Artificial intelligence (AI) applications in healthcare and medicine have increased in recent years. To enable access to personal data, Trusted Research environments (TREs) provide safe and secure environments in which researchers can access sensitive personal data and develop Artificial Intelligence (AI) and Machine Learning models. However currently few TREs support the use of automated AI-based modelling using Machine Learning. Early attempts have been made in the literature to present and introduce privacy preserving machine learning from the design point of view [1]. However, there exists a gap in the practical decision-making guidance for TREs in handling models disclosure. Specifically, the use of machine learning creates a need to disclose new types of outputs from TREs, such as trained machine learning models. Although TREs have clear policies for the disclosure of statistical outputs, the extent to which trained models can leak personal training data once released is not well understood and guidelines do not exist within TREs for the safe disclosure of these models. In this paper we introduce the challenge of disclosing trained machine learning models from TREs. We first give an overview of machine learning models in general and describe some of their applications in healthcare and medicine. We define the main vulnerabilities of trained machine learning models in general. We also describe the main factors affecting the vulnerabilities of disclosing machine learning models. This paper also provides insights and analyses methods that could be introduced within TREs to mitigate the risk of privacy breaches when disclosing trained models.
翻译:近年来,为了便于获取个人数据,受信任的研究环境提供了安全可靠的环境,使研究人员能够获取敏感的个人数据,并开发人工智能和机器学习模式。然而,目前很少有技术资源支持使用机械学习的自动AI型模型。文献中已初步尝试从设计角度介绍和引入隐私保护机器学习[1]。然而,在处理模型披露方面,在TRES的实际决策指导方面存在差距。具体地说,使用机器学习使得需要披露TRES的新型产出,例如经过培训的机器学习模式。虽然TRES有明确的政策披露统计产出,但经过培训的模式在发布后能够泄漏个人培训数据的程度并没有得到很好理解,在TRES内部没有关于安全披露这些模型的指导方针。在本文中,我们介绍了从TRES披露经过培训的机器学习模式的挑战。我们首先概要介绍了一般的机器学习模式,并描述了在医疗和医学领域应用的一些新类型,例如经过培训的机器学习模式。我们还可以在经过培训的模型中描述经培训的个人培训的弱点,从而了解在机器的深度评估过程中,我们还可以确定经培训的弱点。