Description:TECHNICAL FIELD
[0001] The present disclosure relates to the field of electronic digital data processing and transmission of digital information, and more specifically to a system and method for secure, hierarchical encryption and transmission of medical or health data.

BACKGROUND
[0002] Digitization of patient records and medical imaging has revolutionized diagnostics and treatment planning. However, the digitization has introduced significant challenges concerning the privacy and security of sensitive medical data. Ensuring the confidentiality of patient information is not only a legal obligation but also crucial for maintaining trust in healthcare systems.
[0003] Traditional encryption methods have been employed to protect medical data during storage and transmission. While such methods offer a foundational level of security, the methods often necessitate decryption for data processing, thereby exposing the data to potential breaches during computation. The exposure is particularly concerning in collaborative environments where multiple entities, such as hospitals and research institutions, need to access and analyze shared data.
[0004] Federated Learning (FL) has emerged as a promising solution to facilitate collaborative machine learning without the need to exchange raw data. In an FL setup, local models are trained on-site, and only the model updates are shared with a central server, thus preserving data locality and privacy. However, even with FL, there remains a risk of sensitive information being inferred from the shared model updates, especially if malicious actors gain access to the aggregated data.
[0005] To address the vulnerabilities, homomorphic encryption (HE) has been integrated with FL to enhance data security. HE allows computations to be performed directly on encrypted data, producing encrypted results that can be decrypted only by authorized parties. This means that even during processing, the data remains encrypted, mitigating the risk of exposure. The combination of FL and HE enables collaborative model training while ensuring that sensitive medical data is neither exchanged nor exposed during the process.
[0006] Despite such advancements, existing solutions often lack a hierarchical encryption framework tailored to the varying sensitivity levels of different data components. For instance, patient identifiers, medical images, and diagnostic reports each have distinct privacy requirements and access controls. A one-size-fits-all encryption approach may either overprotect certain data, hindering usability, or underprotect it, compromising privacy.
[0007] Furthermore, the dynamic nature of medical data access, where different stakeholders require varying levels of information, necessitates a flexible yet secure system. Current methodologies may not adequately address the need for role-based access controls that align with the principle of least privilege, ensuring that individuals access only the information necessary for their specific roles.
[0008] To overcome at least the aforementioned limitations, there is a need for a system and a method that integrates federated learning with hierarchical, model-driven encryption to enable secure, recipient-specific encryption and transmission of medical datasets, ensuring privacy preservation and compliance with regulatory standards.

OBJECTS OF THE PRESENT DISCLOSURE
[0009] A general object of the present disclosure is to provide a system and method for secure, hierarchical encryption and transmission of medical dataset.
[0010] Another object of the present disclosure is to enable selective encryption of patient information data, medical images, and diagnostic information using machine learning models tailored to each data type.
[0011] Another object of the present disclosure is to assign hierarchical encryption levels to medical dataset based on characteristics of one or more recipients, such as role, purpose of access, or institutional privacy rules.
[0012] Another object of the present disclosure is to dynamically generate access policy profiles that govern decryption privileges for different types of medical dataset components.
[0013] Another object of the present disclosure is to assemble encrypted patient information data, encrypted medical images, and encrypted diagnostic information into a composite encrypted data package annotated with access control metadata.
[0014] Another object of the present disclosure is to transmit the composite encrypted data package securely over an end-to-end encrypted communication channel to authorized recipients.
[0015] Another object of the present disclosure is to enforce role-based access control through selective decryption, ensuring that each recipient can access only the data components authorized by the access policy profile.

SUMMARY
[0016] Aspects of the present disclosure generally relate to the field of electronic digital data processing and transmission of digital information, and more specifically to a system and method for secure, hierarchical encryption and transmission of medical or health data.
[0017] An aspect of the present disclosure pertains to a system for secure, hierarchical encryption and transmission of medical data. The system includes a processor and a memory communicatively coupled to the processor. The memory stores instructions that, when executed by the processor, cause the processor to receive at least one medical dataset. The processor is configured to extract, from the medical dataset, a first set of information including patient information data, a second set of information including at least one medical image, and a third set of information including diagnostic information. The processor is also configured to encrypt the first set of information using a generative model configured to produce multiple encryption layers corresponding to different levels of identity detail.
[0018] Further, the processor is also configured to encrypt the second set of information using a CycleGAN-based image-to-image translation model configured to obfuscate content and apply region-specific encryption based on anatomical relevance. The processor is also configured to encrypt the third set of information using a transformer-based model configured to tokenize and apply selective encryption based on clinical detail. The processor is configured to assign hierarchical encryption levels across the encrypted first, second, and third sets of information, wherein each level corresponds to characteristics of one or more recipients. The processor is also configured to generate an access policy profile mapping the characteristics of the one or more recipients to authorized decryption levels. The processor is also configured to assemble the encrypted first, second, and third sets of information into a composite encrypted data package annotated with access control metadata, and to transmit the composite encrypted data package over a secure communication channel to the one or more recipients in accordance with the access policy profile.
[0019] In one embodiment, the generative model used to encrypt the first set of information is trained in a federated learning environment across multiple healthcare nodes without sharing raw patient information data.
[0020] In one embodiment, the CycleGAN-based image-to-image translation model is configured to segment the second set of information into at least one region of interest and one or more peripheral regions, and to apply different encryption intensities to each region based on anatomical relevance.
[0021] In one embodiment, the transformer-based model is configured to generate separate encryption layers within the third set of information for summary-level insights, full-text diagnostic narratives, and raw diagnostic signals or outputs.
[0022] In one embodiment, the access policy profile is dynamically generated based on the characteristics of the one or more recipients, the characteristics including at least one of: a recipient role, an intended use case, and institutional privacy rules.
[0023] In one embodiment, the composite encrypted data package includes embedded access control metadata specifying allowed decryption levels for each of the encrypted first, second, and third sets of information.
[0024] In one embodiment, the secure communication channel includes an end-to-end encrypted transport protocol configured to support access logging and transmission validation.
[0025] In one embodiment, the processor is further configured to selectively transmit only those portions of the composite encrypted data package that correspond to the authorized decryption levels associated with a given recipient's access policy profile.
[0026] In one embodiment, decryption of the composite encrypted data package requires both possession of a cryptographic key and a verified authorization token matched to the characteristics of the recipient as defined in the access policy profile.
[0027] Another aspect of the present disclosure pertains to a method for secure, hierarchical encryption and transmission of medical data. The method includes receiving at least one medical dataset. The method also includes extracting, from the medical dataset, a first set of information including patient information data, a second set of information including at least one medical image, and a third set of information including diagnostic information. The method also includes encrypting the first set of information using a generative model configured to produce multiple encryption layers corresponding to different levels of identity detail. The method also includes encrypting the second set of information using a CycleGAN-based image-to-image translation model configured to obfuscate content and apply region-specific encryption based on anatomical relevance. The method also includes encrypting the third set of information using a transformer-based model configured to tokenize and apply selective encryption based on clinical detail.
[0028] Further, the method also includes assigning hierarchical encryption levels across the encrypted first, second, and third sets of information. Herein, each level corresponds to characteristics of one or more recipients; generating an access policy profile mapping the characteristics of the one or more recipients to authorized decryption levels. The method also includes assembling the encrypted first, second, and third sets of information into a composite encrypted data package annotated with access control metadata. The method also includes transmitting the composite encrypted data package over a secure communication channel to the one or more recipients in accordance with the access policy profile.
[0029] Various objects, features, aspects, and advantages of the inventive subject matter will become more apparent from the following detailed description of preferred embodiments, along with the accompanying drawing figures in which like numerals represent like components.

BRIEF DESCRIPTION OF THE DRAWINGS
[0030] The accompanying drawings, which are incorporated herein, and constitute a part of this disclosure, illustrate exemplary embodiments of the disclosed methods and systems which like reference numerals refer to the same parts throughout the different drawings. Components in the drawings are not necessarily to scale, emphasis instead being placed upon clearly illustrating the principles of the present disclosure. Some drawings may indicate the components using block diagrams and may not represent the internal circuitry of each component. It will be appreciated by those skilled in the art that disclosure of such drawings includes the disclosure of electrical components, electronic components, or circuitry commonly used to implement such components.
[0031] FIG. 1 illustrates an exemplary block diagram of a system (100), in accordance with an embodiment of the present disclosure.
[0032] FIG. 2 illustrates an exemplary block diagram of a server system (200), in accordance with an embodiment of the present disclosure.
[0033] FIG. 3 illustrates an exemplary flow chart of method (300), in accordance with an embodiment of the present disclosure.
[0034] The foregoing shall be more apparent from the following more detailed description of the disclosure.

DETAILED DESCRIPTION
[0035] In the following description, for the purposes of explanation, various specific details are set forth in order to provide a thorough understanding of embodiments of the present disclosure. It will be apparent, however, that embodiments of the present disclosure may be practiced without these specific details. Several features described hereafter can each be used independently of one another or with any combination of other features. An individual feature may not address all of the problems discussed above or might address only some of the problems discussed above. Some of the problems discussed above might not be fully addressed by any of the features described herein.
[0036] The ensuing description provides exemplary embodiments only and is not intended to limit the scope, applicability, or configuration of the disclosure. Rather, the ensuing description of the exemplary embodiments will provide those skilled in the art with an enabling description for implementing an exemplary embodiment. It should be understood that various changes may be made in the function and arrangement of elements without departing from the spirit and scope of the disclosure as set forth.
[0037] The following is a detailed description of embodiments of the disclosure depicted in the accompanying drawings. The embodiments are in such detail as to clearly communicate the disclosure. If the specification states a component or feature “may”, “can”, “could”, or “might” be included or have a characteristic, that particular component or feature is not required to be included or have the characteristic.
[0038] As used in the description herein and throughout the claims that follow, the meaning of “a,” “an,” and “the” includes plural reference unless the context clearly dictates otherwise. Also, as used in the description herein, the meaning of “in” includes “in” and “on” unless the context clearly dictates otherwise.
[0039] Existing medical data protection systems do not distinguish between different categories of medical data, such as patient information data, medical images, and diagnostic information, nor do they offer recipient-specific access control at a component level. Uniform encryption approaches expose either too much or too little information, limiting practical usability while failing to prevent unnecessary data exposure. Moreover, conventional systems lack support for hierarchical encryption or dynamic access policy generation based on characteristics of one or more recipients, making them unsuitable for multi-role healthcare environments requiring differentiated access based on recipient roles, intended use case, or institutional privacy rules.
[0040] The present disclosure provides a system and a server system configured to enable secure, hierarchical encryption and transmission of medical data. The system includes a processor and a memory configured to receive a medical dataset including patient information data, medical images, and diagnostic information. The processor is configured to encrypt the patient information data using a generative model, the medical images using a CycleGAN-based image-to-image translation model, and the diagnostic information using a transformer-based model. The processor assigns hierarchical encryption levels to the encrypted patient information data, the encrypted medical images, and the encrypted diagnostic information based on characteristics of one or more recipients. An access policy profile is generated mapping the characteristics of the one or more recipients to authorized decryption levels. The encrypted data components are assembled into a composite encrypted data package annotated with access control metadata and transmitted over a secure communication channel in accordance with the access policy profile.
[0041] The present disclosure enables secure and granular access control by linking hierarchical encryption levels of the encrypted patient information data, the encrypted medical images, and the encrypted diagnostic information to characteristics of one or more recipients. As a result, the composite encrypted data package can be selectively decrypted by each recipient in accordance with the access policy profile, thereby reducing the risk of overexposure of sensitive medical dataset. The ability to apply differentiated encryption techniques and enforce component-wise decryption rules enhances data security, supports recipient-specific authorization, and facilitates compliant transmission and access of medical dataset across varied clinical and institutional roles.
[0042] The following is a detailed description of embodiments of the disclosure depicted in the accompanying drawings. The embodiments are in such detail as to clearly communicate the disclosure. However, the amount of detail offered is not intended to limit the anticipated variations of embodiments; on the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the scope of the present disclosures as defined by the appended claims.
[0043] Embodiments explained herein relate to the field of electronic digital data processing and transmission of digital information, and more specifically to a system and method for secure, hierarchical encryption and transmission of medical or health data.
[0044] The various embodiments throughout the disclosure will be explained in more detail with reference to FIGs. 1-3.
[0045] FIG. 1 illustrates an exemplary block diagram of a system (100) for secure, hierarchical encryption and transmission of medical data is illustrated, in accordance with one or more embodiments of the present disclosure. The system (100) may also be referred to as a computer system (100) in which or with which embodiments of the present disclosure may be implemented.
[0046] As shown in FIG. 1, the computer system (100) may include an external storage device (110), a bus (120), a main memory (130) (may also be referred as a memory (130)), a read-only memory (140), a mass storage device (150), a communication port(s) (160), and a processor (170). A person skilled in the art will appreciate that the computer system (100) may include more than one processor and communication ports. The processor (170) may include various modules associated with embodiments of the present disclosure. The communication port(s) (160) may be any of an RS-232 port for use with a modem-based dialup connection, a 10/100 Ethernet port, a Gigabit or 10 Gigabit port using copper or fiber, a serial port, a parallel port, or other existing or future ports. The communication ports(s) (160) may be chosen depending on a network, such as a Local Area Network (LAN), Wide Area Network (WAN), or any network to which the computer system (100) connects.
[0047] In an embodiment, the main memory (130) may be Random Access Memory (RAM), or any other dynamic storage device commonly known in the art. The read-only memory (140) may be any static storage device(s) e.g., but not limited to, a Programmable Read Only Memory (PROM) chip for storing static information e.g., start-up or basic input/output system (BIOS) instructions for the processor (170). The mass storage device (150) may be any current or future mass storage solution, which can be used to store information and/or instructions. Exemplary mass storage solutions include, but are not limited to, Parallel Advanced Technology Attachment (PATA) or Serial Advanced Technology Attachment (SATA) hard disk drives or solid-state drives (internal or external, e.g., having Universal Serial Bus (USB) and/or Firewire interfaces).
[0048] In an embodiment, the bus (120) may communicatively couple the processor(s) (170) with the other memory, storage, and communication blocks. The bus (120) may be, e.g. a Peripheral Component Interconnect PCI) / PCI Extended (PCI-X) bus, Small Computer System Interface (SCSI), USB, or the like, for connecting expansion cards, drives, and other subsystems as well as other buses, such a front side bus (FSB), which connects the processor (170) to the computer system (100).
[0049] In another embodiment, operator, and administrative interfaces, e.g., a display, keyboard, and cursor control device may also be coupled to the bus (120) to support direct operator interaction with the computer system (100). Other operator and administrative interfaces can be provided through network connections connected through the communication port(s) (160). Components described above are meant only to exemplify various possibilities. In no way should the aforementioned exemplary computer system (100) limit the scope of the present disclosure.
[0050] In one embodiment, the memory (130) may be communicatively coupled to the processor (170) and may include instructions that, when executed by the processor (170), may cause the processor (170) to receive a medical dataset . The processor (170) may also be configured to extract, from the medical dataset, a first set of information including patient information data, a second set of information including at least one medical image, and a third set of information including diagnostic information. The processor (170) may also be configured to encrypt the first set of information using a generative model configured to produce multiple encryption layers corresponding to different levels of identity detail. The processor (170) may also be configured to encrypt the second set of information using a CycleGAN-based image-to-image translation model configured to obfuscate content and apply region-specific encryption based on anatomical relevance. The processor (170) may also be configured to encrypt the third set of information using a transformer-based model configured to tokenize and apply selective encryption based on clinical detail. The processor (170) may also be configured to assign hierarchical encryption levels across the encrypted first set of information, the encrypted second set of information, and the encrypted third set of information, wherein each level corresponds to characteristics of one or more recipients.
[0051] Further, the processor (170) may also be configured to generate an access policy profile mapping the characteristics of the one or more recipients to authorized decryption levels. The processor (170) may also be configured to assemble the encrypted first set of information, the encrypted second set of information, and the encrypted third set of information into a composite encrypted data package annotated with access control metadata. The processor (170) may also be configured to transmit the composite encrypted data package over a secure communication channel to the one or more recipients in accordance with the access policy profile.
[0052] In one exemplary embodiment, the system (100) may receive a medical dataset that may include patient information data, one or more medical images, and diagnostic information. The medical dataset may represent a collection of digital healthcare-related data elements organized for processing and transmission. The patient information data may include one or more items of personally identifiable or semi-identifiable information associated with a patient. Examples of the patient information data may include a patient identifier, name, age, gender, date of birth, insurance information, contact information, and administrative metadata such as hospital unit, attending physician, or admission timestamp.
[0053] The medical images may include visual diagnostic data captured through medical imaging modalities. Examples of the medical images may include MRI scans, computed tomography (CT) scans, X-ray images, ultrasound images, or digital pathology images. The medical images may be represented in one or more image formats such as DICOM, PNG, or JPEG, and may correspond to single-frame or multi-frame image series captured during a diagnostic procedure.
[0054] The diagnostic information may include medical interpretations, findings, or coded representations associated with the patient’s condition or the content of the medical images. Examples of the diagnostic information may include radiology reports, pathology reports, laboratory summaries, diagnosis codes (e.g., ICD-10), risk assessment scores, or structured data outputs generated by clinical decision support systems. In some embodiments, the diagnostic information may be in the form of natural language text, structured tables, or symbolic representations. In one embodiment, the medical dataset may be assembled dynamically in response to a transmission request, or pre-generated and stored in association with a patient record in a healthcare data repository.
[0055] In one exemplary embodiment, the system (100) may be configured to encrypt the patient information data using a generative model. The generative model may be a machine learning model, such as a variational autoencoder (VAE) or a generative adversarial network (GAN), which may be trained to learn representations of structured identity attributes present in the patient information data.
[0056] The generative model may be configured to produce multiple encryption layers, where each layer may correspond to a different level of identity detail. For example, a first layer may include only high-level demographic categories (e.g., age group, region), a second layer may include pseudonymized identifiers (e.g., hashed patient ID), and a third layer may include full identifying information (e.g., name, date of birth, insurance number).
[0057] In one exemplary embodiment, the generative model may be implemented as a variational autoencoder (VAE). The VAE may be trained on patient information data to learn a compressed latent representation of identity features. During encryption, the patient information data may be passed through an encoder network that transforms the data into a latent distribution, from which samples are drawn and used to reconstruct the data through a decoder network. The latent samples may serve as obfuscated or encrypted representations of the original data. By varying the sampling resolution or truncating certain latent dimensions, the system (100) may generate multiple encryption layers with increasing or decreasing levels of identity detail, allowing access control mechanisms to reveal only the appropriate layer based on recipient permissions.
[0058] In one exemplary embodiment, the generative model may be implemented as a generative adversarial network (GAN). The GAN may include a generator network that may be trained to produce synthetic representations of patient information data that are statistically similar to the real data but do not contain exact identity matches. A discriminator network may evaluate the similarity between real and generated outputs during training. Once trained, the generator may be used to produce obfuscated or surrogate data instances at varying levels of fidelity. The system (100) may use the obfuscated or surrogate outputs to form multiple encryption layers by modulating the generator’s conditioning parameters, such that each layer reveals progressively more identity-specific characteristics as permitted by the access policy profile.
[0059] In one exemplary embodiment, the system (100) may be configured to encrypt the medical images using a CycleGAN-based image-to-image translation model. A CycleGAN, or Cycle-Consistent Generative Adversarial Network, is a type of generative model architecture that may be used to learn mappings between two visual domains without requiring paired training data. The CycleGAN-based model may include two generator networks and two discriminator networks that are jointly trained to enforce cycle consistency, that is, a transformation from domain A to domain B and back should result in an image similar to the original. In the context of the present disclosure, the medical images may represent domain A (real domain), and the encrypted or obfuscated image space may represent domain B.
[0060] The CycleGAN-based image-to-image translation model may be trained to translate medical images from the real image domain to an obfuscated or encrypted image domain. During inference, the medical images may be passed through the trained generator to produce visually altered versions that preserve anatomical structure necessary for clinical use while concealing sensitive or identifiable visual features. The transformed output may serve as the encrypted representation of the medical images suitable for secure transmission and selective access.
[0061] In some embodiments, the CycleGAN-based image-to-image translation model may be further configured to perform region-specific encryption based on anatomical relevance. The system (100) may segment the medical images into anatomically significant regions—such as lesions, tumors, or organs—and background or peripheral regions. The model may then apply stronger or selective obfuscation to the anatomically relevant regions while preserving visual integrity in less sensitive areas, which may enable partial decryption or selective viewing of specific medical regions by authorized recipients, in accordance with the access policy profile.
[0062] In one exemplary embodiment, the system (100) may be configured to encrypt the diagnostic information using a transformer-based model. The transformer-based model may include an encoder architecture capable of processing unstructured or semi-structured clinical text such as radiology reports, diagnostic summaries, or AI-generated interpretations. The diagnostic information may first be tokenized, meaning it may be segmented into individual words, phrases, or semantic units using the tokenizer associated with the transformer model. The tokenization may enable fine-grained control over which parts of the text are subject to encryption.
[0063] In one exemplary embodiment, the transformer-based model may be configured to apply selective encryption based on the clinical detail associated with each token or segment. For example, high-sensitivity elements—such as patient identifiers embedded in free text, rare disease mentions, or critical findings—may be encrypted more strongly than general observations or standard phrases. The model may use learned attention scores or clinical context labels to determine encryption strength on a per-token basis, which may allow the system (100) to generate multiple layers of encrypted diagnostic information, enabling role-based access to varying levels of clinical insight in accordance with the access policy profile.
[0064] In one exemplary embodiment, the system (100) may be configured to assign hierarchical encryption levels to the encrypted patient information data, the encrypted medical images, and the encrypted diagnostic information included within a composite encrypted data package. Each hierarchical encryption level may define a distinct access tier that specifies the extent to which the corresponding encrypted data may be decrypted or interpreted. For example, a first encryption level associated with the encrypted patient information data may expose only age and gender, while a higher encryption level may reveal full identifiers and contact information. Similarly, the encrypted medical images and the encrypted diagnostic information may each be structured into layered representations, enabling selective exposure of anatomical or clinical detail based on access control policies.
[0065] Further, in one exemplary embodiment, each hierarchical encryption level may correspond to one or more characteristics of a recipient, such as a predefined role in a healthcare workflow, an intended use case, or one or more applicable institutional privacy rules. For instance, a recipient identified as a radiologist may be granted access to high-resolution encrypted medical images and full narrative encrypted diagnostic information, whereas a recipient identified as a billing officer may be permitted to access only pseudonymized encrypted patient information data and diagnostic codes. The system (100) may determine the appropriate encryption level for each of the encrypted patient information data, the encrypted medical images, and the encrypted diagnostic information by evaluating the characteristics of one or more recipients.
[0066] In some embodiments, the characteristics of one or more recipients may be derived from predefined access control policies, user authentication metadata, or contextual attributes. Such characteristics may include, but are not limited to, a recipient's clinical specialization, operational role, institutional affiliation, geographic location, or task-specific authorization tokens. The system (100) may apply the hierarchical encryption logic independently to each of the encrypted patient information data, the encrypted medical images, and the encrypted diagnostic information, such that each type of encrypted data may be independently controlled and disclosed based on the recipient-specific access profile.
[0067] The assignment of hierarchical encryption levels based on the characteristics of one or more recipients may enable the system (100) to support secure, role-aware, and purpose-constrained access to sensitive medical dataset. For example, the encrypted diagnostic information may be made accessible in its full textual form to a hospital-based pathologist, while only structured diagnostic codes may be viewable by an external billing entity or administrative user responsible for insurance claims processing. Similarly, the encrypted medical images may be made accessible at full resolution for licensed clinical specialists, while remaining blurred or anatomically anonymized when accessed by non-clinical personnel for secondary review or audit purposes. Such a layered access mechanism may provide a foundation for traceable, policy-driven data sharing in compliance with medical privacy regulations and institutional governance protocols.
[0068] In one exemplary embodiment, the system (100) may be configured to generate an access policy profile that defines decryption privileges associated with the encrypted patient information data, the encrypted medical images, and the encrypted diagnostic information. The access policy profile may be constructed based on the characteristics of one or more recipients, wherein the characteristics may include at least one of: recipient roles (e.g., physician, technician, researcher), intended use case (e.g., diagnosis, audit, billing), and institutional privacy rules (e.g., hospital-specific access restrictions, jurisdictional compliance policies).
[0069] The mapping within the access policy profile may associate each characteristic of one or more recipients with a permitted decryption level for each of the encrypted patient information data, the encrypted medical images, and the encrypted diagnostic information. For example, the access policy profile may specify that a clinical radiologist may be authorized to decrypt high-resolution encrypted medical images and full narrative encrypted diagnostic information, while a medical records officer may only decrypt abstracted patient information data and structured diagnosis codes. The access policy profile may be generated dynamically based on characteristics of one or more recipients provided during authentication or determined from predefined role-based access configurations, and may be updated periodically or in real-time as recipient access conditions change.
[0070] In one exemplary embodiment, the system (100) may be configured to assemble the encrypted patient information data, the encrypted medical images, and the encrypted diagnostic information into a unified composite encrypted data package. The assembly process may include organizing each encrypted data component into a structured format such that the resulting composite encrypted data package can be transmitted, stored, or accessed as a single logical unit. The format of the composite encrypted data package may follow a containerized structure (e.g., a nested JSON object, a multipart MIME message, or a secure DICOM encapsulation) that preserves the independence of each encrypted component while enabling bundled processing.
[0071] In one exemplary embodiment, the composite encrypted data package may include access control metadata encoded using a structured, machine-readable format such as JavaScript Object Notation (JSON) or Extensible Markup Language (XML). The access control metadata may specify the hierarchical encryption level, associated recipient role, and permitted decryption scope for each of the encrypted patient information data, the encrypted medical images, and the encrypted diagnostic information. Use of structured metadata formats may enable consistent interpretation and enforcement of access policy profiles across heterogeneous systems, including electronic health record systems, hospital information systems, and third-party recipient platforms. In some embodiments, the system (100) may generate metadata in a format selected based on the capabilities of the recipient system, allowing for dynamic adaptation of structure of the medical dataset or the composite encrypted data package to meet interoperability or integration requirements.
[0072] The composite encrypted data package may be annotated with access control metadata that defines how each encrypted data component may be to be handled with respect to access permissions and decryption policies. The access control metadata may include, for each of the encrypted patient information data, the encrypted medical images, and the encrypted diagnostic information: a hierarchical encryption level identifier, one or more recipient characteristics required for decryption, references to the applicable access policy profile, and cryptographic metadata such as key identifiers or digital signatures.
[0073] In some embodiments, the access control metadata may also include optional elements such as encryption timestamps, model version identifiers used during encryption, source system identifiers, and access logging configurations. The access control metadata may enable recipient systems to evaluate access permissions and selectively decrypt only the encrypted data components authorized for the recipient’s role and context, without requiring centralized intervention or disclosure of non-authorized data.
[0074] In one exemplary embodiment, the system (100) may be configured to transmit the composite encrypted data package to one or more recipients over a secure communication channel, in accordance with the applicable access policy profile. The transmission may occur in response to a data access request initiated by a recipient system or may be part of a scheduled or event-triggered dispatch process. The recipient may be a healthcare professional, institution, or system that has been authenticated and whose access characteristics have been evaluated against the access policy profile.
[0075] The secure communication channel may include an encrypted transport mechanism that ensures the confidentiality, integrity, and authenticity of the composite encrypted data package during transmission. In one embodiment, the secure communication channel may use standard end-to-end encryption protocols, such as Transport Layer Security (TLS), HTTPS with mutual authentication, or Virtual Private Network (VPN) tunnels. In another embodiment, the system (100) may implement a hybrid encryption scheme, where symmetric keys used for encrypting the composite encrypted data package are themselves encrypted using recipient-specific public keys prior to transmission.
[0076] The secure communication channel may further support access logging, session validation, and tamper-evidence mechanisms. For example, transmission metadata may include digital timestamps, sender and recipient cryptographic signatures, and communication integrity hashes, which may be used to validate that the composite encrypted data package has not been modified or intercepted during transit. In some embodiments, the secure communication channel may comply with industry-specific data transfer standards, such as HL7 over TLS for clinical systems, or secure messaging frameworks like Direct Messaging in accordance with healthcare interoperability protocols.
[0077] The transmission operation may be governed by the access policy profile, which may dictate conditions under which the transmission may be permitted, such as recipient authentication level, time-of-day restrictions, geographic boundaries, or urgency levels. The system (100) may withhold transmission or selectively exclude one or more data components, such as the encrypted patient information data, the encrypted medical images, or the encrypted diagnostic information, if the access policy profile determines that the characteristics of the recipient do not meet the required decryption criteria for that specific encrypted data component.
[0078] In one embodiment, the generative model used to encrypt the first set of information may be trained in a federated learning environment across multiple healthcare nodes without sharing raw patient information data. The federated learning environment may allow each healthcare node to locally train on patient information data and share model updates, such as gradients or weights, with a central aggregator. The central aggregator may update the generative model without ever receiving or accessing raw patient information data from the participating healthcare nodes, thereby preserving patient privacy and meeting jurisdiction-specific data residency requirements.
[0079] In one embodiment, the CycleGAN-based image-to-image translation model may be configured to segment the second set of information into at least one region of interest and one or more peripheral regions, and apply different encryption intensities to each region based on anatomical relevance. The segmentation may be guided by an anatomical relevance map or a pre-trained region detection module that identifies diagnostically critical zones within the medical image. The CycleGAN-based image-to-image translation model may apply high-strength obfuscation or transformation to the regions of interest while applying minimal encryption or compression to the peripheral areas of the medical image to retain contextual visual cues.
[0080] In one embodiment, the transformer-based model may be configured to generate separate encryption layers within the third set of information for summary-level insights, full-text diagnostic narratives, and raw diagnostic signals or outputs. The transformer-based model may tokenize the diagnostic information and assign tokens to one of the three encryption categories based on semantic importance, medical terminology sensitivity, or regulatory classification. Each encryption layer may be independently encrypted and referenced within access control metadata to allow selective decryption depending on the characteristics of the one or more recipients.
[0081] In one embodiment, the access policy profile may be dynamically generated based on the characteristics of the one or more recipients, the characteristics including at least one of: a recipient role, an intended use case, and institutional privacy rules. The access policy profile may be generated at runtime by querying a role-based access control registry, a recipient profile database, or an institutional compliance module. The dynamically generated access policy profile may associate each encrypted data component, namely, the encrypted patient information data, the encrypted medical images, and the encrypted diagnostic information, with authorized decryption levels mapped to the evaluated characteristics of the one or more recipients.
[0082] In one embodiment, the composite encrypted data package may include embedded access control metadata specifying allowed decryption levels for each of the encrypted first set of information, the encrypted second set of information, and the encrypted third set of information. The embedded access control metadata may explicitly define which hierarchical encryption level of each of the encrypted patient information data, the encrypted medical images, and the encrypted diagnostic information may be accessible to a given recipient. The access control metadata may be encoded using a structured format such as JSON, XML, or DICOM metadata extensions, and may be digitally signed to ensure integrity and prevent tampering.
[0083] In one embodiment, the secure communication channel may include an end-to-end encrypted transport protocol configured to support access logging and transmission validation. The secure communication channel may implement TLS (Transport Layer Security), VPN tunnels, or application-layer encryption protocols such as Secure/Multipurpose Internet Mail Extensions (S/MIME) or JavaScript Object Notation (JSON) Web Encryption (JWE) to prevent interception or replay of the composite encrypted data package. Access logging may be enabled through the generation of session-specific log entries containing recipient identifiers, timestamp, origin of transmission, and a cryptographic hash of the composite encrypted data package for verification purposes.
[0084] In one embodiment, the processor (170) may be further configured to selectively transmit only those portions of the composite encrypted data package that correspond to the authorized decryption levels associated with a given recipient's access policy profile. The processor may evaluate the access policy profile and the embedded access control metadata to determine which of the encrypted patient information data, the encrypted medical images, and the encrypted diagnostic information are authorized for transmission to the recipient. Non-authorized data components may be excluded from the transmission payload entirely, or retained in encrypted form but rendered inaccessible by withholding decryption keys or metadata references.
[0085] In one embodiment, decryption of the composite encrypted data package may require both possession of a cryptographic key and a verified authorization token matched to the characteristics of the recipient as defined in the access policy profile. The cryptographic key may be issued through a key management system associated with the data owner, while the role-based authorization token may be generated by an identity and access management service based on the recipient's verified role, intended use case, and institutional affiliation. The system (100) may validate both the cryptographic key and the authorization token before enabling decryption of any of the encrypted patient information data, the encrypted medical images, or the encrypted diagnostic information.
[0086] In one exemplary embodiment, the system (100) may be configured to support privacy compliance by enforcing recipient-specific encryption and access restrictions. By assigning hierarchical encryption levels to the encrypted patient information data, the encrypted medical images, and the encrypted diagnostic information based on characteristics of one or more recipients, the system (100) may ensure that only the minimum necessary data may be accessible to each recipient. The access policy profile may reflect institutional privacy rules or regulatory constraints, and may be used to selectively permit or deny decryption of individual data components. This configuration may reduce the risk of overexposure of sensitive medical dataset and may support compliance with applicable data protection laws such as the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), or other jurisdiction-specific healthcare privacy standards.
[0087] In one exemplary embodiment, the system (100) may utilize a CycleGAN-based image-to-image translation model for encrypting the medical images due to its ability to perform unpaired domain translation while preserving spatial structure. Medical imaging data often lacks access to paired datasets that correspond to encrypted or obfuscated equivalents. The CycleGAN-based image-to-image translation model may be trained to map real medical images to a synthetic domain that may be visually altered yet structurally consistent, thereby enabling encryption through learned transformation. The cycle-consistency constraint inherent to the CycleGAN-based image-to-image translation model may ensure that the transformed medical image remains reversible to the extent needed for authorized interpretation while concealing diagnostically sensitive or personally identifiable visual features. Furthermore, the CycleGAN-based image-to-image translation model may support region-specific transformation by integrating attention or segmentation masks, allowing targeted encryption of anatomically relevant areas while maintaining peripheral context. This makes the CycleGAN-based image-to-image translation model particularly suitable for privacy-preserving transmission and controlled access to high-resolution medical imaging data.
[0088] Referring now to FIG. 2, an exemplary block diagram of a server system (200) for secure, hierarchical encryption and transmission of medical data is illustrated, in accordance with one or more embodiments of the present disclosure.
[0089] Referring to FIG. 2, in one embodiment, the server system (200) may include one or more processor(s) (202). The processor(s) (202) may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, logic circuitries, or any combination thereof configured to process data based on operational instructions. The processor(s) (202) may be configured to fetch and execute computer-readable instructions stored in a memory (204) of the server system (200). The memory (204) may include one or more non-transitory computer-readable storage media configured to store executable instructions and data structures. The memory (204) may include volatile memory such as random-access memory (RAM) and/or non-volatile memory such as read-only memory (ROM), erasable programmable ROM (EPROM), flash memory, or any combination thereof.
[0090] In one embodiment, the server system (200) may include one or more interface(s) (206). The interface(s) (206) may include hardware and/or software interfaces configured to enable communication with input/output devices, peripheral subsystems, or external systems over a communication network. The interface(s) (206) may also facilitate communication between internal components of the server system (200), including the processing engine(s) (208) and the database (210).
[0091] In one embodiment, the processing engine(s) (208) may be implemented as a combination of hardware and programming configured to execute one or more functionalities associated with secure encryption, access control, or model training. The programming of the processing engine(s) (208) may include processor-executable instructions stored on a non-transitory machine-readable storage medium. The hardware of the processing engine(s) (208) may include one or more processing resources, such as the processor(s) (202), configured to execute the stored instructions. The machine-readable storage medium may be a component of the server system (200) or may be located remotely but accessible to it. In other embodiments, the processing engine(s) (208) may be implemented using dedicated electronic circuitry configured to perform one or more operations associated with the server system (200).
[0092] Further, the one or more processor(s) (202), in association with the memory (204), may be configured to perform the operations described with reference to processor (170) and memory (130) in earlier sections of this disclosure. This may include, for example, receiving a medical dataset, encrypting patient information data, encrypting one or more medical images, encrypting diagnostic information, assigning hierarchical encryption levels, generating access policy profiles, assembling a composite encrypted data package, and transmitting the package over a secure communication channel.
[0093] In one exemplary embodiment, the system (100) and the server system (200) may individually or jointly support training of the machine learning models used for encrypting medical dataset. The system (100) may locally collect or access patient information data, medical images, and diagnostic information from edge sources, and may preprocess or anonymize such data for model training purposes. The processor (170) of the system (100), in association with the memory (130), may be configured to execute initial training steps or fine-tuning operations on locally stored subsets of data, especially in scenarios involving federated learning where raw data may not be shared externally. Separately, the server system (200) may be configured to aggregate model updates, manage full-scale training workflows, or maintain a centralized model repository. The processor(s) (202), in conjunction with the memory (204) and database (210), may perform large-scale training using de-identified datasets, manage version control of trained models, and store updated model parameters. In some embodiments, the processing engine(s) (208) of the server system (200) may coordinate distributed learning rounds across multiple instances of the system (100), facilitating periodic synchronization of model weights while ensuring that sensitive raw data remains within local boundaries.
[0094] In one exemplary embodiment, the machine learning models used in the system (100) and the server system (200) may be trained using supervised, unsupervised, or semi-supervised learning techniques, depending on the nature and availability of labeled data. The generative model used for encrypting patient information data may be trained in a semi-supervised manner, using partially labeled identity attributes such as age, gender, or anonymized identifiers to produce multi-layered encryption outputs. The CycleGAN-based image-to-image translation model used for encrypting medical images may be trained using an unsupervised approach, as CycleGAN-based image-to-image translation model does not require paired input-output examples, allowing the model to learn a mapping between real medical images and obfuscated image domains using unpaired training data. The transformer-based model used for encrypting diagnostic information may be trained in a supervised or semi-supervised setting, using structured clinical annotations or partially labeled diagnostic reports to learn token-level encryption logic. In some embodiments, the training methodology may be dynamically selected based on data availability, compliance constraints, or performance requirements of each model type.
[0095] In one exemplary embodiment, the composite encrypted data package may include access control metadata encoded using a structured, machine-readable format such as JavaScript Object Notation (JSON) or Extensible Markup Language (XML). The access control metadata may define the hierarchical encryption level, recipient characteristics, and authorized decryption scope for each of the encrypted patient information data, the encrypted medical images, and the encrypted diagnostic information. The interface(s) (206) of the server system (200) may be configured to generate, validate, and transmit metadata in such structured formats, thereby enabling interoperability with external systems including electronic health record platforms, hospital information systems, and authorized third-party recipients. In some embodiments, the interface(s) (206) may adapt the structure or schema of the access control metadata dynamically based on the technical capabilities or protocol requirements of the recipient system, ensuring seamless interpretation and enforcement of access policy profiles during secure data exchange.
[0096] Referring now to FIG. 3, an exemplary flow chart of method (300) for auditing accessibility of a web page is illustrated, in accordance with one or more embodiments of the present disclosure. In one embodiment, a method (300) may be implemented by the system (100) or server system (200).
[0097] At step (302), the method (300) may include receiving at least one medical dataset.
[0098] At step (304), the method (300) may include extracting, from the medical dataset, a first set of information including patient information data, a second set of information including at least one medical image, and a third set of information including diagnostic information.
[0099] At step (306), the method (300) may include encrypting the first set of information using a generative model configured to produce multiple encryption layers corresponding to different levels of identity detail.
[00100] At step (308), the method (300) may include encrypting the second set of information using a CycleGAN-based image-to-image translation model configured to obfuscate content and apply region-specific encryption based on anatomical relevance.
[00101] At step (310), the method (300) may include encrypting the third set of information using a transformer-based model configured to tokenize and apply selective encryption based on clinical detail.
[00102] At step (312), the method (300) may include assigning hierarchical encryption levels across the encrypted first set of information, the encrypted second set of information, and the encrypted third set of information, wherein each level corresponds to characteristics of one or more recipients.
[00103] At step (314), the method (300) may include generating an access policy profile mapping the characteristics of the one or more recipients to authorized decryption levels.
[00104] At step (316), the method (300) may include assembling the encrypted first set of information, the encrypted second set of information, and the encrypted third set of information into a composite encrypted data package annotated with access control metadata.
[00105] At step (318), the method (300) may include transmitting the composite encrypted data package over a secure communication channel to the one or more recipients in accordance with the access policy profile.
[00106] It should be appreciated that the steps of the method (300) described herein are not limited to the specific sequence or structure outlined above. The method (300) may be implemented in various other ways, and the steps may be reordered, combined, omitted, or modified without departing from the scope or spirit of the present disclosure. The examples provided are for illustrative purposes only and are not intended to limit the invention to the specific embodiments described. Those skilled in the art will recognize that various modifications and adaptations may be made to the method (300) based on implementation-specific requirements.
[00107] It will be appreciated that one or more additional components may be incorporated, modified, or omitted in the implementation of the present disclosure without departing from the scope as defined by the appended claims. The described embodiments are merely illustrative, and variations in design, structure, or material selection may be made to suit specific applications. Any such modifications, equivalents, or substitutions are intended to be within the scope and spirit of the present invention as defined by the claims.
[00108] While the foregoing describes various embodiments of the present disclosure, other and further embodiments of the present disclosure may be devised without departing from the basic scope thereof. The scope of the present disclosure is determined by the claims that follow. The present disclosure is not limited to the described embodiments, versions, or examples, which are included to enable a person having ordinary skill in the art to make and use the present disclosure when combined with information and knowledge available to the person having ordinary skill in the art.

ADVANTAGES OF THE PRESENT DISCLOSURE
[00109] The present disclosure provides a system and method for encrypting heterogeneous medical dataset, including patient information data, medical images, and diagnostic information, using specialized models tailored to the structure and sensitivity of each data type.
[00110] The present disclosure provides a generative model-based encryption approach for patient information data, allowing the creation of multiple encryption layers corresponding to different levels of identity detail.
[00111] The present disclosure provides a CycleGAN-based image-to-image translation model for encrypting medical images, enabling content obfuscation and region-specific encryption based on anatomical relevance.
[00112] The present disclosure provides a transformer-based model for encrypting diagnostic information with token-level granularity, supporting selective encryption of summary, full-text, and raw diagnostic data.
[00113] The present disclosure provides hierarchical encryption level assignment across encrypted data components, enabling fine-grained access control based on characteristics of one or more recipients.
[00114] The present disclosure provides dynamic generation of access policy profiles that map recipient roles, use cases, and institutional rules to corresponding decryption levels, ensuring adaptable and policy-compliant data handling.
[00115] The present disclosure provides for the assembly of a composite encrypted data package containing encrypted patient information data, encrypted medical images, and encrypted diagnostic information, annotated with access control metadata for enforcement during transmission and access.
[00116] The present disclosure provides secure transmission of the composite encrypted data package over a communication channel that includes end-to-end encryption, access logging, and validation.
[00117] The present disclosure enables selective transmission and decryption of encrypted data components, ensuring that each recipient can access only those portions of the data package they are authorized to view.
, Claims:1. A system (100) for secure, hierarchical encryption and transmission of medical data, the system (100) comprising:
a processor (170); and
a memory (130) communicatively coupled to the processor (170), the memory (130) storing instructions that, when executed by the processor (170), cause the processor to:
receive at least one medical dataset;
extract, from the medical dataset, a first set of information comprising patient information data, a second set of information comprising at least one medical image, and a third set of information comprising a diagnostic information;
encrypt the first set of information using a generative model configured to produce multiple encryption layers corresponding to different levels of identity detail;
encrypt the second set of information using a CycleGAN-based image-to-image translation model configured to obfuscate content and apply region-specific encryption based on anatomical relevance;
encrypt the third set of information using a transformer-based model configured to tokenize and apply selective encryption based on clinical detail;
assign hierarchical encryption levels across the encrypted first set of information, the encrypted second set of information, and the encrypted third set of information, wherein each level corresponds to characteristics of one or more recipients;
generate an access policy profile mapping the characteristics of the one or more recipients to authorized decryption levels;
assemble the encrypted first set of information, the encrypted second set of information, and the encrypted third set of information into a composite encrypted data package annotated with access control metadata; and
transmit the composite encrypted data package over a secure communication channel to the one or more recipients in accordance with the access policy profile.
2. The system (100) as claimed in claim 1, wherein the generative model used to encrypt the first set of information is trained in a federated learning environment across multiple healthcare nodes without sharing raw patient information data.
3. The system (100) as claimed in claim 1, wherein the CycleGAN-based image-to-image translation model is configured to segment the second set of information into at least one region of interest and one or more peripheral regions, and apply different encryption intensities to each region based on anatomical relevance.
4. The system (100) as claimed in claim 1, wherein the transformer-based model is configured to generate separate encryption layers within the third set of information for summary-level insights, full-text diagnostic narratives, and raw diagnostic signals or outputs.
5. The system (100) as claimed in claim 1, wherein the access policy profile is dynamically generated based on the characteristics of the one or more recipients, the characteristics comprising at least one of: a recipient role, an intended use case, and institutional privacy rules.
6. The system (100) as claimed in claim 1, wherein the composite encrypted data package comprises embedded access control metadata specifying allowed decryption levels for each of the encrypted first set of information, the encrypted second set of information, and the encrypted third set of information.
7. The system (100) as claimed in claim 1, wherein the secure communication channel comprises an end-to-end encrypted transport protocol configured to support access logging and transmission validation.
8. The system (100) as claimed in claim 1, wherein the processor (170) is configured to selectively transmit only those portions of the composite encrypted data package that correspond to the authorized decryption levels associated with a given recipient's access policy profile.
9. The system (100) as claimed in claim 1, wherein decryption of the composite encrypted data package requires both possession of a cryptographic key and a verified authorization token matched to the characteristics of the recipient as defined in the access policy profile.
10. A method (300) for secure, hierarchical encryption and transmission of medical data, the method (300) comprising:
receiving (302) at least one medical dataset;
extracting (304), from the medical dataset, a first set of information comprising patient information data, a second set of information comprising at least one medical image, and a third set of information comprising diagnostic information;
encrypting (306) the first set of information using a generative model configured to produce multiple encryption layers corresponding to different levels of identity detail;
encrypting (308) the second set of information using a CycleGAN-based image-to-image translation model configured to obfuscate content and apply region-specific encryption based on anatomical relevance;
encrypting (310) the third set of information using a transformer-based model configured to tokenize and apply selective encryption based on clinical detail;
assigning (312) hierarchical encryption levels across the encrypted first set of information, the encrypted second set of information, and the encrypted third set of information, wherein each level corresponds to characteristics of one or more recipients;
generating (314) an access policy profile mapping the characteristics of the one or more recipients to authorized decryption levels;
assembling (316) the encrypted first set of information, the encrypted second set of information, and the encrypted third set of information into a composite encrypted data package annotated with access control metadata; and
transmitting (318) the composite encrypted data package over a secure communication channel to the one or more recipients in accordance with the access policy profile.