Federated Record Linkage (FRL) is a privacy-preserving entity resolution technique that identifies records belonging to the same real-world individual across multiple independent databases without any party revealing its raw, sensitive identifiers. Unlike traditional record linkage, which requires a trusted third party to centralize and compare personally identifiable information, FRL employs cryptographic protocols—such as Bloom filter encoding and secure multi-party computation—to compute similarity metrics on masked or encrypted representations of the data. This ensures that only matched record pairs are disclosed, while non-matching records and the underlying plaintext values remain completely opaque to all participating organizations.
Glossary
Federated Record Linkage

What is Federated Record Linkage?
Federated Record Linkage is the privacy-preserving process of identifying and linking records that correspond to the same individual across disparate, decentralized databases without revealing the individual's identity to the linking party.
In healthcare and clinical research networks, FRL is critical for constructing comprehensive patient journeys across hospitals, registries, and claims databases without violating regulations like HIPAA or GDPR. The process typically involves a two-party or multi-party protocol where each site independently standardizes and encodes quasi-identifiers—such as names, dates of birth, and addresses—into irreversible, distance-preserving tokens. A linkage unit then performs a private comparison, often using homomorphic encryption or secure set intersection protocols, to probabilistically classify record pairs as matches, non-matches, or potential matches for clerical review, all while maintaining a formal cryptographic guarantee against data leakage.
Key Features of Federated Record Linkage
Federated Record Linkage (FRL) enables the identification of records belonging to the same individual across multiple databases without exposing personally identifiable information (PII) to any party. It combines private comparison protocols, blocking techniques, and cryptographic encoding to solve the entity resolution problem in a decentralized manner.
Privacy-Preserving Comparison
The core mechanism that allows two parties to determine if their records match without revealing the underlying data. This is typically achieved through private set intersection (PSI) or homomorphic encryption protocols.
- Bloom filter encoding: Records are hashed into bit arrays, allowing approximate matching via set overlap metrics like Dice coefficient or Jaccard similarity
- Phonetic encoding: Strings are transformed into phonetic representations (Soundex, Double Metaphone) before encryption to handle typographical errors
- Reference value comparison: Instead of comparing raw values, parties compare encrypted tokens derived from agreed-upon reference tables
The comparison function operates entirely on encoded data, ensuring that even if the protocol is intercepted, no plaintext PII is exposed.
Blocking for Scalability
Comparing every record pair across databases is computationally infeasible. Blocking reduces the search space by grouping records into candidate blocks using quasi-identifiers before cryptographic comparison.
- Phonetic blocking: Uses Soundex or NYSIIS encodings of names to group similar-sounding records
- Locality-Sensitive Hashing (LSH): Hashes records so that similar inputs map to the same bucket with high probability
- Sorted neighborhood: Records are sorted by a blocking key, and a sliding window compares only adjacent records
Effective blocking dramatically reduces the number of expensive cryptographic comparisons while maintaining high recall of true matches.
Linkage Without a Trusted Third Party
Traditional record linkage relies on a central trusted party to perform matching. FRL eliminates this dependency through decentralized protocols where no single entity sees both datasets.
- Two-party protocol: Each data custodian encodes their records independently and exchanges only encrypted representations
- Three-party protocol with untrusted linker: A third party performs the matching on encrypted data but cannot decrypt the results
- Multi-party linkage: Extends to scenarios where records are distributed across many institutions, such as a network of hospitals linking patient cohorts
This architecture is critical for compliance with regulations like HIPAA and GDPR, where data cannot leave institutional boundaries.
Encoding Strategies for Accuracy
The choice of encoding method directly impacts linkage quality. Records must be transformed into privacy-preserving representations that preserve similarity while resisting cryptanalysis.
- Bloom filter encoding: Maps q-gram sets of attribute values into bit vectors. The Dice coefficient between two Bloom filters approximates the true string similarity
- Tabulation min-hash: Generates compact signatures that preserve Jaccard similarity between sets of features
- Field-level hashing: Applies salted cryptographic hash functions (SHA-256) to individual fields, enabling exact matching only
Encoding must balance linkage accuracy against privacy guarantees. Bloom filters with appropriate parameters can resist frequency-based attacks while maintaining high match quality.
Classification and Clustering of Matches
Once encrypted similarities are computed, FRL systems must classify record pairs as matches or non-matches without human review of plaintext data.
- Threshold-based classification: Pairs exceeding a predefined similarity threshold are declared matches
- Supervised classification: Trained on labeled match/non-match pairs from a subset of data where ground truth is available
- Hierarchical clustering: Groups records into clusters representing unique individuals, resolving transitive matches across multiple databases
- Active learning: Iteratively queries domain experts on high-uncertainty pairs to refine the classification model
The classification step must handle the inherent uncertainty of working with encoded data, where similarity metrics are approximations of true string distances.
Adversarial Attack Resistance
FRL protocols must be hardened against adversaries who may attempt to re-identify individuals from encoded data or manipulate the linkage process.
- Frequency attacks: An adversary with knowledge of plaintext value distributions can attempt to map Bloom filter bit patterns back to original values. Countermeasures include salting, random bit flips, and differential privacy noise injection
- Collusion resistance: Protocols must remain secure even if a subset of participating parties collude
- Sybil attacks: Malicious entities may inject fabricated records to create false links. Rate limiting and institutional authentication mitigate this risk
- Output privacy: Even the final linkage results may leak information. Secure multiparty computation ensures only authorized parties learn the match outcomes
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Frequently Asked Questions
Clear answers to the most common technical and operational questions about linking patient records across institutions without exposing protected health information.
Federated Record Linkage (FRL) is a privacy-preserving computational process that identifies and links records corresponding to the same individual across multiple decentralized databases without any party revealing its raw identifying data to the others. The process works by having each data custodian independently encode their records' identifying attributes—such as names, dates of birth, and addresses—into irreversible, privacy-preserving representations called Bloom filters or cryptographic tokens. These encoded representations are then compared using specialized similarity metrics like Dice coefficient or Jaccard similarity to probabilistically determine matches. Crucially, the original plaintext identifiers never leave their source institution, and the encoded representations cannot be inverted to recover the original data, satisfying both HIPAA and GDPR requirements for cross-institutional clinical research and public health surveillance.
Related Terms
Explore the core techniques and adjacent concepts that enable patient identity resolution across silos without compromising confidentiality.
Bloom Filter Encoding
A probabilistic data structure used to encode personally identifiable information (PII) into a privacy-preserving bit vector. Bloom filters allow for approximate matching of records across databases by comparing bit positions without revealing the original plaintext values. This technique is foundational to many Privacy-Preserving Record Linkage (PPRL) protocols.
- Enables fast, memory-efficient set membership tests
- Configurable false positive rate to balance privacy and accuracy
- Resistant to dictionary attacks when combined with salted hashing
Phonetic Encoding Algorithms
Algorithms like Soundex, Metaphone, and Double Metaphone that index names by their pronunciation rather than exact spelling. These are critical for deterministic record linkage in healthcare, where patient names often contain typographical errors, transliteration variations, or cultural naming conventions. Phonetic codes are often hashed before being used in federated contexts.
- Soundex: Maps names to a letter-digit code based on consonant sounds
- Double Metaphone: Handles non-English origins and produces primary/secondary encodings
- Reduces false negatives caused by simple spelling mistakes
Differential Privacy in Linkage
The application of differential privacy (DP) guarantees to the record linkage process to protect against membership inference attacks. By injecting calibrated noise into the linkage results or the similarity scores, a curator can provably limit what an adversary can learn about any single individual's presence in the linked dataset.
- Provides a mathematical privacy budget (ε) for the linkage operation
- Trades off linkage accuracy for a formal privacy guarantee
- Essential for releasing aggregate statistics from linked data
Token-Based Blocking
A scalability technique that partitions large datasets into smaller blocks of candidate record pairs likely to match, drastically reducing the quadratic comparison space. In a federated setting, blocking keys (e.g., hashed tokens of zip code and gender) are exchanged to agree on which blocks to compare without revealing the full records.
- Prevents the need for all-pairs comparison (n x m complexity)
- Uses soundex, n-grams, or locality-sensitive hashing for block key generation
- Must balance block size to avoid missing true matches across block boundaries
Locality-Sensitive Hashing (LSH)
An algorithmic technique that hashes similar input items into the same buckets with high probability. LSH is used in federated record linkage to efficiently cluster similar encrypted records together for comparison, enabling fuzzy matching on high-dimensional data like patient addresses or medical notes without pairwise comparison.
- Dramatically reduces computational overhead for fuzzy matching
- Works well with MinHash for Jaccard similarity on q-gram sets
- Preserves similarity relationships in the hashed space

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us