Protecting Patient Privacy in Healthcare Analytics with Fully Homomorphic Encryption and Differential Privacy

Abstract

Data analytics in the healthcare domain requires access to sensitive patient information, creating conflicting interests between the need for usability and privacy requirements. Fully Homomorphic Encryption (FHE) enables computation on encrypted data, while Differential Privacy (DP) protects individuals against inference attacks by introducing controlled noise into aggregate query results. This thesis investigates the combined use of FHE and DP for privacy-preserving healthcare analytics and evaluates the resulting privacy guarantees, performance, and practical limitations. Three aggregation queries are implemented and evaluated in a multi-party privacy-preserving system using multiple FHE schemes and libraries, including the BFV, BGV, CKKS, and TFHE schemes using the Microsoft SEAL and Concrete FHE libraries. Performance, accuracy, ciphertext expansion, and compliance to confidentiality and availability requirements are assessed using a synthetic healthcare dataset. The results show that combining FHE and DP strengthens protection against eavesdropping and membership inference attacks compared to using either of the methods alone. However, the increased privacy comes at a large cost in performance and usability. Encrypted query execution is orders of magnitude slower than plaintext execution, and current FHE libraries provide limited support for common statistical operations. Additionally, even in the best case, ciphertexts span several megabytes for a single value, although this can be partially mitigated through compression prior to storage or network transmission. Finally, executing homomorphic computations in an insecure environment could expose encrypted data to side-channel attacks such as power measurement or timing attacks. These limitations represent a significant hindrance for large-scale deployment of FHE in statistical contexts. Improvements to the FHE ecosystem in regards to performance and usability could enable future large-scale deployment.