Chen_Kai ✓ FL Researcher
AI Researcher · Tencent Jarvis Lab
Jan 2026
Federated learning in medical imaging sounds perfect on paper — train on data from 50 hospitals without any data leaving their firewalls. The academic results are genuinely impressive. The operational reality is substantially harder and most papers don't discuss it. The first shock: hospitals have wildly different IT infrastructure, and getting a FL client to run reliably inside a hospital network that may block outbound connections to anything except approved PACS vendors is a weeks-long IT security negotiation, not a technical problem. The second shock: data heterogeneity between sites is severe enough that naive FedAvg (the basic federated averaging algorithm) often produces a global model that's worse than training on the best single-site dataset alone. Personalized FL methods like FedProx or SCAFFOLD, both available in the PySyft and Flower frameworks, handle heterogeneity substantially better. The FeTS initiative (Federated Tumor Segmentation) led by Penn Medicine is the best real-world FL deployment study in medical imaging to date — their 2022 and 2024 papers are required reading, and they are honest about the operational pain points in a way most FL papers are not.
Elena_Petrova
Privacy Engineer · Amsterdam UMC
Feb 2026
Chen is right about FedAvg limitations and I'd add a privacy warning that's often glossed over in tutorials: gradient sharing in standard federated learning is not equivalent to data privacy. Gradient inversion attacks — specifically the R-GAP and GradInversion methods demonstrated in research — have shown that under certain conditions, original training images can be partially reconstructed from shared gradients, especially for small batch sizes. This is a real concern when model updates from a single patient batch could theoretically be reverse-engineered. Differential privacy (DP) with gradient clipping and Gaussian noise injection is the current best practice mitigation, but it comes with a performance cost. The Flower framework (flower.dev) has DP built into its strategy API and is the most actively maintained open-source FL library right now — their documentation explicitly covers the privacy-utility tradeoff curves which helps you make an informed decision rather than just guessing at DP epsilon values. OpenFL from Intel is the other serious option if you're in a Microsoft Azure / Intel hardware ecosystem.
James_Morrow ⚠ Legal
Healthcare Lawyer · London
Feb 2026
Coming from a completely different angle — under UK GDPR and the EU GDPR, even federated learning where data never leaves the hospital may still constitute processing of special category health data if the model updates can be linked to individual patients, which the gradient inversion research Elena mentioned suggests they can under some conditions. The ICO in the UK published guidance on privacy-enhancing technologies in 2024 that specifically addresses FL, and their position is that FL does not automatically exempt an organisation from GDPR obligations — you still need a lawful basis for processing and a Data Protection Impact Assessment. If you're setting up a multi-site FL collaboration in Europe, get a data processing agreement between participating institutions before a single gradient is shared, not after. The legal framework is genuinely unsettled in some areas but the cost of getting it wrong — both in enforcement terms and in public trust terms — is substantial in healthcare.
