RateMDs.com takes a particularly flip approach to the law — and public — being heavily on its side. Its FAQ page cheerfully instructs health care providers how to issue subpoenas and cautions that review sites are not responsible for user comments. “It is not possible for us to verify which raters had which doctors, so always take the ratings with a grain of salt,” reads one disclaimer. “Remember, we have no way of knowing who is doing the rating — the doctor, other doctors, patients, dogs, cats, etc.”

It’s a fair warning. In the case of Dr. Blue, who requested her name be changed for this story, her roles as a medical director and operating room assistant meant she had no patients of her own. Consequently, there should be no reason to ever see her name appear on a review site. But she became curious after overhearing physicians discussing the sites in a hospital lounge one day. She went home and plugged her name into Vitals.

“Doctor Blue is a terrible doctor,” one anonymous poster wrote. “She is mentally unstable and has poor skills. Stay away!” The doctor was aghast and confused: She hadn’t directly seen a patient in three years. Her employer, which outsources Dr. Blue to surgeons, feared she might become difficult to market. Rather than calling or emailing Vitals, she visited its offices in Lyndhurst, N.J. — she was within driving distance. Upon arriving, she was told that locating an IP for the poster would be problematic.

It was not until Dr. Blue threatened litigation that she discovered the source of the post was a computer at New York University Langone Medical Center, a massive facility with thousands of possible culprits.