This seems to be more about reducing the risk of reverse engineering the training data of a machine learned system, which could expose sensitive information.
Without any special countermeasures, training a model on medical patient data and then releasing the model's parameters or even just making it possible for others to run the model on inputs they supply might allow someone to partially reconstruct the patient data.
This is a somewhat separate issue from whether the engineers building this system have access to the training data. You can achieve that by writing your training script and then running it in an environment that you don't personally have read access to.
Without any special countermeasures, training a model on medical patient data and then releasing the model's parameters or even just making it possible for others to run the model on inputs they supply might allow someone to partially reconstruct the patient data.
This is a somewhat separate issue from whether the engineers building this system have access to the training data. You can achieve that by writing your training script and then running it in an environment that you don't personally have read access to.