—In industries such as healthcare, there is a need to electronically share privacy-sensitive data across distinct organizations. We show how this can be done while allowing organizations to keep their legacy databases and maintain ownership of the data that they currently store. Without sending or mirroring data to any trusted, centralized entity, we demonstrate how queries can be answered in a distributed manner that preserves the privacy of the original data. This paper explains our distributed query execution engine, outlines how to bootstrap the system when only real world identifiers such as a name and dateof-birth are initially known, and offers details on the tradeoff between privacy and performance. We evaluate the scalability of this approach through simulation.