Experience Sharing

Every medicine page on Pharmacopedia carries two parallel streams of experiential data, kept rigorously separate everywhere they're rendered:

• Personal — anyone who has taken (or is taking) the medicine themselves.
• Clinical — verified healthcare providers prescribing or managing it.

A medicine's profile is the platform for both perspectives. The lived experience of the people who use the meds and the people who prescribe them will hopefully accumulate with sufficient numbers such that different kinds of truth emerge.

Pharmacopedia is trying to hone in on them both, for everything we can, and maybe find something like truth in this space so long devoid of granular information.

You don't need any verification to share personal experience. Just 2-Factor Authentication (TOTP +/- passkey). Anything you add is reviewed by moderators before it becomes part of a page's public profile, at least for now.

Every medicine page lists named effects (sleepiness, appetite changes, libido, etc.) using the <effect> tag. Click any effect to expand its controls:

• Did you experience it?   yes / no
• Was it wanted (good) or unwanted (bad)?   positive / neutral / negative

The medicine's page aggregates everyone's answers into a frequency and a valence balance.

Try it — click any of these:

(These five demo effects exist only on this page. Click them, change your answer, refresh .. your responses persist, but no real medicine page sees them.)

Hover over any element on a medicine page — an effect, an indication, an anecdote — and a small up/down arrow appears. One click registers your agreement or disagreement with whatever the element says. The vote totals appear next to the arrows.

Try a freestanding vote:

The site theme should stay purple/grey/white▲0▼

The Pendell's corner callouts should appear at the top of each page rather than the bottom▲0▼

At the top of every medicine page, the <pharmaExperience/> tag renders a compact readout summarizing all approved personal and clinical reports. Logged-in users can add or update their own report below the readout.

For a personal report, the form asks:

• Effective for you? (0–5)
• Side-effect burden? (0–5)
• How long have you taken it? (single day / weeks / months / years)
• Are you still taking it?
• Optional: median daily dose, primary route

The live block, scoped to this page:

If a medicine you know is missing an effect, indication, anecdote, or titration strategy you've encountered, file it through one of the suggestion forms. Submissions enter a moderation queue rather than going live immediately.

• Suggest an effect
• Suggest an indication
• Suggest a titration strategy
• Suggest an anecdote

The "Relevant literature" section at the bottom of every medicine page accepts user-submitted references via the <pharmaLiterature/> form: title, author, year, DOI/PMID/URL. Submissions are queued for moderator review before they appear publicly.

---

Providers are users who have applied at Special:VerifyProvider and been approved by an administrator. Verification grants the provider user-group, which unlocks an additional perspective on every widget.

When a provider opens an <effect> widget, they see a second set of inputs alongside the patient inputs:

• How often does this happen, across your patients? (0%, <10%, ~20%, ~33%, ~50%, ~66%, ~80%, 90+%)
• Clinical valence: wanted / neutral / unwanted

Patient and provider data are stored separately and aggregated separately. The readout shows both:

👥 12 personal reports · avg efficacy 3.4/5 · avg side-effect burden 2.1/5 · median use 8 months · median dose 20 mg/day · 67% still taking it
⚕ 4 provider reports · avg efficacy 3.8/5 · avg side-effect burden 1.6/5 · 1,247 patients managed total

The <pharmaExperience/> block, for providers, asks:

• Clinical efficacy across the patients you've managed (0–5)
• Clinical side-effect burden across those patients (0–5)
• Approximate patient count
• Typical starting and target doses
• Notes (optional, free text)

Providers can also upload PDFs (within reason — size limits apply) when submitting literature, not just citations. The Literature queue makes those PDFs available to admins for verification before publication.

---

Pharmacopedia keeps user identity structurally separated from contributed content. Every rating, vote, and report is stored against an opaque voter hash — never a user ID — so the database itself does not link a contribution back to the account that made it.

The following are always anonymous — there is no opt-in to attach your name:

• Up/down votes on any element
• Effect reports (yes/no/valence/frequency per effect, both personal and provider perspectives)
• Likert ratings on indications
• Interaction matrix votes and their attached free-text notes
• Experience-report ratings (efficacy, burden, duration, dose, current-use, patient count)

For these, the database holds only an HMAC-SHA256 hash of your user id keyed against a server secret. A direct read of the database cannot map a row back to an account; the server re-computes the hash at request time to recognize "your" rows for your own display.

Two surfaces let you choose at submission time whether your username is attached:

• Comments (the threaded <discuss/> blocks)
• Literature submissions (citations and PDFs uploaded against a medicine page)

Both forms include a checkbox — "Show my username publicly" — that defaults to unchecked. If you leave it unchecked, the submission is stored without your username; only the voter hash is retained. If you check it, your username is stored in a separate display_name column and shown publicly next to the submission.

Existing comments and literature entries from before this change kept their original attribution: at migration time, the historical username was preserved into display_name because those rows were posted with the implicit understanding that the name would be visible.

You can still edit or delete your own comment even though the row no longer stores your user id. The server matches the row's voter hash against the hash computed from your current session at the moment you press Edit or Delete; only a match permits the change. Sysops can edit/delete any comment.

• Documents uploaded via Special:VerifyProvider are stored privately on disk only until an administrator decides on the application.
• On approval or rejection the documents are deleted immediately from disk and the file-path field on the application row is wiped.
• The verification decision is logged with the reviewing admin's identity, not the applicant's documents.

• No demographic information (age, sex, race, location).
• No tracking cookies, analytics scripts, or third-party beacons.
• No client-side identifiers in the markup of voted/rated elements that could be cross-referenced to other rows.

• The HMAC secret lives in LocalSettings.php on the server. A determined administrator with both source-code access AND database access could still recompute the hash for a given user id and cross-reference rows. The protection is against casual DB inspection and against breach of the database alone — not against the server operator acting in bad faith.
• MediaWiki's core revision history (wiki edits, page moves) still records the editing account name as part of normal wiki history. That data is separate from the contribution surfaces described above.
• Comments and literature submissions you mark "show my username" remain public until you delete them.

---