Privacy-Preserving EHR Data Transformation via Geometric Operators: A Human-AI Co-Design Technical Report

TL;DR

This paper introduces a novel data transformation framework for privacy-preserving sharing of electronic health records, maintaining data utility while protecting patient privacy through geometric operators and collaborative human-AI design.

Contribution

It presents a new approach using geometric operators for data transformation that preserves clinical data utility and ensures privacy, supported by theoretical and empirical analysis.

Findings

Transforms maintain medical semantics and statistical properties.

Provably breaks linkage between data views and patient attributes.

Effective against reconstruction, linkage, and inference attacks.

Abstract

Electronic health records (EHRs) and other real-world clinical data are essential for clinical research, medical artificial intelligence, and life science, but their sharing is severely limited by privacy, governance, and interoperability constraints. These barriers create persistent data silos that hinder multi-center studies, large-scale model development, and broader biomedical discovery. Existing privacy-preserving approaches, including multi-party computation and related cryptographic techniques, provide strong protection but often introduce substantial computational overhead, reducing the efficiency of large-scale machine learning and foundation-model training. In addition, many such methods make data usable for restricted computation while leaving them effectively invisible to clinicians and researchers, limiting their value in workflows that still require direct inspection, exploratory analysis, and human interpretation. We propose a real-world-data transformation framework for privacy-preserving sharing of structured clinical records. Instead of converting data into opaque representations, our approach constructs transformed numeric views that preserve medical semantics and major statistical properties while, under a clearly specified threat model, provably breaking direct linkage between those views and protected patient-level attributes. Through collaboration between computer scientists and the AI agent \textbf{SciencePal}, acting as a constrained tool inventor under human guidance, we design three transformation operators that are non-reversible within this threat model, together with an additional mixing strategy for high-risk scenarios, supported by theoretical analysis and empirical evaluation under reconstruction, record linkage, membership inference, and attribute inference attacks.