Electronic health records (EHRs) and other real-world clinical data are essential for clinical research, medical artificial intelligence, and life science, but their sharing is severely limited by privacy, governance, and interoperability constraints. These barriers create persistent data silos that hinder multi-center studies, large-scale model development, and broader biomedical discovery. Existing privacy-preserving approaches, including multi-party computation and related cryptographic techniques, provide strong protection but often introduce substantial computational overhead, reducing the efficiency of large-scale machine learning and foundation-model training. In addition, many such methods make data usable for restricted computation while leaving them effectively invisible to clinicians and researchers, limiting their value in workflows that still require direct inspection, exploratory analysis, and human interpretation. We propose a real-world-data transformation framework for privacy-preserving sharing of structured clinical records. Instead of converting data into opaque representations, our approach constructs transformed numeric views that preserve medical semantics and major statistical properties while, under a clearly specified threat model, provably breaking direct linkage between those views and protected patient-level attributes. Through collaboration between computer scientists and the AI agent \textbf{SciencePal}, acting as a constrained tool inventor under human guidance, we design three transformation operators that are non-reversible within this threat model, together with an additional mixing strategy for high-risk scenarios, supported by theoretical analysis and empirical evaluation under reconstruction, record linkage, membership inference, and attribute inference attacks.

翻译：电子健康记录（EHRs）及其他真实世界临床数据对临床研究、医疗人工智能及生命科学至关重要，但其共享受到隐私、治理与互操作性约束的严重限制。这些障碍造成持续的数据孤岛，阻碍了多中心研究、大规模模型开发及更广泛的生物医学发现。现有隐私保护方法（包括多方计算及相关密码学技术）虽提供强保护，但常引入大量计算开销，降低了大规模机器学习与基础模型训练的效率。此外，许多此类方法虽能使数据用于受限计算，但对临床医生和研究人员而言却保持不可见性，限制了它们在仍需直接审查、探索性分析与人类解读的工作流程中的价值。我们提出了一种用于结构化临床记录隐私保护共享的真实世界数据转换框架。不同于将数据转换为不透明表示，我们的方法构建了保留医学语义及主要统计特性的转换后数值视图，同时（在明确定义的威胁模型下）可证明地阻断这些视图与受保护的患者级属性之间的直接关联。通过计算机科学家与AI智能体\textbf{SciencePal}（在人类指导下扮演受限工具发明者角色）的协作，我们设计了三种在该威胁模型下不可逆的转换算子，并针对高风险场景附加了一种混合策略，该策略在重构攻击、记录链接攻击、成员推断攻击及属性推断攻击下均得到理论分析与实证评估的支持。