Homomorphic Encryption for AI in Healthcare
Post Summary
Homomorphic encryption (HE) is changing how healthcare organizations protect patient data while using AI for analysis. Here's why it matters:
- What it solves: Traditional methods require decrypting data for processing, creating a risk of data breaches. HE allows computations directly on encrypted data, ensuring privacy at all times.
- How it works: HE keeps data encrypted during storage, transit, and processing. Results are decrypted only by the data owner, matching those from unencrypted data.
- Why it’s important: It aligns with strict regulations like HIPAA and GDPR, solving privacy challenges in AI while preserving data utility for analytics and model training. This shift is critical as cybersecurity in healthcare evolves to prioritize patient safety alongside data protection.
Recent advancements prove HE's practicality. For instance, a lung cancer classification system in 2025 achieved 90.02% accuracy using encrypted medical images, with reduced data transmission costs. However, HE comes with challenges like slower processing and higher computational demands, especially for complex tasks.
Key types include:
- PHE: Simple, supports one operation (addition or multiplication), suitable for basic tasks.
- SHE: Handles both operations but with limits, good for smaller models.
- FHE: Supports unlimited operations, ideal for complex AI tasks like deep learning but requires more resources.
Ongoing research focuses on improving speed, reducing overhead, and ensuring quantum resistance. Tools like Microsoft SEAL and OpenFHE are helping healthcare organizations implement HE, while hardware acceleration addresses performance bottlenecks. Despite challenges, HE is becoming a practical option for privacy-preserving AI in healthcare.
How to generate knowledge by using encryption & AI models | A healthcare story
sbb-itb-535baee
Types of Homomorphic Encryption for Healthcare
Comparison of Three Types of Homomorphic Encryption for Healthcare AI
Homomorphic encryption comes in three main types: Partially Homomorphic Encryption (PHE), Somewhat Homomorphic Encryption (SHE), and Fully Homomorphic Encryption (FHE). Each type supports different operations and has varying computational requirements, making it essential for healthcare organizations to understand these distinctions when choosing a solution. Third-party vendor risk management plays a key role in selecting the right encryption method for tasks like secure AI model training, as demonstrated in recent research and performance benchmarks.
Partially Homomorphic Encryption (PHE)
PHE allows only one type of operation - either addition or multiplication - on encrypted data [3]. This simplicity makes it suitable for tasks like calculating aggregate patient statistics while keeping individual data secure during AI processing [3]. Thanks to its low computational demands, PHE is ideal for environments with limited resources, such as mobile devices or Internet of Medical Things (IoMT) sensors [3]. Common PHE schemes include RSA and Paillier, though these older methods are vulnerable to quantum computing threats [5].
In July 2025, researcher Kratika Jain from Teerthanker Mahaveer University found that using the Paillier scheme for AI model training was about 3.7 times slower than plaintext processing [6]. Despite this slowdown, PHE remains a practical choice for straightforward tasks in resource-constrained settings.
Somewhat Homomorphic Encryption (SHE)
SHE builds on PHE by supporting both addition and multiplication, though only for a limited number of operations due to noise accumulation in the ciphertext [3]. Each operation adds noise, and excessive computations can eventually corrupt the data. This makes SHE a good fit for basic machine learning tasks and secure data aggregation in sensor networks, such as combining readings from wearable health monitors without decrypting them [3].
Hospitals might use SHE for running simple predictive models on encrypted patient data. Popular SHE schemes include BGV, BFV, and YASHE, offering more flexibility than PHE while maintaining a balance between security and computational efficiency.
Fully Homomorphic Encryption (FHE)
FHE is the most advanced form of homomorphic encryption, supporting unlimited addition and multiplication operations on encrypted data [3]. This capability enables complex computations, making FHE particularly useful for tasks like deep learning in genomic and imaging analysis [3]. As Lee CH, Lim KH, and Eswaran S explained:
"FHE is the most powerful type of HE as it supports unlimited numbers of both additive and multiplicative operations on encrypted data." [3]
The CKKS scheme, a popular FHE variant, ensures precision in medical AI computations with an error margin as low as 0.000001 [4]. However, FHE's benefits come with trade-offs. For instance, bootstrapping - a process used to refresh ciphertexts and manage noise - adds about 25% overhead to total training time [6].
In a simulation conducted in July 2025 using the UCI Heart Disease dataset, training with FHE (CKKS) took 138.2 seconds compared to 12.8 seconds for plaintext, representing a 10.8× slowdown [6]. Additionally, ciphertexts were roughly 18 times larger than plaintext, which could impact clinical workflows. This is particularly critical as organizations face the economic impact of third-party risk when implementing new technologies. Despite these challenges, FHE inference can achieve latencies under 20 milliseconds per sample, making it viable for many batch-processing scenarios in healthcare [6]. Popular FHE schemes include CKKS, TFHE, and Gentry's original 2009 scheme [3].
A specialized version called Fully Leveled Homomorphic Encryption (FLHE) has emerged to address noise growth for specific machine learning tasks. FLHE optimizes performance for a fixed number of neural network layers, making it particularly effective for deep learning diagnostics [3]. This approach refines FHE principles to enhance performance in complex healthcare applications, setting the stage for further advancements.
Recent Research in Homomorphic Encryption for Healthcare AI
Homomorphic encryption is making strides in healthcare, tackling real-world challenges like cyber risk management in healthcare by enabling hospitals to train AI models collaboratively without compromising patient privacy and securely processing genomic data. These developments address the computational hurdles that have historically limited its use in clinical settings.
Multi-Institutional AI Models Using Homomorphic Encryption
Recent work has shown how homomorphic encryption can support collaborative AI efforts across institutions. In January 2025, researchers Abdulkadir Korkmaz and Praveen Rao introduced the FAS (Fast and Secure) framework. This method selectively encrypts high-risk model parameters instead of encrypting the entire AI model, significantly improving efficiency. Tested on 11 physical machines using medical imaging datasets, FAS demonstrated a 90% speed boost compared to standard fully homomorphic encryption (FHE) methods and outperformed systems like FedML-HE by operating 1.5 times faster [7].
Genomic and Medical Image Analysis Applications
Homomorphic encryption is becoming a critical tool for safeguarding sensitive healthcare data, particularly in genomics. In August 2025, Anish Chakraborty and Nektarios Georgios Tsoutsos from the University of Delaware developed a federated framework using the TFHE cryptosystem. This system securely identified DNA promoter sequences across five local clients, enabling analysis of genotype data without exposing raw genetic information [8].
Medical imaging has also benefited from these advancements. In June 2025, Jonghun Kim and Hyunjin Park used VQGAN to compress chest X-rays into latent representations before encrypting them. By downsampling data by a factor of eight and approximating activation functions with lower-degree polynomials, they achieved efficient encrypted multi-label classification [9]. Another framework, tested in February 2026 on the MedMNIST dataset, reached 87.5% accuracy during encrypted inference with a latency of just 150 milliseconds per image - nearly matching the 88.2% accuracy of plaintext data [10].
Hardware Acceleration for Homomorphic Encryption
Hardware acceleration is proving essential for making homomorphic encryption more practical. A significant bottleneck in FHE is bootstrapping, the process of resetting noise in encrypted data, which can consume 62% to 85% of total inference time [12]. In September 2025, researchers from EPFL and Inria introduced Safhire, a hybrid framework that offloads non-linear operations to the client while processing linear layers on the server. By utilizing GPU acceleration, Safhire achieved latency reductions of 1.5 to 10.5 times and cut server-side execution time by up to 86.12 times. For instance, a ResNet-20 model on CIFAR-10 completed inference in just 13.65 seconds [12].
Ahmad Al Badawi and his team at Duality Technologies emphasized the importance of hardware in advancing FHE:
"The most promising efforts to make bootstrapping in FHE practical are focused on acceleration via hardware platforms." [11]
These hardware-driven advancements are paving the way for faster, more efficient applications of homomorphic encryption in healthcare AI, enabling secure and practical solutions without compromising patient privacy.
Implementation and Performance Benchmarks
Healthcare organizations are now actively using homomorphic encryption in real-world settings. To meet the rigorous demands of healthcare AI, practical tools and reliable benchmarks are essential for evaluating how well encrypted computation performs.
Processing Encrypted Patient Records at Scale
Homomorphic encryption allows hospitals to query Electronic Health Records (EHRs) without ever decrypting sensitive patient data. This is a game-changer for collaborative research, enabling the aggregation of patient data while keeping individual records secure [3]. For example, genome-wide association studies (GWAS) can analyze genetic markers from thousands of patients without exposing personal identifiers [2][3].
In August 2023, a team from Duality Technologies, Harvard Medical School, and Tel Aviv Sorasky Medical Center developed a toolset using multiparty Fully Homomorphic Encryption (FHE) with CKKS and BFV schemes. This project successfully conducted privacy-preserving survival analysis and logistic regression on cancer-related datasets. The results showed not only high accuracy but also scalability to larger clinical datasets [14]. A 2026 review of 31 applied studies highlighted the growing integration of homomorphic encryption in healthcare, spanning edge, cloud, and federated settings [2].
Libraries and Tools for Healthcare AI
Several libraries have emerged to support encrypted computation in healthcare:
- Microsoft SEAL: An open-source library (MIT license) designed to enable encrypted storage and computation. It helps replace traditional trust models with advanced cryptography, allowing cloud services to securely process data [13].
- OpenFHE: Backed by Duality Technologies, this framework enables collaborative analysis, such as survival analysis and logistic regression, making it ideal for multi-institutional research projects [14].
The choice of encryption scheme often depends on the specific healthcare application. For instance:
- CKKS: Best for approximate arithmetic, making it suitable for tasks like medical imaging and ECG signal analysis.
- BFV and BGV: Handle exact integers, making them a better fit for EHR data and genomic sequences [2][3].
- TFHE: Known for its ability to handle complex neural network training and inference, though it requires significant computational resources [3][1].
Performance Benchmarks
To evaluate homomorphic encryption's effectiveness, standardized metrics are essential. Experts recommend a "minimum reporting checklist" that includes client-side overhead, communication costs, and energy consumption [2].
| Benchmark Metric | Description | Importance in Healthcare |
|---|---|---|
| Client-side Overhead | Time for encryption/decryption at the data source | Critical for wearable sensors and mobile health apps |
| Communication Cost | Ciphertext size and latency per round | Key for federated learning across hospital networks |
| Ciphertext Expansion | Ratio of encrypted data size to plaintext | Affects storage for large EHR databases |
| Security Level | Estimated bits of security (e.g., ≥128-bit) | Ensures protection of sensitive genomic data |
| Energy Impact | Power consumption or battery use on devices | Important for remote patient monitoring systems |
Although homomorphic encryption is slower than plaintext operations - often 10–100× slower compared to traditional encryption like AES [1] - there are ways to optimize performance. Techniques like SIMD packing allow multiple patient records to be processed simultaneously, significantly improving throughput for large datasets [2][16]. While encrypted computation may slightly reduce model accuracy, it still delivers performance levels sufficient for practical use in healthcare analytics [15]. These benchmarks not only measure efficiency but also help manage risks in sensitive healthcare environments through integrated operations.
Challenges and Future Directions
As healthcare applications evolve, they face tough obstacles in balancing performance benchmarks with computational and integration demands. One of the biggest hurdles is computational overhead. AI workloads involve both linear operations (like matrix multiplication) and non-linear ones (such as ReLU activation functions). Word-wise encryption schemes, such as BGV, BFV, and CKKS, handle linear operations efficiently but fall short with non-linear tasks. On the other hand, bit-wise schemes like TFHE excel at non-linear operations but are painfully slow for linear computations. For instance, multiplying two 16-bit integers under TFHE encryption can take up to 30 seconds [17]. Adding to this complexity is bootstrapping, the process of resetting noise in ciphertexts, which significantly slows down operations [17].
Reducing Computational Overhead
To tackle these inefficiencies, hybrid approaches that combine selective encryption with hardware acceleration are emerging as a solution. In January 2026, researchers from the Georgia Institute of Technology, MIT, and Google introduced the CROSS compiler framework, which converts high-precision modular arithmetic into low-precision (INT8) matrix multiplications optimized for Google’s Tensor Processing Units (TPUs). When tested on TPU v6e, CROSS delivered better throughput per watt compared to GPU-based libraries like WarpDrive and FIDESlib [19].
Another promising approach involves encrypting only critical data fields or compact feature sets rather than entire models. For example, in June 2025, Abdulkadir Korkmaz and Praveen Rao presented FAS (Fast and Secure Federated Learning), which combines selective homomorphic encryption with differential privacy and bitwise scrambling. This method reduced computational overhead by 90% compared to fully encrypting all model weights [7]. These advancements are paving the way for more efficient and secure healthcare AI systems.
Post-Quantum Security in Healthcare AI
The rise of quantum computing introduces a new threat: "harvest-now–decrypt-later" attacks, where encrypted data is collected today with the goal of decrypting it in the future using quantum computers. Fortunately, lattice-based homomorphic encryption schemes like BFV, BGV, and CKKS are naturally resistant to quantum attacks because they rely on complex mathematical problems.
In March 2026, researcher Edouard Lansiaux developed the ZKFL-PQ protocol, which combines ML-KEM (FIPS 203) for quantum-resistant key encapsulation with lattice-based BFV encryption. Tested on synthetic medical imaging data across five federated clients, ZKFL-PQ successfully blocked 100% of malicious updates while maintaining complete model accuracy over 10 training rounds [18]. This demonstrates the potential of quantum-resistant methods to safeguard sensitive healthcare data.
Integration with Risk Management Platforms
Effectively managing the risks tied to homomorphic encryption requires comprehensive oversight across various teams. Platforms like Censinet RiskOps™ streamline AI policy oversight and risk management. Acting as a central hub, it routes critical assessment findings to designated stakeholders for review, much like "air traffic control" for AI risk management.
For cloud-based healthcare AI operations using homomorphic encryption, Censinet RiskOps™ automates risk assessments for encrypted data processing. Its real-time dashboard allows healthcare leaders to monitor third-party vendors, medical devices, and clinical applications that use encryption, while ensuring compliance with HIPAA and other regulatory standards. By integrating these tools, healthcare organizations can maintain the necessary human oversight for critical decisions while advancing secure AI operations.
These challenges highlight the shift from merely securing data to building privacy-preserving computational frameworks that can meet the complex demands of modern healthcare.
Conclusion
Homomorphic encryption has opened the door for AI to work with encrypted data, ensuring privacy without the need for decryption. This technology directly addresses a major vulnerability: the exposure of sensitive data during processing, or "data in use." It’s a game-changer for how healthcare organizations think about AI security. As Ekene from Pplelabs explains:
Homomorphic Encryption is the essential bridge between the absolute necessity of patient privacy and the revolutionary potential of medical AI [1].
The potential of this approach is already evident. In 2025, Fully Homomorphic Encryption (FHE) systems demonstrated their practicality with impressive results - achieving 99.56% accuracy in sleep apnea detection and 84.6% accuracy in ICU mortality prediction, all while keeping patient records encrypted [20][21]. These outcomes prove that encrypted collaborative AI training has moved from theoretical to real-world application.
However, scaling homomorphic encryption comes with its own challenges. Healthcare organizations need to balance cryptographic complexity with structured risk management. Managing third-party AI risk, cloud-based processing, and medical devices must be carefully navigated. Tools like Censinet RiskOps™ help by offering real-time dashboards that track encrypted data processing, ensuring HIPAA compliance while keeping human oversight intact.
Looking ahead, advancements in hardware acceleration and quantum-resistant encryption will further enhance the clinical applications of homomorphic encryption. Initiatives like DARPA DPRIVE are already working to significantly boost FHE performance [20]. These developments position homomorphic encryption as a cornerstone for secure and scalable healthcare AI. The focus now shifts to how quickly healthcare systems can implement this technology while maintaining the governance needed to protect patient safety and meet regulatory standards.
FAQs
When should a hospital use PHE vs SHE vs FHE?
Hospitals need to decide between Partial Homomorphic Encryption (PHE), Somewhat Homomorphic Encryption (SHE), and Fully Homomorphic Encryption (FHE) based on their specific data security and processing requirements.
- PHE works well for straightforward tasks such as secure data storage or simple computations.
- SHE is suitable for handling limited operations, making it a good fit for moderate processing needs.
- FHE stands out for advanced tasks, such as encrypted AI model training or performing complex analytics, all while maintaining the highest level of data privacy and security.
How much slower is AI on encrypted healthcare data in practice?
Encryption in healthcare data processing can slow down AI operations significantly. It tends to increase CPU usage by 15–30%, while storage latency rises by 5–20%, and network latency adds an extra 50–100 milliseconds. These performance changes are crucial factors to weigh when deploying secure AI solutions in healthcare settings.
What does it take to deploy HE securely in the cloud and stay HIPAA-compliant?
Deploying homomorphic encryption (HE) securely in the cloud while staying HIPAA-compliant involves a few key practices to safeguard sensitive healthcare data. Start by using strong encryption protocols, such as AES-256 for data at rest and TLS 1.2 or later for data in transit. These standards ensure that data remains secure whether it's stored or being transmitted.
For key management, rely on tools like Hardware Security Modules (HSMs) to securely generate, store, and handle encryption keys. Robust key management is critical to prevent unauthorized access to encrypted data.
Additionally, work closely with your cloud provider. Establish Business Associate Agreements (BAAs) to ensure they adhere to HIPAA requirements and maintain proper oversight. This step not only helps with compliance but also ensures that your vendor is aligned with protecting healthcare data effectively.
