Privacy preserving data governance in cross border Telemedicine using federated learning and differential Privacy in Kenya.

Abstract

This thesis presents an auditable, privacy-preserving learning workflow for Kenyan cross-border telemedicine. Hospitals train models locally and share only model signals, so raw EHRs remain in country. Using synthetic Synthea EHRs, 3,459 records are partitioned across seven hospitals in Kenya, Tanzania, and Uganda to compare a centralized baseline, federated learning (FL), and FL with client-side differential privacy (DP). Random Forests are trained per site; probability-level fusion forms a global prediction without parameter averaging. The threat model covers a black-box external adversary and an honest-but-curious coordinator. We quantify privacy risk with membership-inference AUC and a model-inversion attack, and we log ε, δ, clipping C, noise σ, model hashes, rounds, and attack scores in an ε-register for audit. FL improves utility while maintaining localization: accuracy rises from 0.616 to 0.682 and F1 from 0.706 to 0.772, with positive-class recall reaching 0.844. Adding DP at ε = 0.30 reduces model-inversion success from 0.696 (centralized) to 0.638 (FL+DP), an absolute drop of about 8.4%, with membership-inference AUC near 0.50 (≈ random). Utility remains tunable at the chosen privacy budget, for example accuracy near 0.530 and F1 near 0.593 at ε = 0.30. The originality is practical: DP-bounded FL is paired with an attacker simulator and an ε-register that turns privacy into an operational, auditable control aligned with Kenya’s Data Protection Act and GDPR transfer principles. The dataset is synthetic and not clinically validated for East African representativeness, so results indicate technical feasibility; a regulated hospital pilot is the next step.