daphne Zohar’s interesting post on The Funded here.)
