Healthcare recommender systems emerged to help patients make better decisions for their health, leveraging the vast amount of data and patient experience. One type of this system focuses on recommending the most appropriate physician based on previous patient feedback in the form of ratings. Such advice can be challenging to generate for new patients as their interaction with the new environment is too limited to inform meaningful recommendations. Their preferences from the previous system can be transferred to the new system to help generate recommendations in a cross-domain approach. Cross-domain recommender systems aim to bridge the gap between domains where such interactions are plentiful and domains with relatively little interactions for the new users, using transfer learning techniques. However, while privacy concerns in single-domain recommender systems have been studied extensively, the same does not apply to cross-domain systems where multiple domains collaborate. Privacy is essential in settings such as healthcare, where rating information is sensitive and prone to leaking patient medical history to third parties. Existing works lack an efficient design that provides sufficient privacy while generating recommendations. This thesis presents a privacy-preserving cross-domain recommender system with partial user overlap. We first propose a privacy-preserving matrix factorization approach with differential privacy and multiparty setting to serve as the base of our cross-domain design. Our matrix factorization design with privacy is easy to adopt by existing systems, incurring negligible overhead, and requires no modification to existing factorization implementations. Next, we show the privacy-accuracy trade-off in our base method with experiments over the MovieLens dataset. Finally, in the cross-domain setup, we demonstrate that adding privacy to the proposed scheme has a minimal predictive performance loss, essentially providing privacy for free.