Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2022 Jun;61(S 01):e12-e27.
doi: 10.1055/s-0041-1740630. Epub 2022 Jan 21.

Privacy-Preserving Artificial Intelligence Techniques in Biomedicine

Reihaneh Torkzadehmahani  1 Reza Nasirigerdeh  1   2 David B Blumenthal  3 Tim Kacprowski  4   5 Markus List  6 Julian Matschinske  7   8 Julian Spaeth  7   8 Nina Kerstin Wenke  7   8 Jan Baumbach  7   8   9
Affiliations

Privacy-Preserving Artificial Intelligence Techniques in Biomedicine

Reihaneh Torkzadehmahani et al. Methods Inf Med. 2022 Jun.

Abstract

Background: Artificial intelligence (AI) has been successfully applied in numerous scientific domains. In biomedicine, AI has already shown tremendous potential, e.g., in the interpretation of next-generation sequencing data and in the design of clinical decision support systems.

Objectives: However, training an AI model on sensitive data raises concerns about the privacy of individual participants. For example, summary statistics of a genome-wide association study can be used to determine the presence or absence of an individual in a given dataset. This considerable privacy risk has led to restrictions in accessing genomic and other biomedical data, which is detrimental for collaborative research and impedes scientific progress. Hence, there has been a substantial effort to develop AI methods that can learn from sensitive data while protecting individuals' privacy.

Method: This paper provides a structured overview of recent advances in privacy-preserving AI techniques in biomedicine. It places the most important state-of-the-art approaches within a unified taxonomy and discusses their strengths, limitations, and open problems.

Conclusion: As the most promising direction, we suggest combining federated machine learning as a more scalable approach with other additional privacy-preserving techniques. This would allow to merge the advantages to provide privacy guarantees in a distributed way for biomedical applications. Nonetheless, more research is necessary as hybrid approaches pose new challenges such as additional network or computation overhead.

PubMed Disclaimer

Conflict of interest statement

None declared.

Figures

Fig. 1
Fig. 1
Different privacy-preserving AI techniques: ( A ) homomorphic encryption , where the participants encrypt the private data and share it with a computing party, which computes the aggregated results over the encrypted data from the participants; ( B ) secure multiparty computation in which each participant shares a separate, different secret with each computing party; the computing parties calculate the intermediate results, secretly share them with each other, and aggregate all intermediate results to obtain the final results; ( C ) differential privacy , which ensures the models trained on datasets including and excluding a specific individual look statistically indistinguishable to the adversary; ( D ) federated learning , where each participant downloads the global model from the server, computes the local model given its private data and the global model, and finally sends its local model to the server for aggregation and for updating the global model. ( A ). Homomorphic encryption. ( B ). Secure multiparty computation. ( C ). Differential privacy. ( D ). Federated learning.
Fig. 2
Fig. 2
Differentially private deep generative models: The sensitive data holder (e.g., health institutes) train a differentially private generative model locally and share just the trained data generator with the outside world (e.g., researchers). The shared data generator can then be used to produce artificial data with the same characteristics as the sensitive data.
Fig. 3
Fig. 3
Comparison radar plots for all ( A ) and each of ( B–H ) the privacy preserving approaches including homomorphic encryption (HE), secure multiparty computation (SMPC), differential privacy (DP), federated learning (FL) and hybrid techniques (FL + DP, FL + HE and FL + SMPC). ( A ) All. ( B ) HE. ( C ) SMPC. ( D ) DP. ( E ) FL. ( F ) FL + DP. ( G ) FL + HE. ( H ) FL + SMPC.
See this image and copyright information in PMC

Comment in

References

    1. Schwarting W, Alonso-Mora J, Rus D. Planning and decision-making for autonomous vehicles. Annu Rev Control Robot Auton Syst. 2018;1(01):187–210.
    1. Gehring J, Auli M, Grangier D, Yarats D, Dauphin Y N.Convolutional sequence to sequence learningPaper presented at: Proceedings of the 34th International Conference on Machine Learning. JMLR. Org. Volume 70:1243–1252.2017
    1. Xiong W, Wu L, Alleva F, Droppo J, Huang X, Stolcke A.The Microsoft 2017 conversational speech recognition systemPaper presented at: 2018 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE;20185934–5938.
    1. Holzinger A, Kieseberg P, Weippl E, Tjoa A M. Cham: Springer; 2018. Current Advances, Trends and Challenges of Machine Learning and Knowledge Extraction: From Machine Learning to Explainable AI in Springer Lecture Notes in Computer Science LNCS 11015; pp. 1–8.
    1. Gómez-Bombarelli R, Wei J N, Duvenaud D. Automatic chemical design using a data-driven continuous representation of molecules. ACS Cent Sci. 2018;4(02):268–276. - PMC - PubMed