Privacy Preserving Collaborative Data Mining on Electronic Medical Records Using Secure Multi-Party Computation: A Systematic Literature Review
The rapid adoption of Electronic Medical Records (EMRs) across Indonesian healthcare facilities, mandated by Ministry of Health Regulation (PMK) No. 24 of 2022, has created an urgent need for privacy-preserving mechanisms that enable collaborative data analysis without compromising patient confidentiality. Secure Multi-Party Computation (SMPC) presents a cryptographically sound solution; however, its application in the Indonesian healthcare ecosystem remains critically underexplored. Objective: This systematic literature review aims to synthesize global evidence on privacy-preserving collaborative data mining using SMPC on EMRs, identify implementation challenges and opportunities, and provide a structured framework applicable within Indonesia’s regulatory landscape, particularly in light of the Personal Data Protection Law (UU PDP No. 27 of 2022). Following the PRISMA 2020 guidelines, we conducted a comprehensive search across six major databases (PubMed, IEEE Xplore, Scopus, Web of Science, ACM Digital Library, and Google Scholar) covering publications from January 2020 to December 2024. A total of 1,247 records were identified, and after rigorous screening and quality appraisal using the Mixed Methods Appraisal Tool (MMAT), 42 studies met the inclusion criteria. Results: The reviewed literature revealed three dominant SMPC paradigms applied to EMRs: secret sharing-based protocols (47.6%), garbled circuits (28.6%), and oblivious transfer-based approaches (23.8%). SMPC is frequently combined with Federated Learning (FL) and Homomorphic Encryption (HE) to overcome computational overhead. Key application domains include collaborative disease prediction (38%), genomic privacy analysis (24%), clinical trial management (19%), and cross-institutional diagnostic model training (19%). Identified barriers include high computational latency, communication overhead, interoperability constraints, and limited awareness among healthcare stakeholders. No peer-reviewed study was found implementing SMPC specifically within Indonesia’s health information infrastructure. The convergence of UU PDP, PMK 24/2022, and the SATUSEHAT national health data platform creates a regulatory and technical environment that both necessitates and enables SMPC adoption. A proposed tiered implementation model from bilateral hospital collaborations to national health research networks offers a roadmap for pragmatic deployment. SMPC represents a viable and necessary technology for privacy-preserving healthcare data collaboration in Indonesia. Future research should focus on lightweight protocol adaptations suited to low-resource health facilities, regulatory sandbox development, and capacity building within the Indonesian health informatics community.