{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T07:14:14Z","timestamp":1774509254554,"version":"3.50.1"},"reference-count":27,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2025,7,9]],"date-time":"2025-07-09T00:00:00Z","timestamp":1752019200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JCP"],"abstract":"<jats:p>Record linkage can enhance the utility of data by bringing data together from different sources, increasing the available information about data subjects and providing more holistic views. Doing so, however, can increase privacy risks. To mitigate these risks, a family of methods known as privacy-preserving record linkage (PPRL) was developed, using techniques such as cryptography, de-identification, and the strict separation of roles to ensure data subjects\u2019 privacy remains protected throughout the linkage process, and the resulting linked data poses no additional privacy risks. Building privacy protections into the architecture of the system (for instance, ensuring that data flows between different parties in the system do not allow for transmission of private information) is just as important as the technology used to obfuscate private information. In this paper, we present a technology-agnostic framework for designing PPRL systems that is focused on privacy protection, defining key roles, providing a system architecture with data flows, detailing system controls, and discussing privacy evaluations that ensure the system protects privacy. We hope that the framework presented in this paper can both help elucidate how currently deployed PPRL systems protect privacy and help developers design future PPRL systems.<\/jats:p>","DOI":"10.3390\/jcp5030044","type":"journal-article","created":{"date-parts":[[2025,7,11]],"date-time":"2025-07-11T10:26:53Z","timestamp":1752229613000},"page":"44","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["A Framework for the Design of Privacy-Preserving Record Linkage Systems"],"prefix":"10.3390","volume":"5","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7936-4445","authenticated-orcid":false,"given":"Zixin","family":"Nie","sequence":"first","affiliation":[{"name":"RTI International, 3040 E Cornwallis Rd, Research Triangle Park, NC 27709, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5514-4149","authenticated-orcid":false,"given":"Benjamin","family":"Tyndall","sequence":"additional","affiliation":[{"name":"RTI International, 3040 E Cornwallis Rd, Research Triangle Park, NC 27709, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8095-547X","authenticated-orcid":false,"given":"Daniel","family":"Brannock","sequence":"additional","affiliation":[{"name":"RTI International, 3040 E Cornwallis Rd, Research Triangle Park, NC 27709, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-8089-5214","authenticated-orcid":false,"given":"Emily","family":"Gentles","sequence":"additional","affiliation":[{"name":"RTI International, 3040 E Cornwallis Rd, Research Triangle Park, NC 27709, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8898-1207","authenticated-orcid":false,"given":"Elizabeth","family":"Parish","sequence":"additional","affiliation":[{"name":"RTI International, 3040 E Cornwallis Rd, Research Triangle Park, NC 27709, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alison","family":"Banger","sequence":"additional","affiliation":[{"name":"RTI International, 3040 E Cornwallis Rd, Research Triangle Park, NC 27709, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2025,7,9]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"e44070","DOI":"10.2196\/44070","article-title":"The Association Between Social Determinants of Health and Population Health Outcomes: Ecological Analysis","volume":"9","author":"Vo","year":"2023","journal-title":"JMIR Public Health Surveill."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"617","DOI":"10.1093\/eurpub\/ckaa095","article-title":"Social determinants of health and inequalities in COVID-19","volume":"30","author":"Tao","year":"2020","journal-title":"Eur. J. Public Health"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"S103","DOI":"10.1016\/j.amepre.2022.01.034","article-title":"Race Versus Social Determinants of Health in COVID-19 Hospitalization Prediction","volume":"63","author":"Howell","year":"2022","journal-title":"Am. J. Prev. Med."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"1365","DOI":"10.2217\/cer-2019-0114","article-title":"Social determinants of health and their impact on postcolectomy surgery readmissions: A multistate analysis, 2009\u20132014","volume":"8","author":"Park","year":"2019","journal-title":"J. Comp. Eff. Res."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"655","DOI":"10.1007\/s11606-011-1772-z","article-title":"Access to care for women veterans: Delayed healthcare and unmet need","volume":"26","author":"Washington","year":"2011","journal-title":"J. Gen. Intern. Med."},{"key":"ref_6","unstructured":"Dusetzina, S.B., Tyree, S., Meyer, A.-M., Meyer, A., Green, L., and Carpenter, W.R. (2025, April 29). An Overview of Record Linkage Methods, Linking Data for Health Services Research: A Framework and Instructional Guide [Internet], Available online: https:\/\/www.ncbi.nlm.nih.gov\/books\/NBK253312\/."},{"key":"ref_7","unstructured":"Office for Civil Rights (OCR) (2025, April 29). Summary of the HIPAA Privacy Rule, Available online: https:\/\/www.hhs.gov\/hipaa\/for-professionals\/privacy\/laws-regulations\/index.html."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"2605","DOI":"10.1093\/jamia\/ocae196","article-title":"Privacy preserving record linkage for public health action: Opportunities and challenges","volume":"31","author":"Pathak","year":"2024","journal-title":"J. Am. Med. Inform. Assoc."},{"key":"ref_9","unstructured":"Mirel, L.B. (2023, November 15). Privacy Preserving Techniques: Case Studies from the Data Linkage Program. 19 May 2021, Available online: https:\/\/stacks.cdc.gov\/view\/cdc\/114623."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"413","DOI":"10.3233\/SJI-210891","article-title":"A methodological assessment of privacy preserving record linkage using survey and administrative data","volume":"38","author":"Mirel","year":"2022","journal-title":"Stat. J. IAOS"},{"key":"ref_11","unstructured":"(2025, July 03). Landscape Analysis of Privacy Preserving PAtient Record Linkage Software (P3RLS). National Cancer Institute (NCI), National Institutes of Health (NIH), Department of Health and Human Services (HHS), Final Report Prepared by Synectics for Management Decisions, Inc., January 2020, Available online: https:\/\/surveillance.cancer.gov\/reports\/TO-P1-PPRLS-Landscape-Analysis.pdf."},{"key":"ref_12","unstructured":"(2025, July 03). Evaluating the Performance of Privacy Preserving Record Linkage Systems (PPRLS). Evaluation Performed by Information Management Services (IMS) for Leidos Biomedical Research (LBR) Under the Agreement 20Q035TO01, Issued as a Subcontract Under Contract HHSN2612015000031, Task Order No. HHSN26100038 Issued by the National Cancer Institute (NCI), National Institutes of Health (NIH), Department of Health and Human Services (HHS). March 2023, Available online: https:\/\/surveillance.cancer.gov\/reports\/TO-P2-PPRLS-Evaluation-Report.pdf."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"e10404","DOI":"10.1002\/lrh2.10404","article-title":"Privacy-preserving record linkage across disparate institutions and datasets to enable a learning health system: The national COVID cohort collaborative (N3C) experience","volume":"8","author":"Tachinardi","year":"2024","journal-title":"Learn. Health Syst."},{"key":"ref_14","unstructured":"N3C Consortium (2021). N3C Privacy-Preserving Record Linkage and Linked Data Governance, Zenodo."},{"key":"ref_15","unstructured":"Petersen, S., Lieberthal, R., Miller, K., and Vakil, N. (2025, May 23). Privacy Preserving Record Linkage (PPRL) Strategy and Recommendations, Available online: https:\/\/www.nia.nih.gov\/sites\/default\/files\/2023-08\/pprl-linkage-strategies-preliminary-report.pdf."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"101354","DOI":"10.1016\/j.conctc.2024.101354","article-title":"Linking clinical trial participants to their U.S. real-world data through tokenization: A practical guide","volume":"41","author":"Eckrote","year":"2024","journal-title":"Contemp. Clin. Trials Commun."},{"key":"ref_17","unstructured":"(2025, July 03). Datavant. Overview: Tokenization Technology for Structured Data. January 2024. Available online: https:\/\/assets-global.website-files.com\/655ba3a14f5a76dc96d65e09\/65a8755ffd1a65fe7b1e5a53_LEPS_Whitepaper_Datavant%20Connect%20Overview%20-%20Tokenization%20Structured%20Data_Jan24.pdf."},{"key":"ref_18","unstructured":"(2025, May 06). Supplemental Nutrition Assistance Program: Requirement for Interstate Data Matching to Prevent Duplicate Issuances. Federal Register, Available online: https:\/\/www.federalregister.gov\/documents\/2022\/10\/03\/2022-21011\/supplemental-nutrition-assistance-program-requirement-for-interstate-data-matching-to-prevent."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"NIST (2025). NIST Privacy Framework 1.1, NIST CSWP 40 ipd.","DOI":"10.6028\/NIST.CSWP.40.ipd"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Pascoe, C., Quinn, S., and Scarfone, K. (2025, April 29). The NIST Cybersecurity Framework (CSF) 2.0, Available online: https:\/\/www.nist.gov\/publications\/nist-cybersecurity-framework-csf-20.","DOI":"10.6028\/NIST.SP.1301.spa"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"(2022). Information Security, Cybersecurity and Privacy Protection\u2014Information Security Management Systems\u2014Requirements (Standard No. ISO\/IEC 27001:2022). Available online: https:\/\/www.iso.org\/standard\/27001.","DOI":"10.2307\/j.ctv30qq13d"},{"key":"ref_22","unstructured":"(2019). Security Techniques\u2014Extension to ISO\/IEC 27001 and ISO\/IEC 27002 for Privacy Information Management\u2014Requirements and Guidelines (Standard No. ISO\/IEC 27701:2019). Available online: https:\/\/www.iso.org\/standard\/71670.html."},{"key":"ref_23","unstructured":"(2025, April 29). An Act to Amend Chapter 35 of Title 44, United States Code, to Provide for Reform to Federal Information Security. U.S. Government Publishing Office. 18 December 2014, Available online: https:\/\/www.govinfo.gov\/app\/details\/PLAW-113publ283."},{"key":"ref_24","unstructured":"(2025, April 29). SOC 2\u00ae\u2014SOC for Service Organizations: Trust Services Criteria. Available online: https:\/\/www.aicpa-cima.com\/topic\/audit-assurance\/audit-and-assurance-greater-than-soc-2."},{"key":"ref_25","unstructured":"(2025, April 29). HITRUST Framework for Cybersecurity and Compliance Success. Available online: https:\/\/hitrustalliance.net\/hitrust-framework."},{"key":"ref_26","unstructured":"Office for Civil Rights (OCR) (2023, March 21). Guidance Regarding Methods for De-Identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. HHS.gov, Available online: https:\/\/www.hhs.gov\/hipaa\/for-professionals\/privacy\/special-topics\/de-identification\/index.html."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"e252","DOI":"10.1017\/cts.2023.681","article-title":"The N3C governance ecosystem: A model socio-technical partnership for the future of collaborative analytics at scale","volume":"7","author":"Suver","year":"2023","journal-title":"J. Clin. Transl. Sci."}],"container-title":["Journal of Cybersecurity and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2624-800X\/5\/3\/44\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T18:07:01Z","timestamp":1760033221000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2624-800X\/5\/3\/44"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,7,9]]},"references-count":27,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2025,9]]}},"alternative-id":["jcp5030044"],"URL":"https:\/\/doi.org\/10.3390\/jcp5030044","relation":{},"ISSN":["2624-800X"],"issn-type":[{"value":"2624-800X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,7,9]]}}}