First, a quick summary of the Sermo-Medgadget battle. A week ago Medgadget runs a post claiming that anyone using publicly available (if somewhat obscure) information can impersonate a doctor on Sermo’s site. A huge fuss breaks out. See the more than 130 comments at Xconomy here and a new article interview with Daniel Palestrant here. Medgadget’s journalist/doctors have spent a lot of effort defending themselves in comments at Xconomy and apparently on Sermo, too. And they’ve met lots of anger from Sermo users. Sermo employees (Sermo’s CEO Daniel Palestrant has told me and others) are not posting on this topic on Sermo or elsewhere. They must be pretty pleased about the loyalty they’re seeing from their members—who remind me a little of Mac users decrying Bill Gates!
Most recently, Medgadget went further. Turning up an old PDF and claiming that Sermo is turning over physicians’ identities to its clients—who are financial institutions, the FDA, AMA and (at some point in the future) pharma companies. To Medgadget’s credit they printed a clarifying comment from Sermo’s CEO which made it clear that this was a mock up and no such information had been passed on to clients.
Next my disclaimer: Sermo is a sponsor of the Health2.0 Conference of which I am a co-founder and co-owner. Sermo has bought at least one job ad on THCB and its CEO Daniel Palestrant is someone I like and who has bought me dinner on at least one occasion. I also have a guest pass to look into (but not post on) Sermo, which I haven’t used in several months. (I like docs, I just don’t care that much what they think!)
On the other hand, three other physician social networking sites (Within3, iMedExchange & PeerClip) were also sponsors of Health2.0, so if Sermo was to go away, it’s unlikely either that physician social networking will end, or that it’ll be the reason for the conference’s demise or my return to the gutter. I don’t own stock in any of those companies.
Finally, I met Michael Ostrovsky from Medgadget at the party at Health2.0, which by the way he gate-crashed as despite being a top investigative journalist he was unaware until the last minute that a well publicized 450 person conference on a topic directly concerning him was happening in his backyard! He was enjoying a drink paid for in part by Sermo. I haven’t seen his check for $7 yet, but let’s assume that he hasn’t been been financially swayed in their favor by their generosity either!
So let’s look a little at what happened.
Sermo built its community by asking for information that had a relatively low threshold for an MD to provide, but wouldn’t easily be known by a casual web surfer. As is typical for an online community. Sermo says that as it’s grown in numbers it’s added more features to check that doctors are who they say they are, and some of them are not revealed by the original Medgadget article. But of course any security feature can be got around with someone with enough time, patience and money. And any site of any kind has to balance security/authenticity features, with ease of use and cost of access. Sermo could do a full military/FBI clearance background check on every new member (a bit like the AthenaHealth employment interview!!)—it could just let anyone sign up and promise they’re a doctor with no checking. What they are going to do is be somewhere in the middle. The question is in balancing access and authenticity, where is the rational place for them to be?
So let’s look at situation rationally.
1) The information Sermo asks for is essentially the same
information asked for by any hospital or clinic employing a doctor or
offering them admitting privileges, or any payer authenticating a
provider for payment. And this information is checked against the same
types of database—a
process which incidentally is not cheap and is the basis for an entire
business by itself. Of course it’s not just online that people get
around this and are pretending to be doctors.
In fact there’s real financial incentives for doing it in the real
world (you can bill Medicare!), and there don’t appear to be any direct
ones for doing it online—at least not in an online community. But if
Sermo really has a major problem with fake doctors it will probably be
managed in the same way that it is in the real world. The other members
of the medical community (or the other Sermo users) will sniff them out
based on their contributions. And it’s extremely unlikely that the fake
doctor online will be able to do the harm that fake doctors in the real
world do. So perhaps it’s medical credentialling as a whole that
Medgadget should go after? It’s hard to see whether Sermo is doing
anything unusually sloppy here.
2) Sermo’s business model is built entirely on selling access to
physicians and their opinions, and they have been totally open about
that. You can say what you like about Sermo management and the VC’s
who’ve poured more than $40m into the company, but no one can call them
stupid. Sermo knows that its most important assets are a) its community
members’ trust that they are among professional colleagues, and b) the
ability to market access to its community to its clients in a way that
maintains that trust. So the organization most incented to make sure
that Sermo’s community members are who they say they are is Sermo! This
is a case in which Sermo’s self-interest will dictate that it will take
the measures necessary to keep the community members honest while
making the community user-friendly. Anything else would be economic
suicide, and I assure you that the investors who wrote those big checks
are not interested in that!
3) In the hacker community it’s usual for the “white hat” hackers to
point out to the organization concerned that they’ve found a breach
before they go public with it. Medgadget chose not to take that route.
Instead it went straight to to the approach of publicizing exactly how
to hack into Sermo, and by the way any other organization that
authenticates physicians. Admittedly they claim that this issue had
already been discussed in Sermo’s forums (I haven’t checked but I’m
sure they’re right). However, because they didn’t bother to contact
Sermo management first indicates that they’re more interested in
publicity and breaking/making a story than actually “authenticating”
Sermo’s community. That’s the clearly the judgment of many Sermo users,
and major cause behind the anger. This is a case where if Sermo
management had told them to go away and refused to talk about the issue
privately after an initial contact, then they’d have a good case for going public.
4) This is pure speculation, but even the mock up
of the “client-view” into Sermo—something by the way that Palestrant
has shown in many public forums—which shows individual physician
identifiers, is not necessarily either a breach of trust or a bad idea.
For example, Sermo may decide that it wants to allow its customers to
directly contact its physicians. Presumably if it offers this option, and
if the physicians concerned opt-in to that process, why is this a
problem? This of course happens all the time in the real world and
there are many businesses based on it.
And in that case why would the client not have access to a view that
shows them that physician’s online activity? Think about why this might
be important. What if the client is the CDC and what if several
physicians are reporting that they might be seeing an outbreak of a
disease. Wouldn’t it be helpful for the CDC to be able to contact those
physicians for more details, again on an opt-in basis? That may not be
something that Sermo is doing now, but there’s no reason why they
wouldn’t be able to do something like that in the future. Will it fly?
I don’t know but I do know that Sermo can just ask its community which
won’t be shy in letting Sermo know.
So this is probably all a storm in a tea-cup. But it appears to me
that Sermo (and the other online physician communities) have created
something that’s very valuable for their members and monetizable in a
way that is non-offensive to those members. My guest is that they’ll
presumably continue to be vigilant about making sure that their
community members are transparent and honest about their
qualifications. Not because some blogger tells them to, but because
it’s in their own self-interest.
Its amusing that the author of this piece talks of conflicts of interest while sucking the tit of the company he supposedly objectively writes about, regardless of the disclaimer. Disclaimers do not guarantee neutrality.
And of course this leads Mr Holt to misunderstand the issue of authenticity and security, and lump it in his head into one heap of computer security issues on the level of his understanding of the purpose of norton antivirus.
He completely misses the point that the difficult part is to identify whether a person is who he says he is, not whether that name is a doctor’s name or not. So the analogy with hospitals that use the same information is absurd. The hospitals get to see and verify the individual.
His second point is simply that investors know best. The man must have forgotten about the dot com burst and that people invest in Cisco not knowing what a router does. Its not clear whether the author ever even tried Sermo. He does speak as though with a great deal of knowledge.
The third point refers to a “hack”, though there never was one. Perhaps Mr Holt would like to actually find out what happened and how Medgadget actually warned the rest of us of the problem. Sermo uses public information!!! This is not a security hole. Its a stupid decision for Sermo to save money.
So of course this “rational analysis” was not based on any fact in reality, resulting in what sounds like a third grader trying to explain the workings of the solar system.
The tit must taste good Mr Holt. Do enjoy it.
Thanks for clarifying.
Sermo’s flawed authentication model is MedGadget’s fault. If they never published this, nobody would ever figure out how to break in and impersonate a physician. Even these pharmas and hedge funds with huge money at stake.
Sermo’s problem is the gap between what they promised their community (privacy & anonymity) and what they are actually able to deliver – which is still quite impressive. Of course the community is mad at the messenger, but this does not do anything to fix the security.
Whether real or perceived, Sermo’s security dilemma is levels of magnitude above any other environment where physicians could be impersonated. Why? Because no other place encourages doctors to be THAT frank, in a way that could get them in trouble. So Sermo is pretty lucky their community has not called them for an account.
Sermo can do no wrong, just because it is a dotcom, I mean Health 2.0! Normal rules do not apply and trees grow to the sky. Right?