Motivation The rapid growth in of electronic medical records provide immense potential to researchers, but are often silo-ed at separate hospitals . As a result, federated networks have arisen, which allow simultaneously querying medical databases at a group of connected institutions . The most basic such query is the aggregate count—e.g . How many patients have diabetes? However, depending on the protocol used to estimate that total, there is always a trade-off in the accuracy of the estimate against the risk of leaking confidential data . Prior work has shown that it is possible to empirically control that trade-off by using the HyperLogLog (HLL) probabilistic sketch . Results In this article, we prove complementary theoretical bounds on the k-anonymity privacy risk of using HLL sketches, as well as exhibit code to efficiently compute those bounds . Availability https: //github.com/tzyRachel/K-anonymity-Expectation Contact ywyu @ math.toronto.edu Supplementary information N/A