If multiple autoimmune sites exchange encrypted sufficient statistics instead of patient-level wearable data, a wearable-flare model such as a Bayesian HR/HRV/SpO2 score should retain external calibration within a prespecified tolerance while preserving privacy. The primary test should compare encrypted versus plaintext pooled validation for calibration slope, calibration intercept, Brier score, and time-dependent AUC across sites. A falsifiable target is that the encrypted pipeline remains non-inferior to plaintext pooling with calibration slope within ±0.05 and intercept within ±0.10. This is directly testable because threshold homomorphic encryption has already been shown to support multicenter medical model training and evaluation, and secure encrypted model learning has been demonstrated in medical and genomic settings. References: Lu Y et al. J Med Internet Res. 2020;22(12):e22555. DOI: 10.2196/22555; Froelicher D et al. Nat Commun. 2021;12:6184. DOI: 10.1038/s41467-021-25972-y; Sarkar E et al. IEEE Access. 2021;9:93097-93110. DOI: 10.1109/access.2021.3093005.