Search papers, labs, and topics across Lattice.
This paper presents a comparative study of differential privacy (DP), named entity recognition (NER), and large language models (LLMs) for de-identifying Dutch clinical text. The authors evaluated these methods individually and in hybrid pipelines, assessing privacy leakage and utility via entity and relation classification. Results indicate that DP alone significantly degrades utility, but combining DP with LLM-based redaction substantially improves the privacy-utility trade-off.
LLMs can significantly boost the utility of differentially private de-identification for clinical text, offering a path to better privacy-preserving data sharing.
Protecting patient privacy in clinical narratives is essential for enabling secondary use of healthcare data under regulations such as GDPR and HIPAA. While manual de-identification remains the gold standard, it is costly and slow, motivating the need for automated methods that combine privacy guarantees with high utility. Most automated text de-identification pipelines employed named entity recognition (NER) to identify protected entities for redaction. Although methods based on differential privacy (DP) provide formal privacy guarantees, more recently also large language models (LLMs) are increasingly used for text de-identification in the clinical domain. In this work, we present the first comparative study of DP, NER, and LLMs for Dutch clinical text de-identification. We investigate these methods separately as well as hybrid strategies that apply NER or LLM preprocessing prior to DP, and assess performance in terms of privacy leakage and extrinsic evaluation (entity and relation classification). We show that DP mechanisms alone degrade utility substantially, but combining them with linguistic preprocessing, especially LLM-based redaction, significantly improves the privacy-utility trade-off.
