Inferensys

Glossary

Synthetic EHR Generation

The specialized algorithmic creation of realistic but entirely artificial electronic health records, encompassing structured diagnosis codes, medication histories, and unstructured clinical notes, to enable privacy-compliant machine learning and software testing.
Stylish WeWork-like workspace with hot desks and document wall, professional searching through enterprise knowledge base on a mounted ultrawide display, warm industrial pendants overhead.
PRIVACY-PRESERVING DATA AUGMENTATION

What is Synthetic EHR Generation?

Synthetic EHR generation is the algorithmic creation of realistic but entirely artificial electronic health records that statistically mimic real patient data without containing any actual protected health information.

Synthetic EHR generation is the computational process of producing artificial electronic health records—including structured diagnosis codes, medication histories, and unstructured clinical notes—that preserve the statistical properties of real patient populations while containing no identifiable individual data. This technique leverages generative models such as Generative Adversarial Networks (GANs) and Variational Autoencoders (VAEs) to learn complex clinical distributions and generate novel, plausible records for research and testing.

Within federated learning architectures, synthetic EHR generation serves as a critical privacy-preserving data augmentation strategy, allowing institutions to share realistic training data without exposing protected health information. Specialized architectures like medGAN and CTGAN handle the mixed discrete-continuous nature of clinical tabular data, while evaluation frameworks such as Train-Synthetic-Test-Real (TSTR) quantitatively measure whether models trained on artificial records maintain predictive performance on genuine patient data.

Fidelity Metrics

Key Characteristics of High-Fidelity Synthetic EHRs

High-fidelity synthetic electronic health records must satisfy rigorous statistical, clinical, and privacy benchmarks to be viable substitutes for real patient data in research and model development.

01

Statistical Fidelity

The synthetic dataset must preserve the joint multivariate distribution of the original data. This means maintaining not just univariate column statistics (mean, variance) but also complex bivariate and higher-order correlations between features like lab results, diagnoses, and medications.

  • Column-wise metrics: Kolmogorov-Smirnov tests for continuous variables, Chi-squared tests for categorical codes.
  • Pairwise correlation preservation: Pearson and Spearman correlation matrices must show minimal divergence.
  • Propensity Mean Squared Error (pMSE): A discriminative model should not be able to easily distinguish synthetic from real records.
02

Clinical Utility (TSTR)

The gold standard for utility is the Train-Synthetic-Test-Real (TSTR) paradigm. A predictive model trained exclusively on synthetic data must perform comparably to one trained on real data when evaluated on a held-out real test set.

  • Downstream task validation: Measure AUC-ROC for mortality prediction or readmission risk using synthetic training data.
  • Feature importance alignment: SHAP values from models trained on synthetic data should rank clinical features similarly to models trained on real data.
  • Subgroup analysis: Performance parity must hold across sensitive demographic strata to avoid introducing bias.
03

Temporal Coherence

EHRs are inherently longitudinal. Synthetic records must respect clinical chronology—a diagnosis cannot precede a patient's birth date, and a medication refill must follow the initial prescription.

  • Event sequence logic: Procedures like 'Cesarean Section' must only occur after a 'Pregnancy' diagnosis.
  • Time-series plausibility: Lab values like HbA1c must change gradually, not spike randomly between visits.
  • State transition validity: Markov transition probabilities between disease states must mirror real clinical progression patterns.
04

Privacy Preservation

High fidelity must not come at the cost of memorization. The model must generalize the training distribution without reproducing verbatim patient trajectories. Formal privacy guarantees are essential.

  • Differential Privacy (DP): Training with DP-SGD provides a provable ε-bound on information leakage.
  • Nearest Neighbor Adversarial Accuracy (NNAA): Measures the risk of identity disclosure by comparing distances between synthetic and real records.
  • Membership Inference Resistance: An attacker should not be able to determine if a specific individual was in the training set with confidence significantly above random chance.
05

Structural & Referential Integrity

Synthetic data must respect the relational database schema of the source EHR system. Foreign key constraints and code set validity are non-negotiable.

  • Code ontology adherence: All ICD-10, SNOMED CT, and LOINC codes must be valid and active in the target vocabulary.
  • Referential integrity: Every synthetic 'visit' record must link to a valid synthetic 'patient' record.
  • Cross-table consistency: A synthetic lab result for 'Serum Potassium' must be consistent with a synthetic diagnosis of 'Hyperkalemia' in the conditions table.
06

Coverage & Novelty

The generator must cover the long tail of clinical presentations, including rare diseases, while also producing novel combinations not explicitly copied from the training set.

  • Rare disease representation: Conditions with prevalence < 0.1% must still appear in the synthetic cohort.
  • Novelty score: The proportion of synthetic records that are exact duplicates of real records must be near zero.
  • Boundary pushing: The model should generate plausible but unseen comorbidity clusters, demonstrating generalization rather than rote memorization.
PRIVACY-PRESERVING DATA SHARING

Synthetic EHR Generation vs. Traditional De-identification

A technical comparison of synthetic data generation against legacy de-identification methods for sharing electronic health records in multi-institutional research.

FeatureSynthetic EHR GenerationTraditional De-identificationRaw Data Sharing

Re-identification Risk

Near-zero (generated de novo)

Moderate (linkage attacks possible)

Extreme (full PHI exposure)

Statistical Fidelity

High (preserves joint distributions)

Reduced (suppression distorts data)

Perfect (ground truth)

Regulatory Burden

Minimal (non-human subjects)

High (HIPAA Safe Harbor/Expert Determination)

Prohibitive (requires patient consent)

Utility for Rare Diseases

Configurable (oversampling via CTGAN)

Degraded (suppression removes outliers)

Preserved

Unstructured Note Preservation

Emerging (LLM-based generation)

Poor (redaction destroys context)

Full

Cross-institutional Sharing

Unrestricted

Requires DUA/BAA

Requires DUA/BAA

Typical Privacy Metric

Differential Privacy (ε < 1)

K-Anonymity (k ≥ 5)

None

SYNTHETIC EHR GENERATION

Frequently Asked Questions

Clear, technical answers to the most common questions about creating realistic but artificial electronic health records for privacy-preserving research and development.

Synthetic EHR generation is the algorithmic creation of realistic but entirely artificial electronic health records that statistically mimic real patient data without containing any actual protected health information (PHI). The process typically employs deep generative models—most commonly Generative Adversarial Networks (GANs) or Variational Autoencoders (VAEs)—that learn the complex joint distribution of structured codes (ICD-10, CPT, LOINC), temporal sequences, and unstructured clinical notes from a real training dataset. Once trained, the model's generator component samples from the learned latent space to produce novel patient trajectories. Architectures like medGAN and EHR-M-GAN are specifically optimized to handle the mixed discrete-continuous nature of clinical data, incorporating autoencoders to map high-dimensional binary diagnosis vectors into a continuous manifold before generation. The critical distinction from simple data masking is that synthetic records are not de-identified real records; they are entirely new statistical fabrications, which provides a stronger privacy guarantee against membership inference attacks while preserving analytical utility for downstream tasks like cohort discovery and predictive modeling.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.