DP-RuL: Differentially-Private Rule Learning for Clinical Decision Support Systems

TL;DR

This work develops a framework for learning population rulesets with local differential privacy (LDP), suitable for use within a distributed CDSS and other distributed settings, and introduces an adaptive budget allocation method which dynamically determines how much privacy loss budget to use at each query, resulting in better privacy-utility trade-offs.

Abstract

Serious privacy concerns arise with the use of patient data in rule-based clinical decision support systems (CDSS). The goal of a privacy-preserving CDSS is to learn a population ruleset from individual clients' local rulesets, while protecting the potentially sensitive information contained in the rulesets. We present the first work focused on this problem and develop a framework for learning population rulesets with local differential privacy (LDP), suitable for use within a distributed CDSS and other distributed settings. Our rule discovery protocol uses a Monte-Carlo Tree Search (MCTS) method integrated with LDP to search a rule grammar in a structured way and find rule structures clients are likely to have. Randomized response queries are sent to clients to determine promising paths to search within the rule grammar. In addition, we introduce an adaptive budget allocation method which dynamically determines how much privacy loss budget to use at each query, resulting in better privacy-utility trade-offs. We evaluate our approach using three clinical datasets and find that we are able to learn population rulesets with high coverage (breadth of rules) and clinical utility even at low privacy loss budgets.

Figures (12)

• Figure 1: Our privacy-preserving CDSS framework. Clients locally collect data from sensors and wearables, which are used to learn personalized rule sets ($R_1, \ldots, R_n$) using STL Learning describing individual conditions. A Rule Discovery Protocol sends a series of structured queries to the clients who respond using randomized response, to produce an aggregate population ruleset $R_S$ to discover generalizable clinical rules.
• Figure 2: Visual of the STL-learned rule $\square_{[0,300]}$(BG $\geq$ 70 $\land$ BG $\leq$ 180) from glucose trajectories. The green trajectories satisfy the rule (glucose in range), and the red violate it.
• Figure 3: Rule Discovery Protocol. The protocol iterates through each MCTS phase (SelectNode, ExpandNode, QueryClients, Backpropagate) to send a series of structured queries to the clients, who respond using randomized response, to generate $R_S$.
• Figure 4: Example Partial Exploration Tree. Tree nodes contain the rule and MCTS components visitCount and score.
• Figure 5: Example Rule Matching. Colors indicate the part of the rule to be matched. In the template, the variables have not yet been specified (part of the ?s), so the template matches client rules with different variables.