In the era of digital health transformation, the integration of patient data across disparate registries poses significant challenges to privacy and security, while enabling advanced artificial intelligence (AI) applications in healthcare systems and analytics. This narrative review synthesizes peer-reviewed literature to propose a principled framework for privacy-preserving patient identity resolution in multi-source record linkage. Drawing on advancements in federated learning, homomorphic encryption, and secure multiparty computation, the framework addresses the core tension between data utility for AI-driven clinical analytics and the imperative to safeguard patient confidentiality. We examine how AI techniques facilitate secure linkage of electronic health records (EHRs) without centralized data aggregation, enabling distributed analytics for precision medicine, population health monitoring, and real-time decision support. Key systems-level considerations include architectural designs that incorporate differential privacy mechanisms to mitigate re-identification risks during identity matching processes, such as probabilistic record linkage enhanced by machine learning models. The review highlights integrative approaches where AI models operate on encrypted data silos, preserving linkage accuracy while complying with regulatory standards like HIPAA and GDPR. For instance, multiparty homomorphic encryption allows collaborative identity resolution across registries without exposing raw identifiers, supporting analytics pipelines for disease outbreak tracking and personalized treatment pathways. We discuss closed-loop healthcare systems where resolved identities feed into AI analytics for predictive modeling, such as inferring multimodal latent topics from EHRs to inform clinical outcomes. The framework emphasizes governance layers, including ethical oversight for algorithmic fairness in linkage processes that could exacerbate health disparities. By structuring the synthesis around data ingestion, secure linkage, AI inference, and feedback loops, this review positions privacy-preserving identity resolution as a foundational enabler for scalable AI in healthcare infrastructure. It underscores the need for interdisciplinary integration of computational techniques with clinical workflows to achieve equitable, secure multi-source data utilization. Ultimately, the proposed framework offers a roadmap for deploying AI systems that balance innovation in healthcare analytics with robust privacy protections, fostering trust in digital health ecosystems.
Diabetic retinopathy is a leading cause of preventable blindness, with fundus photography commonly used for early detection and severity grading, while deep learning models have shown strong performance in classification but require large, diverse multi-center datasets that are difficult to obtain due to privacy and regulatory restrictions. Because fundus images are protected health information, hospitals cannot share data, resulting in isolated datasets that limit model generalizability across different populations, imaging devices, and clinical settings. To overcome this limitation, a hybrid framework combining federated learning with homomorphic encryption is proposed, allowing multiple hospitals to collaboratively train a shared model without exchanging raw images or plaintext gradients. Each institution performs local training and transmits only encrypted model updates to a central server for secure aggregation, ensuring that patient data remains fully protected while still enabling global model improvement. This approach also mitigates gradient leakage and reconstruction attacks, supports compliance with regulations such as HIPAA and GDPR, and enables scalable, fault-tolerant deployment across heterogeneous healthcare systems, ultimately providing a privacy-preserving pathway for robust multi-center diabetic retinopathy detection.
Clinical Intelligence Research Press