Data sharing spaces for medical data are necessary to facilitate research. To make medical data available for research, a mechanism is preferable that not only provides data a researcher has legal access to, but also contributes to the investigation of their specific research hypothesis. We propose a three-party two-stage search algorithm initiated by a researcher on centrally stored but technically and organizationally separated data. The search seeks to minimize the risk of reidentification of patients and to enable data minimization. In the first stage, we only access data IDs of patients meeting the cohort criteria. In the second stage, the actual data is downloaded if the set of matching patients satisfies the minimum cohort size. Our approach is privacy preserving, as only the researcher is able to connect medical and demographic data, while no single malicious party can get data access. We thereby hope to pave the way for a privacy-aware health data sharing space as currently proposed by the EU.
Keywords: FHIR; medical data search; privacy-preserving search.