COR-GAN: Synthetic Data generation for Privacy-Preserving Deep Learning

The goal of this project is to generate synthetic healthcare records for privacy-preserving deep learning.

Methodology: We proposed a novel architecture using Generative Adversarial Networks.

Link: [Paper, GitHub]

Table Of Contents



Deep learning models have demonstrated high-quality performance in areas such as image classification and speech processing. However, creating a deep learning model using electronic health record (EHR) data, requires addressing particular privacy challenges that are unique to researchers in this domain. This matter focuses attention on generating realistic synthetic data while ensuring privacy. In this paper, we propose a novel framework called correlation-capturing Generative Adversarial Network (corGAN), to generate synthetic healthcare records. In corGAN we utilize Convolutional Neural Networks to capture the correlations between adjacent medical features in the data representation space by combining Convolutional Generative Adversarial Networks and Convolutional Autoencoders. To demonstrate the model fidelity, we show that corGAN generates synthetic data with performance similar to that of real data in various Machine Learning settings such as classification and prediction. We also give a privacy assessment and report on statistical analysis regarding realistic characteristics of the synthetic data.


  • Synthetic records helping stakeholders to share and work on data without privacy hurdles
  • Despite advances in Synthetic Data Generation~(SDG). Research efforts mostly restricted to limited use cases
  • Lack of clarity regarding the synthetic data being realistic; and factors contributing to realism
  • Majority of methods for supervised settings
  • Lack of clarity in measuring privacy, and privacy guarantees
  • EHRs are discrete in nature. But most research is on continuous data


  • We propose an efficient architecture to generate synthetic healthcare records using Convolutional GANs and Convolutional Autoencoders}~(CAs) which we call corGAN. We demonstrate that corGAN can effectively generate both discrete and continuous synthetic records.
  • We demonstrate the effectiveness of utilizing Convolutional Neural Networks~(CNNs) as opposed to Multilayer Perceptrons to capture inter-correlation between features.
  • We show that corGAN can generate realistic synthetic data that performs similarly to real data on classification tasks, according to our analysis and assessments.
  • We report on a privacy assessment of the model and demonstrate that corGAN provides an acceptable level of privacy, by varying the amount of synthetically generated data and the amount of data known to an adversary.

Aspects of The Work

Synthetic Data Generation

The discrete input X represents the source EHR data; z is the random distribution for the generator GG is the employed neural network architecture; Dec(G(z))} refers to the decoding function which is used to transform the generator G continuous output to their equivalent discrete values. The discriminator D attempts to distinguish real input X from the discrete synthetic output Dec(G(z))}. For the generator and the discriminator, a 1-Dimensional Convolutional GAN architecture is utilized.

Privacy – Membership Inference Attack

We utilize the Membership Inference (MI) attack as an approach to measure the privacy. Membership Inference~(MI) refers to determining whether a given record generated by a known machine learning model was used as part of the training data. The membership inference problem is basically the well-known problem of presence disclosure of an individual. If the adversary has complete access to the records of a particular patient and can recognize their employment in the model training, that is an indication of information leakage, as it can jeopardize the whole dataset privacy or at least the particular patient’s private information. Here, we will assume the adversary has the synthetically generated data as well as a portion of the compromised real data.

Data Fidelity

Binary Classification: We use this metric for our experiments with continuous data. To empirically verify the quality of the synthetic data, we consider two different settings. (A) Train and test the predictive models on the real data. (B)train the predictive model on synthetic data and test it on the real data. If the model evaluated in setting B, represents competitive results with the same model performed in setting (A), we can conclude the synthetic data has good predictive modeling similar to the real data.

Running the Code


  • Pytorch 1.4
  • CUDA [strongly recommended]

NOTE: PyTorch does a pretty good job in installing required packages but you should have installed CUDA according to PyTorch requirements. Please refer to our paper for further information.


You need to download and process the following datasets as due to privacy restrictions we cannot provide the data here.

One good source code for processing MIMIC-III can be found here.


To check the implementation refer to the folder Generative and you will see the following implementations:

  • corGAN: The implementation of the paper with concolutional autoencoders and regular multi-layer perceptions for discriminator and generator.
  • corGAN: The implementation of the medGAN paper as one of the baselines. This is a reimplemetation of this medGAN in PyTorch as we could not reproduce the results with their code. Furthermore, PyTorch is more flexible compare to TensorFlow for research!
  • VAE: One of the the baselines.
Scroll to Top