# A Pragmatic Framework for Federated Learning Risk and Governance in Academic Medical Centers

**Authors:** Daniel Bottomly, Bridget Barnes, Kuli Mavuwa, Nikki Lee, Holger R Roth, Chester Chen, Shannon K McWeeney

PMC · DOI: 10.2196/80022 · 2026-02-27

## TL;DR

This paper introduces a practical framework to manage risks and governance in federated learning for academic medical centers.

## Contribution

The paper presents a novel risk differentiation framework and governance tools aligned with international standards for federated learning in biomedical settings.

## Key findings

- Federated learning can enhance data privacy in AI model development for academic medical centers.
- A risk matrix and governance artifacts are proposed to address security and operational challenges in federated learning.
- The framework is aligned with NIST AI RMF and ISO/IEC 42001 standards for biomedical data governance.

## Abstract

With the rapid development of artificial intelligence (AI), particularly large language models, there is growing interest in adopting AI approaches within academic medical centers (AMCs). However, the vast amounts of data required for AI and the sensitive nature of medical information pose significant challenges to developing high-performing models at individual institutions. Furthermore, recent changes in government funding priorities may result in the decentralization of biomedical data repositories that risk creating significant barriers to effective data sharing and robust model development. This has generated significant interest in federated learning (FL), which enables collaborative model training without transferring data between institutions, thereby enhancing the protection of proprietary and sensitive information. While FL offers a crucial pathway to enable multi-institutional AI development while maintaining data privacy, it also exposes AMCs to novel governance, security, and operational risks that are not fully addressed by existing procedures. In response, this manuscript provides a perspective grounded in both leading international standards (NIST AI RMF [National Institute of Standards and Technology Artificial Intelligence Risk Management Framework], International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) 42001) and in the real-world governance experience of AMC leadership. We present a risk differentiation framework, an FL risk matrix, and a set of essential governance artifacts—each mapped to key institutional challenges and reviewed for alignment with core standards but offered as pragmatic, illustrative guides rather than prescriptive checklists. Together, these tools represent a novel resource to support AMC security, privacy, and governance leaders with standards-informed, context-sensitive tools for addressing the evolving risks of FL in biomedical research and clinical environments.

## Full-text entities

- **Genes:** FLT3LG (fms related receptor tyrosine kinase 3 ligand) [NCBI Gene 2323] {aka FL, FLG3L, FLT3L, IMD125}, SRPRA (SRP receptor subunit alpha) [NCBI Gene 6734] {aka DP, SRPR, Sralpha}
- **Diseases:** DP (MESH:D012734), AI (MESH:C538142), AMCs (MESH:D007859), AMC (MESH:C563086), Cancer (MESH:D009369), poisoning (MESH:D011041)
- **Chemicals:** FL (-)
- **Species:** Homo sapiens (human, species) [taxon 9606]

## Figures

1 figure with captions in the complete paper: https://tomesphere.com/paper/PMC12977002/full.md

---
Source: https://tomesphere.com/paper/PMC12977002