Zero-check: a zero-knowledge protocol for reconciling patient identities across institutions.

CONTEXT

Large, multi-institutional studies often involve merging data records that have been de-identified to protect patient privacy. Unless patient identities can be reconciled across institutions, individuals with records held in different institutions will be falsely "counted" as multiple persons when databases are merged.

OBJECTIVE

The purpose of this article is to describe a protocol that can reconcile individuals with records in multiple institutions.

DESIGN

Institution A and Institution B each create a random character string and send it to the other institution. Each institution receives the random string from the other institution and sums it with their own random string, producing a random string common to both institutions (RandA+B). Each institution takes a unique patient identifier and sums it with RandA+B. The product is a random character string that is identical across institutions when the patient is identical in both institutions. A comparison protocol can be implemented as a zero-knowledge transaction, ensuring that neither institution obtains any knowledge of its own patient or of the patient compared at another institution.

RESULTS

The protocol can be executed at high computational speed. No encryption algorithm or 1-way hash algorithm is employed, and there is no need to protect the protocol from discovery.

CONCLUSION

A zero-knowledge protocol for reconciling patients across institutions is described. This protocol is one of many computational tools that permit pathologists to safely share clinical and research data.