Two or more parties can agree to share data for a variety of purposes. In its simplest form, this agreement may include a data contributor and a data receiver. In many cases, the data that are shared will be a subset of a larger data set. An initial agreement may be reached between the parties to share a data subset, with the understanding that at some time in the future, it may be necessary to share the larger data set with the data recipient(s), contingent upon the results of analyzing the original data subset. These terms in the agreement may be necessary for temporal reasons, as well as for proprietary reasons.
For example, it may be necessary to share an initial subset of data for temporal reasons in a clinical medical trial where patient data are accumulated over the course of years. An agreement at the beginning of the trial might cover the sharing of a drug treatment outcome (e.g., decreased blood pressure), while additional data (e.g., the extent of blood pressure decrease in women vs. men, or drug side effects) may only be requested after the initial data are analyzed by the data recipient. Privacy regulations such as the Health Insurance Portability and Accessibility Act (HIPAA) strictly control the type of demographic data, which might comprise a patient's right to privacy, that can be shared in such studies. In effect, to comply with such rules, all of the clinical data collected and shared becomes a subset of a larger data set that includes the unshared demographic data. For audit purposes, the shared data must be traceable back to the unshared demographic data when required to substantiate the results of a clinical study.
An example of sharing an initial subset of data for proprietary reasons might arise if a Company B is negotiating for the purchase of an asset from a competitor, Company A. To arrive at a bid, Company B will want to know the gross sales and net profit generated by the asset. In addition, Company B will ultimately want proof of the gross sales and net profit numbers for Company A. In good faith, Company A will supply the proof once the deal is agreed to by the parties, but not before, since prematurely supplying the proof would give away valuable customer information to a competitor, which may decide not to buy the asset.
In each of these examples, data that are not being shared initially are potentially subject to tampering, substitution, and loss before the data can later be accessed during an audit or to provide proof of certain facts. To guard against these problems, the classic paradigm has been to require that all data be sent for storage to a central repository (the data receiver) at the time the data are collected. If the data are to be maintained by the data contributor, the data receiver must: (a) verify that the data actually exist at the data contributor's location; (b) ascertain that the data have not been tampered with during the time that the data contributor is the only one who has control over the data; (c) guarantee that no one else can masquerade as the data contributor during the time period when the data contributor is collecting and maintaining data; and (d) create an audit trail for unshared data, which can be traced back to the data contributor after the data are shared. Currently, the prior art does not provide an integral software tool that permits these functions to be efficiently carried out. Such a tool and the method that it implements would find use in a wide variety of applications.