2021 6th International Conference for Convergence in Technology (I2CT)
Pune, India. Apr 02-04, 2021
Maintaining Privacy in Medical Imaging with
Federated Learning, Deep Learning, Differential
Privacy, and Encrypted Computation.
Unnati Shah
Dept. of Computer Engineering, Dept. of Computer Engineering,
Shah and Anchor Kutchhi Engineering Shah and Anchor Kutchhi Engineering
College,
Mumbai, India.
unnati.shah@sakec.ac.in
Jalpa Mehta
Dept. of Information Technology,
Shah and Anchor Kutchhi Engineering
2021 6th International Conference for Convergence in Technology (I2CT) | 978-1-7281-8876-8/21/$31.00 ©2021 IEEE | DOI: 10.1109/I2CT51068.2021.9417997
College,
Mumbai, India.
jalpa.meha@sakec.ac.in
Abstract— The availability of datasets for algorithm
training and evaluation is currently hampered due to medical
data privacy regulations. The lack of structured electronic
medical records and stringent legal criteria has made it
difficult for patient data to be collected and shared in a
consolidated data lake. For training algorithms, such as
convolutional neural networks, this presents difficulties, often
requiring vast training examples. To avoid the compromise of
patient privacy when encouraging clinical studies on broad
datasets aimed at enhancing patient care, it is mandatory to
incorporate technological solutions to meet data security and
usage criteria at the same time. We present an outline of
current and cutting-edge techniques for secure and privacy-
preserving artificial intelligence, with an accentuation on
medical imaging applications and potential opportunities.
Keywords— Deep learning, Differential privacy, Federated
learning, Medical data, Secure and Privacy-preserving AI.
I. INTRODUCTION
Required privacy issues in medical imaging limit us from
completely exploiting the benefits of AI in our study.
Fortunately, three innovative technologies have been built
that have immense potential for the future of machine
learning in healthcare, including federated learning,
differential privacy, and encrypted computing with other
sectors constrained by private data regulation. With these
new data security strategies, we can train our models on
encrypted data from a range of organizations and hospitals
without sharing the patient data. Recently, the contributions
of scientists from Google, DeepMind, Apple, and many
others have made it easier for researchers to adopt these
techniques.
Progress in segmentation, image analysis, texture
analysis, and even image reconstruction from sensor-domain
data shows that machine learning is an excellent method
when implemented correctly. It is a tool that not only
changes the way our images are analyzed but also changes
the way we collect and recreate them, enabling us to acquire
This work was supported in part by Blue Eye Soft Corp.
978-1-7281-8876-8/21/$31.00 ©2021 IEEE
Authorized licensed use limited to: Chaitanya Bharathi Institute of Tech - HYDERABAD. Downloaded on October 16,2023 at 06:16:03 UTC from IEEE Xplore. Restrictions apply.
Ishita Dave Jeel Malde
Dept. of Electronic Engineering,
Shah and Anchor Kutchhi Engineering
College, College,
Mumbai, India. Mumbai, India.
ishita.dave@sakec.ac.in jeel.malde_19@sakec.ac.in
Srikanth Kodeboyina
Blue Eye Soft Corp,
Greenville, United States.
sri@blueyesoft.com
simple high-quality images more quickly. Given the
impressive progress in research on computer vision, it seems
that we are just beginning. Deep neural networks have shown
the most promising results for the segmentation, analysis,
and generation of images, such as human faces, created by
generative adversarial networks or GANs.
Such techniques require a lot of data for preparation. We
are also in data-poor settings in healthcare with low sample
sizes. Although millions of images can be used to train in the
typical object recognition project, our medical imaging
datasets are on the order of hundreds of subjects. This has
been tackled by medical imaging researchers either by
collecting or by generating massive high-quality datasets like
the UK Biobank, which is fantastic, but once completed,
even the Biobank would not have 14 million subjects in it.
We know, as researchers or clinicians, why we do not
have as many training photos available. Our pictures contain
incredibly delicate and private material. It is not because we
do not obtain enough; while the purchase of diagnostic
images is costly, health centers generate millions of scans
annually both for direct treatment and for study around the
world. The photos are obtained, are not accessible (or should
not be) freely for study. Access to this data, also inside
organizations, is understandably extremely limited thanks to
essential regulations on patient privacy. The protection of
this data privacy is also increasingly important: real
anonymization of data is not easy, as it is not clear which
information machines can be learned from apparently
harmless data. For example, from some medical photos, it is
possible to infer the age and sex of a patient, and we have
seen that multiple anonymized datasets can be combined in
some instances to deanonymize them. Such privacy
considerations are important and necessary, but in our study,
this has prevented us from completely exploiting the benefits
of artificial intelligence.
Fortunately, healthcare is not the only domain that needs
to use deep private data learning, and certain techniques
would have a huge effect on machine learning's future. These
advances in the protection of privacy will allow us to train
our model on data from multiple institutions, hospitals, and
1
 clinics without sharing patient information. It enables the use
of information to be decoupled from data governance (or
control). In other words, to use it in our statistical analysis,
we no longer must request a copy of a dataset. In a meta-
analysis of brain MRIs, the UK Biobank has recently been
combined with many other datasets. Together with Intel and
19 other universities, the University of Pennsylvania is
currently leading the first real-world case of federated
learning for medical use.
Without being privacy experts themselves, these tools
will make it easy for imaging scientists to train our models
safely while protecting patient privacy. These new
possibilities must be known to our medical imaging
community. These innovations could encourage new
organizational partnerships, allow previously considered
impossible meta-analysis, and enable us to make rapid
improvements to our current AI models as we can train them
on more data. Not only would this enable us to have more
training data, but it will also enable us to have more detailed
training data. If we can train on data from other organizations
around the world, we can adequately diversify our datasets to
ensure that our study fits the population of our world better.
Current voluntary datasets, for instance, may frequently
include an unreasonable number of young university student
subjects, resulting in training data that is not representative of
our patient populations. We have been in a profound learning
revolution in medical imaging since 2016. Medical imaging
researchers are now able to implement reliable, safe, privacy-
preserving AI more easily in 2020.
II. PILLARS OF SECURE AND PRIVATE AI
A. Training Data Privacy
This is done to prevent a malicious attacker from reverse-
engineering the training data for any medical records. These
medical training data are used for training, developing
machine learning algorithms. The training data affects the
efficiency and accuracy of the algorithm used in developing
AI-based applications.
B. Input Privacy
The assurance that other people, including the model
designer, will not observe the input data of a user. There
must be no mishaps in the patient data for healthcare records.
C. Output Privacy
Ensuring that the performance of a model is not
accessible to someone other than the user whose knowledge
is inferred. Data must be available to the patient himself and
no other parties in healthcare.
D. Model Privacy
The guarantee that even a malicious party cannot misuse
the model. The data stored with the hospital’s system must
have an efficient model thus there is no activity for a leak
within.
E. Reproducibility
Machine learning algorithms designed to characterize,
track, and interfere in human health (ML4H) are expected to
work safely and efficiently while operating on a scale,
potentially beyond strict human supervision. This criterion
2
Authorized licensed use limited to: Chaitanya Bharathi Institute of Tech - HYDERABAD. Downloaded on October 16,2023 at 06:16:03 UTC from IEEE Xplore. Restrictions apply.
requires greater exposure to issues of reproducibility than in
other fields of machine learning.
F. Accountability
Reliable displays and metrics are needed for
accountability to help guide policymakers and control
AI/ML systems. Accountability ties reproducibility and
transparency together, but in the form of AI ethics
committees, it needs effective oversight. Such committees
will manage policy choices, decide what is important to
measure, and conduct fairness evaluations.
Such development of pillars requires certain strategies
that are efficient to draw a perspective of the framework.
This strategy will require adequate governance from a future
point of view. Secondly, there needs to be enough data and
technology present to train, prepare, and develop the data.
Subsequent to setting up the innovation and information, one
requirement to chip away at training individuals and
planning the hierarchical help they need to unhesitatingly
contribute, oversee, and work close by AI applications.
III. METHODS
A. Anonymization and Pseudonymization
The most well-known techniques for privacy protection
of clinical information are to delete personal data from the
records and supplant delicate data with artificially generated
data while reassigning them again. Anonymization involves
deletion of all applicable Digital Imaging and
Communications in Medicine (DICOM) [15] metadata
entries (such as the name of the patient, Sex, and the like) in
medical imaging. The actual entries for pseudonymization
are substituted by synthetic data, and the safekeeping of the
look-up table separately [9]. Simplicity is the principal
advantage of both methods. In most clinical data archiving
systems, anonymization software is built-in, making it the
simplest in practice system. Pseudonymization adds to the
complexity by involving data manipulation rather than just
data erasure, as well as the security of search tables in order
to reverse the operation. Also, technological errors will make
the defense ineffective and potentially identifiable for an
entire dataset.
De-identification procedures are often typically used to
plan for the transfer or sharing of data. This raises troubles if
the patient pulls out their assent since information
administration is uncoupled from information proprietorship
or if the enactment changes. Finally, the criteria for the
deidentification process depend on the image data set: a leg
X-ray is harder to interface back with an individual than an
automated tomography scan of the head which permits the
formation of the face to be reproduced from the picture
straightforwardly. As a result, de-identification by credulous
anonymization or pseudonymization alone should be a
hypothetically deficient advance against the deduction of
personality [13].
B. Differential Privacy
Differential Privacy guarantees that privacy is not
violated by statistical analysis. It ensures that the impact of
data from a person on the overall performance of the model
is minimal. Differential privacy is often referred to as the
technique of preserving a dataset's global statistical
distribution while reducing personally identifiable data.
 Intuitively, a dataset is differentially confidential if a third
person cannot say whether a single entity was used to derive
a conclusion from it. Without understanding a patient's body
mass index (BMI), for example, a connection between
obesity and heart disease may be established. Under a certain
variety of connections with the dataset, such as linkage or set
separation, differential privacy resists re-identification
attacks. By incorporating statistical noise, it typically
operates at the model's input level (Local DP) or output level
(Global DP). More noise means that individual contributions
remain covered, but we gain insights into the general public
at the same time without jeopardizing privacy. Depending on
a parameter called an epsilon (ε), the amount of noise
included is dependent. The smaller the epsilon value, the
more noise is applied, the greater the privacy it offers, and
vice versa. As a result, in Differential Privacy, choosing the
right epsilon (ε) value is crucial.
Differential Privacy ensures that the data of the patient in
charge is kept private, making it ideal for healthcare
applications. However, when it comes to image data, the
Differential Privacy methodology raises some difficulties.
Among the issues related to Differential Privacy, the one
primary reason is the disruption of the dataset itself. Data
manipulation will minimize data that can prove lethal to the
algorithm reliability, which is an area that has access to
comparatively limited data, for example, medical imaging
analysis. The method also poses difficulties concerning
plausibility checking, explaining the process to patients, i.e.,
data legibility [23] for the development and implementation
of algorithms, and increasing the need for a statistical person
to classify data representatives. Above all, the particulars of
carrying out Differential Privacy in imaging information are
indistinct. Tabular information can be shuffled easily, but
image disturbance can have unexpected effects, according to
analysis, which shows that this form of manipulation (e.g.,
adversarial noise) can be used as both an algorithm attack
and a regularization method that increases robustness and
tolerance against inversion attacks. Therefore, before the
implementation of Differential Privacy in medical imaging
[13][23], further research is needed.
C. Federated Learning
Federated learning is a technique for training machine
learning models with the knowledge that we do not have
access to [13]. Data is collected, processed into a dataset, and
taken to the central server to train the dataset into any model,
and we achieve a predictive output. It helps us to take the
algorithm to the data instead of doing this federated learning,
and then carry the result to the central server. This implies
that the user would not be asked to upload their individual
information. Predictive maintenance is given by Federated
Learning. According to the outcomes in the central server,
predictive maintenance allows a forecast of when the system
will need maintenance. In the healthcare domain, federated
learning use cases for devices would allow the user to learn a
model of machine learning that will help patients improve
certain aspects of their health without having to upload their
data to a central cloud. Federated learning entails using a
wide corpus of high-quality decentralized data distributed
through several client devices for instruction. Since the
model is trained on client computers, no data from the user is
expected to be submitted. Keeping the client's personal data
on their computer gives them clear and physical control of
their information.
3
Authorized licensed use limited to: Chaitanya Bharathi Institute of Tech - HYDERABAD. Downloaded on October 16,2023 at 06:16:03 UTC from IEEE Xplore. Restrictions apply.
Formally, it is not possible to aggregate the data due to
privacy, legal constraints, hospital policy, and user
discomfort to train a machine learning model on a dataset to
make a prediction but based on the medical domain, where
federated learning will solve this problem by being able to
predict and therefore not allowing users or an entity to share
their data. Not only because of its stable and private model,
Federated Learning is better than any other machine learning
algorithm, but it can decrease the cost of uploading datasets
to the cloud by allowing training to take place within these
devices locally. PySyft is a federated learning toolkit, an
extension to the core toolkits of Deep Learning. There is a
popular toolkit for Pytorch to manage millions of devices on
the central server, so PySyft is used as a federated learning
toolkit for a connection between the device to device and the
central server to find an acceptable interface between them.
Smarter simulations decreased latency and lower use of
resources are assisted by Federated Learning, all while
retaining confidentiality. And this approach has another
immediate advantage: in addition to providing an update to
the shared model, the upgraded model on your machine can
also be used automatically, empowering interactions
customized to the way you use the phone.
Fig. 1. The procedure for Federated Learning
First, the Federated Learning method operates by
choosing a mathematical model to be trained by the central
server. Then the central server transmits to several nodes the
initial model. In addition, with their data, the nodes train the
data model locally. Finally, the central server pools the
effects of the model and produces one global model without
any concept being accessed.
D. Homomorphic Encryption
Homomorphic encryption (HE) is a form of encryption
that permits encoded information to be registered as plain
content or decoded information. Homomorphism is a
mathematical principle that states that a computation's
composition is preserved. Since the algorithm only supports
a few mathematical operations, such as addition and
multiplication, it cannot be combined with traditional
encryption algorithms like the Advanced Encryption
Standard (AES). However, a homomorphic algorithm has
been successfully applied to convolutional neural networks,
and its benefits can be used in a 'machine learning as a
service' situation, in which data is sent across the network to
be processed on a cloud. The algorithm can be used to
encrypt and decrypt medical images until the benefits of
homomorphic encryption in providing effective protection to
original data are understood. When a model has a sole
owner, homomorphic encryption allows the owner to encrypt
their model such that untrustworthy third parties cannot train
or use it without stealing it.

Fig. 2. Homomorphic Framework
The patient's evidence, such as documents and X-ray
images, is collected first. After that, the images are saved in
the DICOM regular format. The picture is transformed into a
matrix in a third stage to execute the encryption process on
this data. These matrix elements are sent one by one to the
proposed formula after being transformed into a matrix. The
main generation procedure is carried out in the next phase.
The public and private keys are now created based on
homomorphic property. The encryption operation is then
performed using these parameters. The encrypted image can
then be uploaded to the server. The image is then turned into
a matrix. The matrix is then transferred to the decryption
formula one by one. The picture is generated from the
decrypted matrix. The initial picture can be searched. These
encrypted files can be used by both researchers and
pharmacists.
E. Secure Multi-Party Computation
Secure Multi-Party Computation (SMPC) is a generic
cryptographic protocol for manipulating encrypted data
shares and transmitting them among parties in such a way
that no single party can disclose all of their private data.
Without an individual even having seen the data itself the
computing result may be announced, which can only be
retrieved by consent. Safe computing helps data scientists
and analysts to compute safely and privately on distributed
data without ever revealing it or transferring it. Consider, for
example, the issue of comparing the DNA of a person
against the DNA of a cancer patient database to find out
whether the person is in a speculative category for a certain
form of cancer. The DNA details of an individual are highly
delicate and should not be exposed to private organizations.
So, by using a robust and reliable multi-party computing
protocol that just tells the cancer community that the
individual's DNA is close to this case, the problem can be
solved. The secure multi-party computation secures that only
the cancer group and nothing else about the DNA of
someone is disclosed. SMPC research has recently improved
due to its ability to enable sensitive sharing in semi-trusted
and low-trust settings. In the background of genetic profiling
and diagnostics, SMPC has been used without disclosing the
patient's genetic data. In the medical imaging domain, SMPC
can be used to run experiments on datasets completely in the
encrypted domain, without affecting the results. SMPC will
thus help to maximize the successful volume of available
4
Authorized licensed use limited to: Chaitanya Bharathi Institute of Tech - HYDERABAD. Downloaded on October 16,2023 at 06:16:03 UTC from IEEE Xplore. Restrictions apply.
sensitive data without uncovering client personality or
gambling data spillage. There are certain SMPC limitations,
for example, the conditions for proceeding with information
transmission among parties and their online accessibility
[13][25][26].
F. Encrypted Deep Learning
Deep learning systems are now commonly used in
several applications, including facial recognition, medical
diagnosis, and many others. However, these devices are
subject to privacy attacks, which can jeopardize data
security, which may be dangerous and unethical insensitive
use cases including medical diagnosis. On account of their
distinction, the biological characteristics of the human body
are widely utilized in personality recognizable proof and
different fields. The objective data put away in the picture is
separated to perform data preparation as per the requirements
of the client through feature extraction. The principal
disadvantage of customary AI is that many parameters must
be manually set during the learning process. This flaw is
especially perceptible when managing large information and
high-dimensional complex data. Machine learning requires
deep learning technology, which uses an artificial neural
network to extract data attributes. The original information is
represented as a feature vector through feature learning,
which is input into a sub-learning system, and the sample is
then defined or detected. Feature learning is a technique for
defining and grading input samples.
Deep learning employs a nonlinear neural network model
to interpret raw data into elevated level conceptual portrayals
via nonlinear transformations. Deep learning is based on an
artificial neural network architecture [6]. Complex functions
are constructed after several linear transformations and
nonlinear transformations. The hypothesis of test
characterization is to improve the capacity to separate among
information and debilitate unimportant factors, shown by a
delineation of undeniable level articulation of unique
information: the picture is a multi-pixel network. The
features of the edge and position of the picture are addressed
by the principal layer of the model. In view of the features
separated by the primary layer to recognize the example, the
subsequent layer shows highlights like edges, while the
obstruction factor is overlooked. To show the part that has
clear recognition or arrangement help for the objective, the
third layer can additionally join and consolidate the
distinguished pictures [8].
Image encryption has higher security requirements.
Traditional image encryption technology, which implements
a feature extraction technique based on a machine-learning
algorithm, has a range of disadvantages, including image
pre-processing concerns, a superior grade of picture quality,
and the need to rehash the image procurement during the
decoding cycle to accomplish legitimate unscrambling.
We say that the data is continuously encrypted during the
whole process by private forecasts with deep learning. At no
point is the user exchanging raw data, just encrypted (that is,
hidden shared data). Syft Keras utilizes a library called TF
Encrypted under the hood to provide these private forecasts.
TF Encrypted incorporates cutting-edge methods with
cryptographic and machine learning, but you do not have to
think about anything and can work on the program for
machine learning. Private predictions for deep learning mean
that data is continuously encrypted throughout the entire
 phase. Patient-related clinical statistics are available in the
facility, but not for the researcher to identify correlations in
the data. To grasp the development of cancer. Also, privacy
issues can limit the availability of data. Data owners may
also lack the skills and abilities to create deep learning
models on their own to reap the benefits from their data.
Encrypted Deep learning predicts encrypted data while still
encrypting the model used for prediction.
With its outstanding learning capabilities, deep learning
has solved many unresolved problems in the field of artificial
intelligence in recent years and has seen exponential
progress. Deep learning is ideal for image encryption
because it has a high learning power, can manage massive
volumes of data, extracts key features correctly, and meets
the high-security criteria of image encryption.
IV. SECURE IMPLEMENTATION
Medical imaging has arguably seen some of the most
significant developments in AI technologies due to parallel
improvements in machine vision. Security and privacy
concerns, however, are not limited to medical imaging [27],
as seen, for example, in the 2019/2020 SARS-CoV2
pandemic, which ignited global concern about the effects of
large-scale automated contact detection and motion tracking,
setting political, ethical, and legal precedents, creating a need
for technological implementation of their secure and privacy-
protecting. A theoretical/mathematical guarantee of privacy
is given by encryption. However, there are also hardware-
level privacy protections, for instance in the form of
protected processors or enclaves implemented in mobile
devices [28]. For example, federated learning work processes
can preserve data and algorithm privacy despite the fact that
the working framework piece is disregarded. Since
equipment level deep learning algorithms, tensor preparing
units, or AI explicit guidance sets are turning out to be more
significant, such framework-based security will in all
guarantee that dependable execution conditions will turn out
to be more predominant incorporated into edge equipment
like phones.
V. CONCLUSION AND FUTURE WORK
The e-health care system is the most emerging and
developing system for the protection of personal health
records. A few problems in the privacy security of medical
data need to be addressed in the current scenario. To achieve
proper incoming data storage, indexing maintenance, and
accessing power, effective service is required. Furthermore,
finding an acceptable set of sanitization attributes will reduce
the side effects, especially when sensitive information
overlaps with non-sensitive information. Medical records
need to be held in big data storage in the healthcare cloud to
enable mobility and easy access for both patients and health
professionals. The researchers seek a major goal in
maintaining medical data privacy, which is to build a reliable
system to overcome the disadvantage of computational time
and expense when encrypting and decrypting data. However,
there is a great deal of work to be done to protect the privacy
of health care data to provide improved data protection. This
review paper offers an overview of health care data privacy
preservation and examines current methodologies by
advantages, restriction, and performance measurement. It
will help readers appreciate the state-of-the-art protection of
medical data in terms of privacy.
5
Authorized licensed use limited to: Chaitanya Bharathi Institute of Tech - HYDERABAD. Downloaded on October 16,2023 at 06:16:03 UTC from IEEE Xplore. Restrictions apply.
ACKNOWLEDGMENT
We thank Jalpa Mehta, Assistant Professor, Shah and
Anchor Kutchhi Engineering College, and Srikanth
Kodeboyina, CEO, Blue Eye Soft Corp who provided insight
and mastery that enormously helped the exploration, in spite
of the fact that they may not concur with every one of the
understandings/conclusions of this paper.
REFERENCES
[1] A. Vizitiu, C. I. Niţă, A. Puiu, C. Suciu and L. M. Itu, "Towards
Privacy-Preserving Deep Learning-based Medical Imaging
Applications," 2019 IEEE International Symposium on Medical
Measurements and Applications (MeMeA), Istanbul, Turkey, 2019,
pp. 1-6, doi: 10.1109/MeMeA.2019.8802193.
[2] Maximin Coavoux, Shashi Narayan, Shay B. Cohen Privacy-
preserving neural representations of text (2018), arXiv preprint
arXiv:1808.09408.
[3] Aslett, Louis JM, Pedro M. Esperança, and Chris C. Holmes,
Encrypted statistical machine learning: new privacy preserving
methods (2015), arXiv preprint arXiv:1508.06845.
[4] Graepel, Thore, et al., Machine Learning on Encrypted Data (2012),
ICISC 2012, LNCS 7839.
[5] Hesamifard, Ehsan, Hassan Takabi, and Mehdi Ghasemi, CryptoDL:
Deep neural networks over encrypted data (2017), arXiv preprint
arXiv:1711.05189.
[6] Hesamifard, Ehsan, et al., Privacy-preserving machine learning as a
service (2018), Proceedings on Privacy Enhancing Technologies.
[7] Gilad-Bachrach, Ran, et al., CryptoNets: Applying neural networks to
encrypted data with high throughput and accuracy (2016),
International Conference on Machine Learning.
[8] Surendra, H. & Mohan, H. S. A review of synthetic data generation
methods for privacy preserving data publishing. Int. J. Sci. Technol.
Res. 6, 95–101 (2017).
[9] Mohassel, Payman, and Yupeng Zhang, SecureML: A system for
scalable privacy-preserving machine learning (2017), 2017 IEEE
Symposium on Security and Privacy (SP).
[10] Bonawitz, Keith, et al., Practical secure aggregation for privacy-
preserving machine learning (2017), Proceedings of the 2017 ACM
SIGSAC Conference on Computer and Communications Security.
[11] Wang, Yue, Cheng Si, and Xintao Wu, Regression model fitting
under differential privacy and model inversion attack (2015), Twenty-
Fourth International Joint Conference on Artificial Intelligence.
[12] Lambin, P. et al. Radiomics: the bridge between medical imaging and
personalized medicine. Nat. Rev. Clin. Oncol. 14, 749–762 (2017).
[13] Kaissis, G.A., Makowski, M.R., Rückert, D. et al. Secure, privacy-
preserving, and federated machine learning in medical imaging. Nat
Mach Intell 2, 305–311 (2020).
[14] Abadi, M., et al.: Deep Learning with Differential Privacy. SIGSAC
Conference on Computer and Communications Security pp. 308–318
(2016).
[15] DICOM reference guide. Health Dev. 30, 5–30 (2001).
[16] Al-Rubaie, M. & Chang, J. M. Privacy-preserving machine learning:
threats and solutions. IEEE Secur. Priv. 17, 49–58 (2019).
[17] Price, W. N. & Cohen, I. G. Privacy in the age of medical big data.
Nat. Med. 25, 37–43 (2019).
[18] HIPAA. US Department of Health and Human Services
ttps://www.hhs.gov/hipaa/index.html (2020).
[19] Shokri, R., Stronati, M., Song, C. & Shmatikov, V. Membership
inference attacks against machine learning models. In Proc. 38th
IEEE Symp. Security and Privacy https://doi.org/10.1109/SP.2017.41
(IEEE, 2017).
[20] Konečný, J. et al. Federated learning: strategies for improving
communication efficiency. Preprint https://arxiv.org/abs/1610.05492
(2016).
[21] Rieke, N. et al. The future of digital health with federated learning.
Preprint at https://arxiv.org/abs/2003.08119 (2020).
[22] R. Miotto, F. Wang, S. Wang, X. Jiang, and J. T. Dudley, “Deep
learning for healthcare: review, opportunities and challenges,”
Briefings in Bioinformatics, vol. 19, no. 6, pp. 1236–1246, 05 2017.
[Online]. Available: https://dx.doi.org/10.1093/bib/bbx044
[23] Maintaining Privacy in Medical Data with Differential Privacy.
Available at: https://blog.openmined.org/maintaining-privacy-in-
medical-data-with-differential-privacy/
 [24] A.M. Vengadapurvaja, G. Nisha, R. Aarthy, N. Sasikaladevi: An Available at: https://www.inpher.io/technology/what-is-secure-
Efficient Homomorphic Medical Image Encryption Algorithm For multiparty-computation
Cloud Storage Security, 7th International Conference on Advances in [27] Qayyum, A., Qadir, J., Bilal, M. & Al-Fuqaha, A. Secure and robust
Computing & Communications, ICACC-2017, 22-24 August 2017, machine learning for healthcare: a survey. Preprint at
Cochin, India Available at: www.sciencedirect.com https://arxiv.org/ abs/2001.08103 (2020).
[25] What is Secure Multiparty Computation (MPC)? [28] Apple Platform Security
Available at: https://www.unboundtech.com/blog/secure-multiparty- https://support.apple.com/guide/security/secure-enclave-overview-
computation-mpc/ sec59b0b31f/web (2020).
[26] What is Secure Multiparty Computation?

6
Authorized licensed use limited to: Chaitanya Bharathi Institute of Tech - HYDERABAD. Downloaded on October 16,2023 at 06:16:03 UTC from IEEE Xplore. Restrictions apply.