Differential Privacy-Preserving GANs for De-Identification of Medical Images in Federated Health Networks
Аннотация
The growing use of AI in healthcare requires large-scale sharing of medical images, which raises serious concerns about patient privacy and data security. To address these challenges, de-identification techniques are used to anonymize medical images before sharing across federated health networks. However, existing methods often suffer from utility degradation, inadequate privacy guarantees, and risks of re-identification through advanced attacks. This paper proposes a novel Differentially Private Federated GAN (DP-FedGAN) framework that integrates Differential Privacy into Generative Adversarial Networks trained in a federated setting. Each medical institution trains a local generative adversarial network (GAN) using differentially private stochastic gradient descent (DP-SGD), and model updates are aggregated securely using the FedAvg algorithm. This ensures data never leaves the local nodes while providing rigorous privacy protection. The proposed method is applied to de-identify chest X-ray images for downstream pneumonia diagnosis, preserving diagnostic features while removing identifiable information. Experimental results demonstrate that DP-FedGAN achieves strong visual fidelity, maintains high classification accuracy, and resists membership inference attacks, proving its effectiveness for secure, privacy-preserving medical image sharing in federated environments.