MediVault: An Auditable and Secure Federated Learning System for Privacy-Preserving Healthcare Collaboration

1. Introduction

Digital healthcare systems generate large amounts of data, but turning these data into useful decisions is still difficult. Electronic health records (EHRs), laboratory systems, imaging scanning platforms, and patient-facing devices all produce valuable information. These data could support earlier risk detection, more personalised care, and better clinical pathway planning. However, building deployable clinical intelligence systems from such data is still challenging [1,2,3,4,5]. Patient-level data are distributed across different hospitals and systems, governed by privacy and ethical requirements, and often stored in different formats. This makes cross-site model development slow and costly. As a result, many studies still rely on data from a single institution, which can limit external validity. The issue is even more serious for rare-disease prediction, where cohorts are small and geographically distributed, and collaboration across multiple organisations is often needed to obtain sufficient statistical power [6].

Federated learning (FL) has become an important approach for multi-site modelling under privacy constraints [7,8,9]. In FL, each site keeps its data locally and shares only model updates rather than raw records. This fits well when sensitive data needs to remain at the source. FL has already been explored in healthcare applications such as risk prediction, medical imaging, and population health analytics [10,11,12,13,14,15]. A key advantage of FL is that it allows models to learn from multiple sites without centralising patient records, which may improve generalisability while reducing the need for large-scale data transfer.

Despite these advantages, many healthcare FL studies are still difficult to translate into deployable services. First, clinical adoption requires auditability and accountability. Stakeholders often need to know what model was trained, which sites participated, what configuration was used, how performance changed over time, and whether the process was stable and compliant. However, many FL implementations focus mainly on the training loop and provide only limited support for audit-ready logging, end-to-end traceability, and governance-oriented reporting [9,11]. Second, in healthcare domain, FL should deal with heterogeneity [16]. Data across sites are often non-IID (Independent and Identically Distributed) because of differences in patient populations, clinical practice, coding styles, and measurement processes. This can slow convergence and lead to unstable or inconsistent results if it is not properly monitored [8,9]. Third, practical deployment also requires clear communication. Clinicians and operational teams often need short and understandable summaries of performance, limitations, and readiness, rather than only raw metrics or low-level system logs. Finally, real deployment requires workflow integration, including round orchestration, monitoring, API-based service boundaries, and predictable runtime behaviour that can be demonstrated during evaluation and stakeholder review.

Existing FL frameworks provide strong technical foundations [17,18,19], but many deployment-related components, such as dashboards, evidence trails, stakeholder reporting, and controlled baseline comparisons, still need to be implemented separately. Because of this, there is still a gap between algorithm-focused FL prototypes and healthcare-ready systems that treat operational transparency, audit readiness, and stakeholder communication as first-class requirements.

To address this gap, we present MediVault, a privacy-first platform designed to operationalise federated learning for healthcare pilots, with particular attention to deployability, auditability, and communication. MediVault is motivated by multi-organisation scenarios such as rare-disease risk prediction, where institutions need to collaborate while maintaining local control of sensitive records. Rather than treating FL as a standalone training routine, MediVault provides an integrated workflow from orchestration to evaluation. It allows teams to (i) run round-based training across distributed sites, (ii) compare FL against a centralised baseline using the same model and hyperparameters, and (iii) produce governance- and clinician-oriented summaries based on logged evidence. In particular, MediVault provides an integrated workflow for privacy-preserving healthcare collaboration. It combines federated coordination, site-level local training, audit-ready telemetry, and a dashboard for evaluation and governance. In addition, the platform supports evidence-grounded reporting to improve stakeholder communication. We evaluate MediVault on two public healthcare classification datasets under both IID and non-IID settings to reflect realistic site heterogeneity. The results show that federated training is competitive with centralised training, while MediVault also provides the transparency, auditability, and communication features needed for practical healthcare pilots.

The rest of this paper is organised as follows. Section 2 reviews related work on federated learning in healthcare, privacy-preserving collaboration, and deployment-oriented FL systems. Section 3 presents the MediVault architecture, workflow, and key system components. Section 4 describes the experimental setup and evaluates the platform from both system-level and model-level perspectives. Finally, Section 5 concludes the paper and outlines directions for future work.

2. Background

2.1. Federated Learning in Healthcare

Federated learning (FL) is a distributed learning paradigm in which multiple sites train local models on private data and periodically share model updates with a coordinator, which aggregates them into a global model [7,9]. In healthcare, FL is particularly attractive because medical data are naturally distributed across institutions and are subject to strict privacy, legal, and governance constraints. By keeping data local and exchanging model updates instead of raw records, FL provides a practical alternative to centralised learning for collaborative healthcare analytics.

Although FL is promising for healthcare, several practical and methodological challenges remain. First, statistical heterogeneity is common. Hospitals may differ in patient demographics, clinical workflows, measurement devices, and coding practices, which can lead to client drift and unstable training [8,9]. Second, system heterogeneity can arise from differences in compute capacity, network conditions, and local operational constraints. Third, privacy risks do not disappear simply because raw data are not shared. Prior studies have shown that gradients or model updates may still leak sensitive information under certain attack settings, such as gradient inversion or feature leakage attacks [20,21]. Therefore, healthcare FL systems must consider not only predictive performance, but also update confidentiality, secure aggregation, and operational trust.

2.2. Update Confidentiality and Secure Aggregation

Protecting privacy in FL requires distinguishing two related goals: update confidentiality and secure aggregation. Update confidentiality aims to prevent eavesdroppers or untrusted intermediaries from reading individual client updates in transit or at rest. Secure aggregation aims to ensure that the coordinator learns only an aggregate statistic, such as a sum or an average, rather than any single participant’s update.

Secure aggregation is commonly implemented using ideas from secure multi-party computation (SMPC). A representative approach is additive masking, where each client masks its update in such a way that the masks cancel out during aggregation, allowing the server to recover only the sum of updates [22]. Such protocols are attractive because they can be efficient and provide a clear privacy guarantee under an explicit threat model, often an honest-but-curious server. However, practical deployment still requires solutions for dropout handling, key management, and robustness to stragglers.

Homomorphic encryption (HE) provides another way to protect model updates by allowing computation directly over encrypted values [23]. In FL, HE is often used so that the coordinator performs additive aggregation on ciphertexts rather than plaintext updates. This can provide stronger confidentiality for transmitted updates, but it also introduces additional computation and communication overhead. As a result, many systems often restrict operations to simple additions, smaller models, or lightweight HE settings in order to balance privacy and efficiency.

2.3. Auditability, Governance Evidence, and Trust in Cross-Organisation Collaboration

In cross-organisation healthcare collaborations, technical privacy mechanisms alone are often not enough for deployment readiness. Partners may also require operational evidence that collaboration occurred as claimed and that protocol constraints were followed. For example, they may want evidence that local training was performed on-site, no raw data were exported, and only restricted message contents were exchanged. This introduces a requirement beyond predictive performance: auditability and governance readiness. Prior work in healthcare FL has highlighted the importance of trust, transparency, and practical deployment considerations, but many FL systems mainly expose training metrics and engineering logs rather than a structured, non-sensitive evidence layer designed for post-hoc review and partner assurance [11,12].

2.4. Related Work

Federated learning has been widely applied in supporting collaborative healthcare analytics [24,25,26,27]. Existing works have explored FL in a range of healthcare settings, including electronic health records, medical imaging, remote monitoring, and other smart-health applications, showing that multi-site model development is feasible even when direct data sharing is restricted [25,26]. In addition, these reviews consistently note that FL in healthcare domain are still facing challenges such as non-IID data, communication overhead, privacy risk, and deployment complexity [24,26,27].

A number of existing works have therefore focused on strengthening the security and privacy of FL beyond simple local-data retention. In particular, secure aggregation has become a central topic, since the coordinator should ideally learn only an aggregated statistic rather than any individual client update. Studies in [22,24,26] have explored several directions for secure aggregation, including masking-based schemes, secret sharing, and cryptographic approaches such as homomorphic encryption, while also emphasising practical requirements such as communication efficiency, robustness to user dropout, and compatibility with high-dimensional model updates . These approaches strengthen confidentiality beyond the assumption that data merely remain local, although they may introduce additional computational and engineering overhead in real deployments [23,25,27].

At the same time, researches have shown that “data stay local” does not fully remove privacy risks in federated learning. Attacks on gradients and parameter updates demonstrate that sensitive information may still be inferred from shared model updates, which motivates stronger update-protection mechanisms in privacy-sensitive domains such as healthcare [20,21]. This concern is also reflected in recent healthcare FL reviews, which argue that privacy protection often requires a combination of local training, protected update exchange, and system-level safeguards rather than reliance on local data retention alone [24,25,26].

From a systems perspective, existing FL research provides strong foundations for federated coordination, local training, privacy-aware aggregation, and healthcare-oriented application design [24,25,26,27]. However, most existing works primarily focus on learning architectures, privacy mechanisms, or application taxonomies. Much less attention is given to governance-oriented transparency at the system level, such as protocol timelines, secure message evidence, and non-sensitive audit views that can support partner assurance in real healthcare collaborations. As above reason, MediVault differs from existing works in two ways. 1) it combines federated learning with protected update exchange through HE-based update protection and an SMPC-inspired secure aggregation workflow. 2) it introduces a secure collaboration evidence layer through the dashboard, exposing protocol-level artefacts that support auditability without revealing raw data or per-sample information. This positions MediVault as a deployment-oriented healthcare FL system that addresses not only privacy-preserving training, but also the operational transparency needed for cross-organisation trust.

3. Proposed System

The proposed system, called MediVault, is an auditable and secure federated learning-based system that supports collaborative model training across multiple healthcare data custodians without centralising patient-level data. The system is designed for healthcare analytics scenarios in which institutions need to collaborate while preserving local data control. MediVault follows a federated learning (FL) setting in which participating healthcare sites train locally on their private datasets and share only protected model updates. Rather than treating FL as an isolated training routine, MediVault provides an integrated workflow that combines round orchestration, protected update exchange, secure aggregation, and audit-ready system evidence.

3.1. System Architecture

Figure 1 shows the overall MediVault workflow. In each training round, the federated coordinator broadcasts the current global model to the participating healthcare sites. Each site then performs local training on its private dataset and computes a local model update. Before transmission, the local update is protected through an HE-based update protection step. The protected updates are then combined through an SMPC-inspired secure aggregation process, so that the coordinator receives only an aggregated result rather than plaintext individual updates. This aggregated result is used to form the updated global model, which is broadcast again for the next round.

MediVault combines a federated coordinator, site-level local training at peer nodes, and a protected update pipeline for secure submission and aggregation. Together, these elements support a protected round-based workflow in which local model updates are generated at each site, protected before transmission, securely aggregated, and then used to update the global model for the next round. The round-based training procedure is described next, followed by the two protection mechanisms used for secure update handling and aggregation.

3.2. Federated Learning Workflow

Assume that training proceeds in synchronous rounds $t=1,\dots ,T$. Let ${\mathbf{w}}^{\left(t\right)}$ denote the global model parameters at round t. Each peer $i\in \{1,\dots ,N\}$ holds a private local dataset ${\mathcal{D}}_i$. The workflow below describes how local updates are generated and then passed to the protected update pipeline for secure submission and aggregation.

• Broadcast: The coordinator broadcasts the current global model ${\mathbf{w}}^{\left(t\right)}$ and round identifier t to all participating peers.
• Local training: Each peer performs local optimisation for E epochs (or steps) and obtains updated parameters ${\mathbf{w}}_i^{\left(t\right)}$. The local model update is then computed as

  $$\Delta {\mathbf{w}}_i^{\left(t\right)}={\mathbf{w}}_i^{\left(t\right)}-{\mathbf{w}}^{\left(t\right)}.$$

  (1)
• Protected submission: Each peer protects $\Delta {\mathbf{w}}_i^{\left(t\right)}$ using the protected update pipeline described in Section 3.3 and Section 3.4, and submits only the protected update to the coordinator.
• Aggregation and model update: The coordinator aggregates the protected updates and applies the resulting global update:

  $${\mathbf{w}}^{(t+1)}={\mathbf{w}}^{\left(t\right)}+\eta ·{\displaystyle \frac{1}{N}}\sum _{i=1}^N\Delta {\mathbf{w}}_i^{\left(t\right)},$$

  (2)

  where $\eta$ is the server learning rate.

In MediVault, the summation is not carried out over plaintext individual updates. Instead, aggregation is performed through the protected update pipeline described below.

3.3. HE-Based Update Protection for Encrypted Aggregation

To protect the confidentiality of peer updates during transmission and aggregation, MediVault uses an additive homomorphic cryptosystem, specifically Paillier. Let $\mathsf{Enc}(·)$ and $\mathsf{Dec}(·)$ denote encryption and decryption under the corresponding public and private keys.

Each peer encrypts its protected update vector element-wise:

$${\mathbf{c}}_i^{\left(t\right)}=\mathsf{Enc}\left({\widetilde{\Delta \mathbf{w}}}_i^{\left(t\right)}\right),$$

(3)

where ${\widetilde{\Delta \mathbf{w}}}_i^{\left(t\right)}$ denotes the peer update after optional masking. Due to the additive homomorphism of Paillier, the coordinator can combine ciphertexts without decrypting individual updates:

$${\mathbf{c}}_{\mathrm{sum}}^{\left(t\right)}=\underset{i=1}{\overset{N}{⨁}}{\mathbf{c}}_i^{\left(t\right)}=\mathsf{Enc}\left(\sum _{i=1}^N{\widetilde{\Delta \mathbf{w}}}_i^{\left(t\right)}\right),$$

(4)

where ⊕ denotes ciphertext-domain addition. The coordinator decrypts only the aggregated ciphertext:

$${\widetilde{\Delta \mathbf{w}}}_{\mathrm{sum}}^{\left(t\right)}=\mathsf{Dec}\left({\mathbf{c}}_{\mathrm{sum}}^{\left(t\right)}\right).$$

(5)

This design prevents the coordinator from directly observing plaintext individual updates during aggregation. In the current prototype, this encrypted aggregation remains practical because the evaluated models are lightweight linear models, which keep the protected update dimensionality manageable.

3.4. SMPC-Inspired Secure Aggregation via Additive Masking

MediVault further reduces exposure of individual updates by combining HE with an SMPC-inspired additive masking mechanism. The goal is that the coordinator receives only encrypted, masked updates and recovers only an aggregated result.

Let $\Delta {\mathbf{w}}_i^{\left(t\right)}$ denote peer i’s local model update at round t, and let ${\mathbf{m}}_i^{\left(t\right)}$ denote a pseudo-random mask vector derived from a shared seed and the round identifier t. Peer i forms a masked update as

$${\widetilde{\Delta \mathbf{w}}}_i^{\left(t\right)}=\Delta {\mathbf{w}}_i^{\left(t\right)}+s_i{\mathbf{m}}_i^{\left(t\right)},$$

(6)

where $s_i\in \{+1,-1\}$ controls mask cancellation. The peer then encrypts and transmits only

$$\mathsf{Enc}\left({\widetilde{\Delta \mathbf{w}}}_i^{\left(t\right)}\right).$$

(7)

Using HE additivity, the coordinator combines ciphertexts and decrypts only the aggregated masked sum:

$$\mathsf{Dec}\left(\sum _{i=1}^N\mathsf{Enc}\left({\widetilde{\Delta \mathbf{w}}}_i^{\left(t\right)}\right)\right)=\sum _{i=1}^N\left(\Delta {\mathbf{w}}_i^{\left(t\right)}+s_i{\mathbf{m}}_i^{\left(t\right)}\right).$$

(8)

In the current prototype, masking is implemented in a two-party setting ($N=2$) by assigning opposite signs to the two peers so that masks cancel after aggregation:

$${\widetilde{\Delta \mathbf{w}}}_1^{\left(t\right)}+{\widetilde{\Delta \mathbf{w}}}_2^{\left(t\right)}=\Delta {\mathbf{w}}_1^{\left(t\right)}+\Delta {\mathbf{w}}_2^{\left(t\right)}.$$

(9)

Thus, the coordinator recovers only the aggregated update and not any individual plaintext update. The aggregated update is then used in a FedAvg-style global model update. Extending this masking mechanism to multi-party settings with dropout tolerance is left as future work.

In addition, MediVault records round-level metadata, including round identifiers, participating peers, protected message metadata, aggregation status, and model-level summaries. These records are surfaced through the dashboard to support auditability and governance review without exposing patient-level data.

4. Evaluation

This section evaluates MediVault from two aspects: (i) system-level evidence, showing that the current implementation supports end-to-end execution with a working dashboard, protected update exchange, and an auditable protocol timeline; and (ii) model-level utility, comparing federated training against a centralised baseline under both IID and non-IID data partitions. We report results for two lightweight linear classifiers: logistic regression (LOGREG) and linear SVM (LINSVM).

4.1. Implementation and Dashboard Views

A key contribution of MediVault is that the secure collaboration workflow is not only specified conceptually but also demonstrated through an operational dashboard. Figure 2, Figure 3 and Figure 4 provide end-to-end evidence of: (i) global task configuration and round-level learning status at the coordinator; and (ii) peer-side execution where each site trains locally and submits encrypted, masked model updates rather than raw patient records. These views support a deployment-oriented narrative: the current implementation operationalises secure multi-party collaboration while preserving data locality.

In addition to the primary workflow, MediVault provides a dedicated secure collaboration evidence layer, as shown in Figure 5 and Figure 6. This layer is designed to improve auditability and partner confidence by exposing protocol-level artefacts, such as message metadata, encryption timings, and aggregation steps, while remaining non-sensitive. Such evidence is particularly relevant for healthcare collaborations where governance requirements demand operationally verifiable traces without disclosure of patient-level information. In addition, Figure 7 shows an optional reporting interface that generates narrative summaries from non-sensitive aggregated evidence rather than raw patient records. This interface is intended to support stakeholder communication by translating logged metrics and protocol-level evidence into a more accessible form, and can be achieved using either a cloud-based generative AI service or a local model.

4.2. Experimental Setup

We evaluate MediVault on two public binary classification datasets: breast_cancer [28] and heart_disease [29]. Each dataset is split into train and test partitions using a fixed random seed (seed = 7) and a with the 80/20 split. All reported metrics are computed on the held-out test set.

4.2.1. Models, Baselines, and FL Setting

We compare two lightweight linear models that are common in clinical risk prediction:

• LOGREG: logistic regression (probabilistic linear classifier).
• LINSVM: linear SVM (margin-based linear classifier).

For each model, we compare:

• Centralised baseline (Non-FL): the model trained on the union of all training data.
• Federated learning (FL): peers train locally and submit model updates to a coordinator. The coordinator applies a FedAvg-style aggregation over received updates and evaluates the global model each round.

4.2.2. Peer Partitions (IID vs Non-IID)

To study heterogeneity, training data are partitioned across peers under:

• IID: each peer receives a roughly representative sample of the overall data distribution.
• Non-IID: peer data distributions are intentionally skewed so that different peers no longer follow the same underlying distribution, reflecting realistic site heterogeneity.

We evaluate 2 peers and 5 peers to examine how scaling the number of sites influences convergence and performance.

4.2.3. Metrics and Reporting Protocol

We report three standard metrics for medical risk prediction:

• Accuracy (ACC): overall classification correctness.
• Area Under the ROC Curve (AUC): threshold-independent ranking quality.
• F1-score (F1): balances precision and recall, which is useful under potential class imbalance.

For each setting, we report: (i) Final round performance (fixed-budget deployment view), (ii) Best over rounds (attainable peak, relevant for early stopping), and (iii) Mean±Std across rounds (stability). In Table 1, Table 2 and Table 3, $\Delta$ denotes FL minus Base under the same dataset/model/partition/peer configuration.

4.2.4. Secure Update Confidentiality and Secure Aggregation

MediVault follows an update-confidential FL design that combines homomorphic encryption (HE) with an SMPC-inspired additive masking mechanism (see the full protocol description in the Proposed System section). As shown in Figure 5 and Figure 6, we validate the operational behaviour of this design by exposing non-sensitive protocol artefacts in the dashboard: (i) each peer submits only encrypted, masked updates (no plaintext updates and no patient-level records); (ii) the coordinator performs additive combination on ciphertexts and decrypts only the aggregated sum; and (iii) the secure-aggregation trace view provides message-level evidence such as vector dimensionality, payload size, mask identifiers/signs, and ciphertext hashes or samples, together with an ordered protocol timeline for auditability. These dashboard traces demonstrate that encrypted update exchange and masked aggregation are executed end-to-end in the prototype, supporting partner assurance without revealing local training data.

4.3. Auditability and Governance Evidence

Beyond predictive performance, MediVault is evaluated on auditability—the ability to provide non-sensitive, machine-recorded evidence that a privacy-preserving collaboration occurred. This is particularly important for cross-organisation healthcare deployments where partners must justify data governance decisions and demonstrate compliance-oriented controls.

As shown in Figure 5 and Figure 6, the implementation exposes an evidence layer that logs: (i) secure message metadata (peer identifier, round index, payload size, encryption time, mask identifiers, and protocol events); and (ii) an ordered protocol timeline of events (round start, message receipt, secure combine, global update, and evaluation). These artefacts are designed to be non-patient-level yet operationally verifiable, supporting post-hoc inspection and partner assurance without disclosing local records or per-sample information.

We therefore treat auditability as a first-class evaluation axis alongside accuracy metrics: the dashboard evidence demonstrates that MediVault provides a practical governance view for secure collaboration in addition to model training outcomes.

4.4. Results: Performance Comparison (Centralised vs Federated)

Table 1, Table 2 and Table 3 summarise results for LOGREG and LINSVM. On breast_cancer, both models achieve near-ceiling performance centrally, and FL remains competitive: LOGREG largely matches the centralised baseline (final-round ACC ≈ 0.986), while LINSVM shows small but consistent drops under FL (e.g., up to ∼2–3% absolute ACC under 2-peer non-IID). On heart_disease, LOGREG yields the strongest centralised baseline and FL provides gains under IID partitioning (e.g., ACC improves from 0.853 to 0.868). Under non-IID partitions, final-round metrics can drop (ACC 0.838) but best-over-rounds remains competitive in this setting, suggesting that monitoring and early stopping may be practical strategies under heterogeneous deployments. LINSVM exhibits more sensitivity across configurations: it can match or improve baseline in some cases (e.g., 2-peer non-IID ACC 0.836 vs 0.803) but degrades under others (e.g., 5-peer IID ACC 0.787 vs 0.803), indicating higher variance in heterogeneous or small-sample regimes.

Figure 8, Figure 9 and Figure 10 visualise final-round performance for Base vs FL across datasets, partitions, peer counts, and models. Across conditions, FL is competitive with the centralised baseline. Differences are small on breast_cancer due to near-ceiling performance, while larger sensitivity is observed on heart_disease, particularly under non-IID partitions and for LINSVM.

To complement the summary tables, we plot round-wise ACC/AUC/F1 trajectories under representative IID and non-IID settings to illustrate convergence behaviour and stability.

Figure 11 shows that under IID partitioning, FL converges smoothly and can match or exceed the centralised baseline. Under non-IID partitioning, convergence remains observable but with larger fluctuations and a lower final-round operating point. This pattern is consistent with client drift and slower stabilisation under heterogeneous sites.

Figure 12 indicates that both LOGREG and LINSVM achieve near-ceiling performance for breast_cancer, and FL closely tracks the centralised baseline under both IID and non-IID partitions. In this dataset, differences are small and are more visible through stability than through final-point performance.

4.5. Discussion

The evaluation shows that MediVault provides both system-level and model-level value for privacy-preserving healthcare collaboration. At the system level, the dashboard and evidence views demonstrate that the current implementation supports local training, protected update exchange, secure aggregation, and auditable protocol traces without exposing patient-level data. This is important for healthcare deployments, where partner trust depends not only on privacy-preserving computation but also on visible and reviewable operational evidence.

At the model level, federated learning with both LOGREG and LINSVM remains competitive with the centralised baseline across the evaluated datasets. On breast_cancer, both models operate near a saturated performance regime, so differences between centralised and federated settings are small. On heart_disease, LOGREG is generally more robust across partition and peer configurations, while LINSVM shows greater sensitivity, especially under heterogeneous settings. This suggests that model choice matters in practical FL deployments, particularly when data distributions differ across sites.

The results also confirm the expected effect of heterogeneity. Non-IID partitions increase variance and can lower final-round performance, especially on heart_disease. At the same time, the best-over-rounds results indicate that competitive operating points are still reachable, which supports the use of monitoring and early stopping in practical deployments.

Finally, the optional reporting interface shown in Figure 7 illustrates how non-sensitive aggregated evidence can be presented in a more accessible form for stakeholders. Together with the protocol-level metadata exposed by the dashboard, this suggests that MediVault can support not only privacy-preserving training, but also the transparency and governance readiness needed for real multi-site healthcare collaboration.

5. Conclusion

This paper presented MediVault, a proof-of-concept system that enables privacy-preserving healthcare collaboration without sharing raw patient records. MediVault combines federated learning with (prototype) encrypted update exchange and an SMPC-inspired secure aggregation workflow, and exposes an auditable evidence layer through a working dashboard to support governance and partner trust. Experiments on breast_cancer and heart_disease using logistic regression show that federated training achieves performance comparable to a centralised baseline under both IID and non-IID partitions, with expected sensitivity to data heterogeneity.

Several directions remain for future work. First, the current secure aggregation and homomorphic-encryption mechanisms are demonstrated at prototype level, and future work should consider stronger adversarial settings and more formal security analysis. Second, the present experiments use benchmark tabular datasets rather than real clinical deployment data, so further validation will require more representative healthcare datasets and appropriate governance or ethical pathways. Third, broader evaluation is needed under more realistic network conditions, larger numbers of peers, and more extensive analyses of robustness, fairness, and distribution shift.