Skip to main content

Balancing Fidelity, Utility, and Privacy in Synthetic Cardiac MRI Generation: A Comparative Study

AuthorsMadhura Edirisooriya et al.
Year2026
FieldComputer Vision
arXiv2603.04340
PDFDownload
Categoriescs.CV, cs.LG

Abstract

Deep learning in cardiac MRI (CMR) is fundamentally constrained by both data scarcity and privacy regulations. This study systematically benchmarks three generative architectures: Denoising Diffusion Probabilistic Models (DDPM), Latent Diffusion Models (LDM), and Flow Matching (FM) for synthetic CMR generation. Utilizing a two-stage pipeline where anatomical masks condition image synthesis, we evaluate generated data across three critical axes: fidelity, utility, and privacy. Our results show that diffusion-based models, particularly DDPM, provide the most effective balance between downstream segmentation utility, image fidelity, and privacy preservation under limited-data conditions, while FM demonstrates promising privacy characteristics with slightly lower task-level performance. These findings quantify the trade-offs between cross-domain generalization and patient confidentiality, establishing a framework for safe and effective synthetic data augmentation in medical imaging.


Engineering Breakdown

Plain English

This paper systematically compares three generative models—DDPM, LDM, and Flow Matching—for synthesizing realistic cardiac MRI images from anatomical masks, addressing the critical problem of data scarcity in medical imaging. The researchers built a two-stage pipeline that uses masks to condition image generation and evaluated all three approaches on fidelity (how realistic the images are), utility (whether they improve downstream segmentation tasks), and privacy (whether synthetic data leaks information about the training set). Their key finding: DDPM provides the best overall balance across all three metrics in low-data regimes, while Flow Matching shows surprisingly strong privacy characteristics despite slightly lower task performance. This is practically significant because synthetic medical imaging data could enable model training without violating patient privacy regulations like HIPAA.

Core Technical Contribution

The core contribution is a systematic empirical benchmark of three fundamentally different generative paradigms—score-based diffusion (DDPM), latent-space diffusion (LDM), and continuous normalizing flows (FM)—for medical image synthesis, measured against a rigorously defined three-axis evaluation framework (fidelity, utility, privacy) rather than just visual quality. Prior work on synthetic medical images either focused on a single generative approach or didn't measure privacy impact quantitatively; this paper shows that privacy-utility trade-offs vary significantly across architectures, with DDPM and FM occupying different points on the Pareto frontier. The anatomical mask conditioning mechanism is relatively straightforward, but the insight that DDPM outperforms more recent approaches (LDM, FM) in limited-data medical settings is counterintuitive and challenges assumptions that newer architectures are universally superior. The explicit privacy evaluation using membership inference attacks and other formal privacy metrics elevates this beyond a standard generative modeling benchmark to address regulatory concerns in healthcare.

How It Works

The pipeline operates in two stages: first, an anatomical mask is extracted or provided for each cardiac image, serving as a structural constraint that guides synthesis; second, this mask is passed to the generative model which outputs a synthetic but anatomically valid CMR image. For DDPM, the forward process gradually adds noise to real images over many timesteps, and the reverse process learns to denoise starting from pure noise, conditioned on the mask—this forces the model to respect anatomical structure while learning realistic cardiac texture. LDM reduces computational cost by performing this diffusion in a learned latent space rather than pixel space, compressing the image down and diffusing the compact representation. Flow Matching takes a different approach entirely: instead of learning noise prediction, it trains a vector field that smoothly transports noise distributions into data distributions, conditioned on the mask; this requires fewer sampling steps at inference but makes privacy-utility trade-offs explicit. All three models are evaluated on the same held-out test set: fidelity measured via Frechet Inception Distance or similar metrics, utility assessed by training a segmentation model on synthetic data and measuring performance on real test images, and privacy via membership inference attacks that attempt to determine whether a real image was in the training set.

Production Impact

For healthcare AI teams, this work directly addresses the constraint that prevents most medical imaging AI from scaling: you cannot build production models on large datasets because patient data is legally and ethically protected. Using DDPM to generate synthetic training data could enable 10-100x data amplification while maintaining downstream task performance, meaning a hospital with 500 real cardiac scans could effectively train on 5000-50000 synthetic variants without legal risk. The two-stage mask-conditioned approach is practically straightforward to implement—anatomical segmentation masks are often already generated as part of clinical workflows, so this integrates cleanly into existing pipelines. However, the trade-off is compute: DDPM requires many denoising steps (typically 1000) to generate a single image, making batch synthetic data generation expensive; you'd need to budget GPU time and potentially run this as a preprocessing step rather than on-demand. The privacy guarantee is qualified—the paper benchmarks formal privacy attacks, but doesn't provide differential privacy guarantees, so regulatory compliance still requires documentation and legal review alongside the technical approach.

Limitations and When Not to Use This

The paper evaluates performance only on cardiac MRI and doesn't demonstrate whether results transfer to other modalities (CT, X-ray, ultrasound), limiting generalizability claims; different anatomies may require retuning or entirely different conditioning mechanisms. The privacy evaluation uses empirical membership inference attacks rather than formal differential privacy bounds, which means the privacy claims are only as strong as the specific attacks tested—future stronger attacks might break privacy assumptions. The study assumes high-quality anatomical masks are available at inference time, which may not hold in noisier, real-world clinical settings or for organs with less-clear anatomical structure; the mask quality-utility relationship is not systematically studied. The paper doesn't address failure modes when synthetic data is mixed with real data in training pipelines—downstream models may learn artifacts or spurious correlations unique to DDPM-generated images, and there's no measurement of such distributional drift. Additionally, the downstream task is limited to segmentation; whether synthetic CMR improves performance on other tasks like disease classification, prognostication, or anomaly detection remains unexplored.

Research Context

This work builds on a decade of diffusion model research (Ho et al. 2020 on DDPM, Rombach et al. 2021 on LDM) and recent flow-based approaches, but applies them specifically to medical imaging synthesis—a domain where data regulations make generative models uniquely valuable. The paper extends prior medical image synthesis work (GANs, VAEs) by rigorously benchmarking modern diffusion approaches and explicitly measuring privacy, which has become a requirement in healthcare ML after high-profile attacks showed that generative models can leak training data. The three-axis evaluation framework (fidelity-utility-privacy) is itself a contribution, establishing a standard for future medical synthetic data work rather than just maximizing realism. The finding that DDPM (an older, simpler approach) outperforms Flow Matching in this domain opens a research direction questioning whether recent architectural innovations are overfitted to benchmark datasets and pushing the field to develop approaches better suited to low-data, privacy-critical domains.


:::tip Subscribe Get weekly breakdowns of papers like this in AI Letters - the newsletter for engineers building production AI systems. :::


Back to Research Lab → · Subscribe to AI Letters →

© 2026 EngineersOfAI. All rights reserved.