Title: Selective Token-Level Cryptographic Redaction for Privacy-Preserving Clinical Deployment of Large Language Models

Abstract:

Although large language models (LLMs) are seeing growing adoption in healthcare, current processing pipelines often necessitate transmitting unencrypted, sensitive health data to remote servers. This practice significantly increases the potential for privacy breaches. While encrypting data prior to transmission is a logical countermeasure, naive implementations that encrypt entire datasets impose excessive computational, alignment, and communication burdens, making large-scale practical implementation unviable.

To balance data protection with model utility, we introduce Healthcare Encryption & Redaction via Adaptive Linguistic Decomposition (HERALD). This framework employs token-level cryptographic redaction to encrypt only specific sensitive tokens, thereby maintaining the surrounding context necessary for downstream tasks. HERALD utilizes a medical named-entity recognizer (NER) alongside part-of-speech (POS) driven policies to identify candidate tokens. It then applies targeted lemmatization to normalize surface forms before replacing each protected token with a deterministic ciphertext enclosed in explicit delimiters.

As a model-agnostic solution, HERALD functions entirely on the client side. This ensures that sensitive information remains encrypted during storage, transmission, and processing, eliminating the need for modifications to downstream models. We assessed HERALD’s efficacy using classification and medical question answering (MQA) tasks on public datasets. Our experiments demonstrate that while fully secured baseline methods experience substantial drops in utility, HERALD consistently restores performance to levels comparable to plaintext data. Ultimately, HERALD offers a novel pipeline for secure clinical deployment.

Source: arXiv Generated at: 2026-06-03 00:00:00 UTC