| Preparation. Each hospital () runs the CSA.Key algorithm to get a public key pair |
| and a secret key . Each researcher runs the GHV.Key algorithm to |
| get a public key and a secret key . |
| Data Publication. For all () and (), each hospital () runs the |
| CSA.Enc algorithm to get a ciphertext pair , where is the th cell of the th numeric |
| clinical data attribute of the th hospital . Then each hospital () makes its data anonymous using |
| anonymity techniques for de-identification. Finally, each hospital () outsources its data in the cloud |
| servers. |
| Query. The th researcher sends a request for an aggregated data to the aggregator . We assume that is |
| interested in the th attribute and hospitals, (), have the data in which is interested. Each hospital |
| () has tuples that meet the request, respectively. |
| Aggregation.āā retrieves all ciphertext pairs satisfying 's request. For each , runs the |
| GHV.Add and GHV.Add algorithm to get . Then runs the |
| CSA.Agg algorithm to get and . |
| Consent.āā determines the order in which hospitals consented to 's request, then sends to the first hospital |
| and to each hospital (). Each hospital () in turn performs the dec-Aggregation phase in |
| our CSA protocol. If any hospital () does not want to have the aggregated clinical data, it can deny the |
| request by simply not performing the dec-Aggregation phase. |
| Acquisition. After the consent procedure, the last hospital sends to . runs the GHV.Add |
| to get that is an aggregated clinical data. |
