Despite the transformative potential of predictive modeling in digitized healthcare, stringent data sovereignty laws such as Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR), alongside the risk of catastrophic privacy breaches, severely restrict the centralization of sensitive patient records. While Federated Learning (FL) provides a decentralized alternative, standard implementations remain vulnerable to gradient inversion and membership inference attacks that can compromise individual identities. To address these vulnerabilities, we propose TrustMed, a multi-layered privacy-preserving FL framework. Our methodology integrates a containerized microservices architecture with a robust security stack that combines the SecAgg+ protocol for cryptographic weight masking and Central Differential Privacy for statistical safeguarding. Furthermore, we introduce Targeted Clinical Augmentation (TCA) to correct learned confounding and class imbalances inherent in rare medical profiles within the Framingham Heart Study dataset. Experimental results demonstrate that TrustMed achieves a high diagnostic performance with an AUC-ROC of 79.19% and a clinical sensitivity of 97.0% over 30 federated rounds, while maintaining a strict privacy budget of ??1,453. The significance of this work lies in its ability to facilitate secure, high-accuracy institutional collaboration without violating data sovereignty, establishing a scalable blueprint for decentralized medical informatics and autonomous healthcare logistics.
Introduction
This text presents TrustMed, a secure federated learning (FL) framework designed for predicting 10-year coronary heart disease (CHD) risk while protecting patient privacy. Cardiovascular diseases are a leading cause of global mortality, and accurate risk prediction is essential in preventive cardiology. Traditional models, such as the Framingham Risk Score, rely on centralized data, which creates privacy and security concerns under regulations like HIPAA and GDPR.
Federated learning addresses this issue by allowing multiple healthcare institutions to collaboratively train machine learning models without sharing raw patient data. However, FL alone does not guarantee privacy because attackers may reconstruct patient information from model gradients using techniques such as Deep Leakage from Gradients (DLG).
The TrustMed framework improves FL security through several components:
Hybrid Privacy Stack: Combines Secure Aggregation (SecAgg+) and Gaussian Differential Privacy to protect against gradient leakage and inference attacks.
Targeted Clinical Augmentation (TCA): Reduces bias caused by underrepresented patient groups and learned confounding without requiring external datasets.
Dynamic Orchestration: Uses a microservices-based architecture with tools such as FastAPI, Redis, and Flower for scalable FL management.
Clinically Calibrated Optimization: Uses weighted loss functions to improve heart disease screening performance.
Explainable AI (XAI): Integrates SHAP (SHapley Additive exPlanations) to help clinicians understand model predictions.
Ablation Analysis: Evaluates the contribution of each system component to performance and security.
The literature review discusses the development of federated learning, its healthcare applications, privacy challenges, secure aggregation methods, differential privacy, and explainable AI. FL enables healthcare organizations to collaborate while maintaining data privacy, but challenges remain due to non-identical data distributions, communication limitations, and security threats.
The TrustMed architecture follows a microservices approach:
Hospitals securely upload local datasets to protected client systems.
Data is cleaned and enhanced using TCA.
Federated training begins once enough institutions participate.
Secure model updates are exchanged using encrypted communication.
Doctors receive risk predictions with SHAP-based explanations.
The system includes:
A Control API for authentication and coordination.
Redis for maintaining system states.
Flower framework for federated training.
Client Sidecars inside hospital networks to protect raw data.
An Inference API for clinical prediction and explanations.
For evaluation, the system uses the Framingham Heart Study dataset, containing 4,268 records, with the target variable being TenYearCHD (risk of coronary heart disease within 10 years). The dataset is divided into multiple institutional data shards for FL simulation and a separate test set.
The model uses 12 important clinical features, including:
Age
Sex
Smoking status
Blood pressure
Cholesterol
Diabetes
BMI
Glucose levels
Low-value features such as heart rate were removed because they provided little predictive benefit and could reduce privacy efficiency.
Conclusion
This study has successfully demonstrated the implementation of TrustMed, a comprehensive end-to-end framework for privacy-preserving federated learning. By integrating the state-of-the-art SecAgg+ cryptographic protocol with Central Differential Privacy, we have built a system that maintains high diagnostic utility while strictly adhering to HIPAA and GDPR sovereignty requirements. Our findings indicate that the clinical limitations of decentralized data, such as learned confounding and class imbalance, can be effectively mitigated through the proposed Targeted Clinical Augmentation (TCA) and cost-sensitive optimization. With a global model achieving an AUC-ROC of 79.19% and a critical clinical sensitivity of 97.0%, TrustMed proves that institutional collaboration in healthcare can thrive without the need for risky data centralization.
References
[1] N. Truong et al., “Privacy Preservation in Federated Learning: An insightful survey from the GDPR perspective,” Computers & Security, 2021.
[2] B. McMahan, E. Moore, D. Ramage, S. Hampson, and B. A. y Arcas, “Communication-Efficient Learning of Deep Networks from Decentralized Data,” AISTATS, 2017.
[3] L. Zhu, Z. Liu, and S. Han, “Deep Leakage from Gradients,” NeurIPS, 2019.
[4] J. H. Bell et al., “Secure Aggregation for Federated Learning via One-Round Reconstruction,” NeurIPS, 2020.
[5] M. Abadi et al., “Deep Learning with Differential Privacy,” CCS, 2016.
[6] S. M. Lundberg and S. I. Lee, “A Unified Approach to Interpreting Model Predictions,” NeurIPS, 2017.
[7] T. Li, A. K. Sahu, A. Talwalkar, and V. Smith, “Federated Learning: Challenges, Methods, and Future Directions,” IEEE Signal Processing Magazine, 2020.
[8] P. Kairouz et al., “Advances and Open Problems in Federated Learning,” Foundations and Trends in Machine Learning, 2021.
[9] D. J. Beutel et al., “Flower: A Friendly Federated Learning Framework,” arXiv preprint arXiv:2007.14390, 2020.
[10] C. He et al., “FedML: A Research Library and Benchmark for Federated Machine Learning,” NeurIPS, 2020.
[11] N. Rieke et al., “The future of digital health with federated learning,” NPJ Digital Medicine, vol. 3, no. 1, pp. 1–7, 2020.
[12] G. A. Kaissis et al., “Secure, privacy-preserving and federated machine learning in medical imaging,” Nature Machine Intelligence, 2020.
[13] W. Li et al., “Privacy-preserving federated learning for medical image analysis,” Medical Image Analysis, 2019.
[14] T. S. Brisimi et al., “Federated learning of predictive models from heterogeneous healthcare data,” Journal of Biomedical Informatics, 2018.
[15] Dayan et al., “Federated learning for predicting clinical outcomes in patients with COVID-19,” Nature Medicine, 2021.
[16] D. C. Nguyen et al., “Federated Learning for Smart Healthcare: A Survey,” ACM Computing Surveys, 2022.
[17] R. Khurana et al., “Federated Learning for Heart Disease Prediction using Secure Protocols,” IEEE Access, 2023.
[18] K. Bonawitz et al., “Practical Secure Aggregation for Privacy-Preserving Machine Learning,” CCS, 2017.
[19] F. Mo et al., “PPFL: Privacy-preserving federated learning with trusted execution environments,” MobiSys, 2021.
[20] C. Zhang et al., “Confidential Computing in Healthcare: Leveraging TEEs for Federated Analytics,” IEEE TIFS, 2024.
[21] R. C. Geyer et al., “Differentially Private Federated Learning: A Client Level Perspective,” NIPS Workshop, 2017.
[22] K. Wei et al., “Federated Learning with Differential Privacy: Algorithms and Performance Analysis,” IEEE Transactions on Information Forensics and Security, 2020.
[23] N. K. Mukhopadhyay et al., “Differential Privacy and Secure Aggregation Algorithms in Federated Training,” Journal of Privacy and Security, 2026.
[24] G. Luo, “ML for healthcare: An overview of interpretability and transparency,” Journal of Medical Systems, 2016.
[25] Z. Wang et al., “Interpretability in Federated Learning: A Survey,” arXiv, 2020.
[26] J. Zhu et al., “Explainable Federated Learning: A Survey and Framework,” arXiv, 2021.
[27] R. B. D’Agostino et al., “General cardiovascular risk profile for use in primary care: The Framingham Heart Study,” Circulation, 2008.
[28] E. Yuda et al., “Machine-Learning Insights from the Framingham Heart Study,” Applied Sciences, 2025.