Privacy Challenges and Solutions in Retrieval-Augmented Generation-Enhanced LLMs for Healthcare Chatbots: A Review of Applications, Risks, and Future Directions
Shaowei Guan, Hin Chi Kwok, Ngai Fong Law, Gregor Stiglic, Harry Qin, Vivian Hui
TL;DR
Retrieval-Augmented Generation (RAG) enhances LLM-based healthcare tools by grounding responses in curated clinical sources, but raises PHI/privacy risks across data flows. The paper systematically maps privacy threats through storage, transmission, and retrieval/generation stages, and reviews 23 healthcare RAG studies for applications and data types, as well as 17 privacy-preserving strategies. It then surveys emerging privacy techniques (federated learning, differential privacy, synthetic data, encryption) and discusses their trade-offs, limitations, and need for standardized evaluation. The authors propose a roadmap for robust privacy-preserving healthcare RAG, including automated assessment tools, tiered data sensitivity, and policy-technical bridging to meet regulatory demands.
Abstract
Retrieval-augmented generation (RAG) has rapidly emerged as a transformative approach for integrating large language models into clinical and biomedical workflows. However, privacy risks, such as protected health information (PHI) exposure, remain inconsistently mitigated. This review provides a thorough analysis of the current landscape of RAG applications in healthcare, including (i) sensitive data type across clinical scenarios, (ii) the associated privacy risks, (iii) current and emerging data-privacy protection mechanisms and (iv) future direction for patient data privacy protection. We synthesize 23 articles on RAG applications in healthcare and systematically analyze privacy challenges through a pipeline-structured framework encompassing data storage, transmission, retrieval and generation stages, delineating potential failure modes, their underlying causes in threat models and system mechanisms, and their practical implications. Building on this analysis, we critically review 17 articles on privacy-preserving strategies for RAG systems. Our evaluation reveals critical gaps, including insufficient clinical validation, absence of standardized evaluation frameworks, and lack of automated assessment tools. We propose actionable directions based on these limitations and conclude with a call to action. This review provides researchers and practitioners with a structured framework for understanding privacy vulnerabilities in healthcare RAG and offers a roadmap toward developing systems that achieve both clinical effectiveness and robust privacy preservation.