¹Institute of Medical Informatics, Medical Faculty of RWTH Aachen University, Aachen, Germany
²Department of Internal Medicine, Universities of Giessen and Marburg Lung Center (UGMLC), Member of the German Center for Lung Research (DZL), Gießen, Germany

Text

Introduction: This work presents a proposed architecture that enables the secure deployment of machine learning (ML) models in distributed healthcare environments. ML models are typically developed in centralized environments, but their deployment in healthcare occurs in decentralized, highly protected clinical environments. Sensitive patient data must be protected from unauthorized access, requiring strict isolation and limiting external data connections [1]. ML environments must accommodate heterogeneous hardware and different ML frameworks, which makes deployment complex. Scalability remains an issue, as decentralized systems must efficiently handle growing datasets and computational demands.

The AKTIN Network operates a decentralized infrastructure for the standardized collection and local storage of routine emergency care data across German hospitals, the AKTIN infrastructure [2]. Data remains on-site and is queried via a federated model, ensuring full institutional control and compliance with data protection regulations [3]. In the context of the KlimaNot project, machine learning models are developed based on data collected within the AKTIN infrastructure and analyzed together with weather data. To enable their deployment and use, our objective is to draft a conceptual framework that allows these models to be executed locally at participating hospitals while safeguarding data privacy and information security.

State of the art: Privacy in clinical ML is commonly framed by the Five Safes model [1]. Approaches like the Personal Health Train enable distributed computing, while the UK Health Data Research Alliance provides a guideline to implement a trusted research environment in which ML models can be deployed [4], [5]. However, these frameworks do not address scalable, continuous on-premises model deployment in routine care settings, nor do they include mechanisms for institution-level model approval and integration into operational IT.

Concept and implementation: We propose a modular, privacy-preserving architecture for local ML inference using the AKTIN data warehouse as a trusted source. The Architecture Communication Canvas serves as a tool to communicate and document architecture. The system is implemented as a Trusted Research Environment under the Five Safes framework. After being reviewed and approved by local IT and medical staff, models are executed in containerized local environments. They access data exclusively through a dedicated loader and remain fully isolated from raw patient data. The design supports heterogeneous infrastructures and is evaluated within the KlimaNot project as a scalable solution for secure ML deployment in routine care and research.

Lessons learned: The Five Safes framework enables secure ML inference in decentralized healthcare. Our architecture shows that local, container-based execution is feasible, but real-world analysis revealed challenges that hospitals require flexible infrastructure support, model validation must be locally approved by IT and clinical staff, and data access must be tightly controlled via dedicated loaders. Ensuring reproducibility and scalability requires container registries and version control. Detailed technical and procedural aspects will be addressed in a forthcoming full paper.

Acknowledgement: Funding by the G-BA Innovationsfonds (01VSF23017) and the German Federal Ministry of Education and Research and Network of University Medicine “NUM 2.0” (01KX2121), “AKTIN@NUM” (01KX1319A).

The authors declare that they have no competing interests.

The authors declare that an ethics committee vote is not required.

References

[1] Desai T, et al. Five safes: designing data access for research. Economics Working Paper Series. 2016;1601:28.
[2] Ahlbrandt J, et al. Balancing the need for big data and patient data privacy - an IT infrastructure for a decentralized emergency care research database. Stud Health Technol Inform. 2014;205:750-4.
[3] Bienzeisler J, et al. Implementation report on pioneering federated data access for the German National Emergency Department Data Registry. npj Digit Med. 2025;8:94.
[4] Hubbard T, et al. Trusted Research Environments (TRE) Green Paper. Zenodo; 2020.
[5] Beyan O, et al. Distributed analytics on sensitive medical data: the personal health train. Data Intell. 2020;2(1-2):96-107.