Wavelet-Domain Privacy SGD (WDP-SGD): FrequencySelective Privacy-Preserving Medical AI.

Wavelet-Domain Privacy SGD (WDP-SGD): FrequencySelective Privacy-Preserving Medical AI. | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Wavelet-Domain Privacy SGD (WDP-SGD): FrequencySelective Privacy-Preserving Medical AI. Swathi Lakshmi Durga K, Valli Kumari Vatsavayi This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-7778273/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract Protecting sensitive medical data during training is critical because transformer gradients can leak patient-specific information. We introduce a privacy-preserving clinical AI framework that integrates three complementary elements: (i) Bayesian synthetic data generation to produce epidemiologically realistic yet non-identifiable electronic health records, (ii) Wavelet-Domain Privacy Stochastic Gradient Descent(WDP-SGD) to apply frequency-selective noise to gradient updates of BERT-based classifiers, and (iii) multi-modal privacy auditing to empirically monitor potential information leakage. Unlike conventional differential privacy, which injects uniform noise, WDP-SGD perturbs high-frequency gradient components that disproportionately encode patient-specific information while preserving low-frequency components containing generalisable medical knowledge. Applied to a large synthetic medical text corpus covering multiple conditions, our approach consistently delivers stronger privacy protection and improved model performance relative to standard DP-SGD while maintaining convergence behaviour close to a non-private baseline. Privacy attack simulations, including membership inference, attribute inference and gradient reconstruction, further demonstrate enhanced resilience to adversarial attempts to extract sensitive information. These results indicate that wavelet-based differential privacy offers a practical pathway to privacy-conscious clinical language models, achieving a more favourable balance between privacy and utility than existing uniform-noise methods. BERT Clinical Text Classification Differential Privacy Healthcare Data Protection Medical AI Privacy-Preserving Machine Learning Wavelet Transform Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-7778273","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":524572335,"identity":"4b947616-9bbc-4eff-a584-4aa52820a1fb","order_by":0,"name":"Swathi Lakshmi Durga K","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAA5klEQVRIiWNgGAWjYBACCRDB2CBRzyZ/+ACIL0OcloMNEgl8EmwJID4PsVoYEuQkeAxAbMJaJPvPGH7+uMMij0265/OrGzUWPAzsh49uwKdFWiLHWOLgGYliNpmz26xzjgEdxpOWdgOfFjkJ3g0SB9skGNsYcrcZ57ABtUjwmOHXwn928w+Ilpxnxjn/iNAiDTQcZEtim0QO8+PcNiK0SM7I/2Zxtk3CmI3nmBlzbp8EDxshv0icP5Z8o7KtTk6+vfnx55xvdXL87IeP4dWCDNjAkcRGrHIQYP5AiupRMApGwSgYOQAATBtGAxBUspYAAAAASUVORK5CYII=","orcid":"","institution":"Andhra University","correspondingAuthor":true,"prefix":"","firstName":"Swathi","middleName":"Lakshmi Durga","lastName":"K","suffix":""},{"id":524572338,"identity":"8cab81fa-bcdd-4b7b-88b1-5a006b646bb2","order_by":1,"name":"Valli Kumari Vatsavayi","email":"","orcid":"","institution":"Andhra University","correspondingAuthor":false,"prefix":"","firstName":"Valli","middleName":"Kumari","lastName":"Vatsavayi","suffix":""}],"badges":[],"createdAt":"2025-10-04 07:53:24","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-7778273/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-7778273/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":92979451,"identity":"8401bc7f-34de-418a-936b-5eaad5f3fdc2","added_by":"auto","created_at":"2025-10-07 18:59:45","extension":"json","order_by":0,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":5004,"visible":true,"origin":"","legend":"","description":"","filename":"2906c01b99c7419fbf6515d385b8dcda.json","url":"https://assets-eu.researchsquare.com/files/rs-7778273/v1/f5bc1ae93302e28f183e1a2d.json"},{"id":93702287,"identity":"8f839fff-4c1f-462d-be55-652f5140292c","added_by":"auto","created_at":"2025-10-16 15:47:00","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":632436,"visible":true,"origin":"","legend":"","description":"","filename":"WDPSGDIJISManuscript.pdf","url":"https://assets-eu.researchsquare.com/files/rs-7778273/v1_covered_f79614a7-968a-4177-bac4-506aa0d90dfa.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"Wavelet-Domain Privacy SGD (WDP-SGD): FrequencySelective Privacy-Preserving Medical AI.","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":true,"hideJournal":true,"highlight":"","institution":"","isAcceptedByJournal":false,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"BERT, Clinical Text Classification, Differential Privacy, Healthcare Data Protection, Medical AI, Privacy-Preserving Machine Learning, Wavelet Transform","lastPublishedDoi":"10.21203/rs.3.rs-7778273/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-7778273/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"Protecting sensitive medical data during training is critical because transformer gradients can leak patient-specific information. We introduce a privacy-preserving clinical AI framework that integrates three complementary elements: (i) Bayesian synthetic data generation to produce epidemiologically realistic yet non-identifiable electronic health records, (ii) Wavelet-Domain Privacy Stochastic Gradient Descent(WDP-SGD) to apply frequency-selective noise to gradient updates of BERT-based classifiers, and (iii) multi-modal privacy auditing to empirically monitor potential information leakage. Unlike conventional differential privacy, which injects uniform noise, WDP-SGD perturbs high-frequency gradient components that disproportionately encode patient-specific information while preserving low-frequency components containing generalisable medical knowledge. Applied to a large synthetic medical text corpus covering multiple conditions, our approach consistently delivers stronger privacy protection and improved model performance relative to standard DP-SGD while maintaining convergence behaviour close to a non-private baseline. Privacy attack simulations, including membership inference, attribute inference and gradient reconstruction, further demonstrate enhanced resilience to adversarial attempts to extract sensitive information. These results indicate that wavelet-based differential privacy offers a practical pathway to privacy-conscious clinical language models, achieving a more favourable balance between privacy and utility than existing uniform-noise methods.","manuscriptTitle":"Wavelet-Domain Privacy SGD (WDP-SGD): FrequencySelective Privacy-Preserving Medical AI.","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2025-10-07 18:59:41","doi":"10.21203/rs.3.rs-7778273/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"62efeb5e-028c-48ac-af90-5b00798c683f","owner":[],"postedDate":"October 7th, 2025","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[],"tags":[],"updatedAt":"2025-10-16T15:38:46+00:00","versionOfRecord":[],"versionCreatedAt":"2025-10-07 18:59:41","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-7778273","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-7778273","identity":"rs-7778273","version":["v1"]},"buildId":"8U1c8b4HqxoKbykW_rLl7","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}