This work addresses the heightened privacy leakage and compliance risks introduced by networked healthcare systems, which existing application-specific and siloed mechanisms fail to mitigate across the full data lifecycle. To overcome these limitations, the paper proposes a privacy-by-design architecture centered on decision-theoretic differential privacy, integrating network-aware privacy accounting with a “compliance-as-code” paradigm. The framework introduces three novel components: a privacy budget ledger, a cross-site PET (Privacy-Enhancing Technology) control plane, and a shared testing platform. Together, they enable provably compliant, inter-institutional trusted data sharing and shift privacy protection from reactive measures to intrinsic design. The approach facilitates privacy-enhanced collaborative learning under explicit legal and regulatory constraints, with demonstrated applicability in multi-center clinical trials and genomics research.

Digitized, networked healthcare promises earlier detection, precision therapeutics, and continuous care; yet, it also expands the surface for privacy loss and compliance risk. We argue for a shift from siloed, application-specific protections to privacy-by-design at scale, centered on decision-theoretic differential privacy (DP) across the full healthcare data lifecycle; network-aware privacy accounting for interdependence in people, sensors, and organizations; and compliance-as-code tooling that lets health systems share evidence while demonstrating regulatory due care. We synthesize the privacy-enhancing technology (PET) landscape in health (federated analytics, DP, cryptographic computation), identify practice gaps, and outline a deployable agenda involving privacy-budget ledgers, a control plane to coordinate PET components across sites, shared testbeds, and PET literacy, to make lawful, trustworthy sharing the default. We illustrate with use cases (multi-site trials, genomics, disease surveillance, mHealth) and highlight distributed inference as a workhorse for multi-institution learning under explicit privacy budgets.