医疗保健服务的隐私策略文本遵从性推理框架与大型语言模型

IF 6.6 1区计算机科学 Q1 Multidisciplinary

Tsinghua Science and Technology Pub Date : 2025-03-03 DOI:10.26599/TST.2024.9010089

Jintao Chen;Fan Wang;Shengye Pang;Mingshuai Chen;Meng Xi;Tiancheng Zhao;Jianwei Yin

{"title":"医疗保健服务的隐私策略文本遵从性推理框架与大型语言模型","authors":"Jintao Chen;Fan Wang;Shengye Pang;Mingshuai Chen;Meng Xi;Tiancheng Zhao;Jianwei Yin","doi":"10.26599/TST.2024.9010089","DOIUrl":null,"url":null,"abstract":"The advancement of artificial intelligence-generated content drives the diversification of healthcare services, resulting in increased private information collection by healthcare service providers. Therefore, compliance with privacy regulations has increasingly become a paramount concern for both regulatory authorities and consumers. Privacy policies are crucial for consumers to understand how their personal information is collected, stored, and processed. In this work, we propose a privacy policy text compliance reasoning framework called FACTOR, which harnesses the power of large language models (LLMs). Since the General Data Protection Regulation (GDPR) has broad applicability, this work selects Article 13 of the GDPR as regulation requirements. FACTOR segments the privacy policy text using a sliding window strategy and employs LLM-based text entailment to assess compliance for each segment. The framework then applies a rule-based ensemble approach to aggregate the entailment results for all regulation requirements from the GDPR. Our experiments on a synthetic corpus of 388 privacy policies demonstrate the effectiveness of FACTOR. Additionally, we analyze 100 randomly selected websites offering healthcare services, revealing that nine of them lack a privacy policy altogether, while 29 have privacy policy texts that fail to meet the regulation requirements.","PeriodicalId":48690,"journal":{"name":"Tsinghua Science and Technology","volume":"30 4","pages":"1831-1845"},"PeriodicalIF":6.6000,"publicationDate":"2025-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10908666","citationCount":"0","resultStr":"{\"title\":\"A Privacy Policy Text Compliance Reasoning Framework with Large Language Models for Healthcare Services\",\"authors\":\"Jintao Chen;Fan Wang;Shengye Pang;Mingshuai Chen;Meng Xi;Tiancheng Zhao;Jianwei Yin\",\"doi\":\"10.26599/TST.2024.9010089\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The advancement of artificial intelligence-generated content drives the diversification of healthcare services, resulting in increased private information collection by healthcare service providers. Therefore, compliance with privacy regulations has increasingly become a paramount concern for both regulatory authorities and consumers. Privacy policies are crucial for consumers to understand how their personal information is collected, stored, and processed. In this work, we propose a privacy policy text compliance reasoning framework called FACTOR, which harnesses the power of large language models (LLMs). Since the General Data Protection Regulation (GDPR) has broad applicability, this work selects Article 13 of the GDPR as regulation requirements. FACTOR segments the privacy policy text using a sliding window strategy and employs LLM-based text entailment to assess compliance for each segment. The framework then applies a rule-based ensemble approach to aggregate the entailment results for all regulation requirements from the GDPR. Our experiments on a synthetic corpus of 388 privacy policies demonstrate the effectiveness of FACTOR. Additionally, we analyze 100 randomly selected websites offering healthcare services, revealing that nine of them lack a privacy policy altogether, while 29 have privacy policy texts that fail to meet the regulation requirements.\",\"PeriodicalId\":48690,\"journal\":{\"name\":\"Tsinghua Science and Technology\",\"volume\":\"30 4\",\"pages\":\"1831-1845\"},\"PeriodicalIF\":6.6000,\"publicationDate\":\"2025-03-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10908666\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Tsinghua Science and Technology\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10908666/\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"Multidisciplinary\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Tsinghua Science and Technology","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10908666/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"Multidisciplinary","Score":null,"Total":0}

引用次数: 0

摘要

人工智能生成内容的进步推动了医疗保健服务的多样化，导致医疗保健服务提供商收集的私人信息增加。因此，遵守隐私法规日益成为监管机构和消费者最关心的问题。隐私政策对于消费者了解他们的个人信息是如何被收集、存储和处理的至关重要。在这项工作中，我们提出了一个名为FACTOR的隐私策略文本遵从性推理框架，它利用了大型语言模型（llm）的功能。由于《通用数据保护条例》（GDPR）具有广泛的适用性，本文选择GDPR第13条作为监管要求。FACTOR使用滑动窗口策略对隐私策略文本进行分段，并使用基于llm的文本蕴意来评估每个分段的遵从性。然后，该框架应用基于规则的集成方法来聚合来自GDPR的所有监管要求的隐含结果。我们在388个隐私策略的合成语料库上的实验证明了FACTOR的有效性。此外，我们随机选取了100家提供医疗保健服务的网站进行分析，发现其中9家完全没有隐私政策，29家的隐私政策文本不符合监管要求。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Privacy Policy Text Compliance Reasoning Framework with Large Language Models for Healthcare Services

The advancement of artificial intelligence-generated content drives the diversification of healthcare services, resulting in increased private information collection by healthcare service providers. Therefore, compliance with privacy regulations has increasingly become a paramount concern for both regulatory authorities and consumers. Privacy policies are crucial for consumers to understand how their personal information is collected, stored, and processed. In this work, we propose a privacy policy text compliance reasoning framework called FACTOR, which harnesses the power of large language models (LLMs). Since the General Data Protection Regulation (GDPR) has broad applicability, this work selects Article 13 of the GDPR as regulation requirements. FACTOR segments the privacy policy text using a sliding window strategy and employs LLM-based text entailment to assess compliance for each segment. The framework then applies a rule-based ensemble approach to aggregate the entailment results for all regulation requirements from the GDPR. Our experiments on a synthetic corpus of 388 privacy policies demonstrate the effectiveness of FACTOR. Additionally, we analyze 100 randomly selected websites offering healthcare services, revealing that nine of them lack a privacy policy altogether, while 29 have privacy policy texts that fail to meet the regulation requirements.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Tsinghua Science and Technology COMPUTER SCIENCE, INFORMATION SYSTEMSCOMPU-COMPUTER SCIENCE, SOFTWARE ENGINEERING

CiteScore

10.20

自引率

10.60%

发文量

2340

期刊介绍： Tsinghua Science and Technology (Tsinghua Sci Technol) started publication in 1996. It is an international academic journal sponsored by Tsinghua University and is published bimonthly. This journal aims at presenting the up-to-date scientific achievements in computer science, electronic engineering, and other IT fields. Contributions all over the world are welcome.