Leveraging LLMs for Rapid Development of Regulatory-Compliant Software in Healthcare

Abstract

The Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR) are popular regulatory frameworks designed to protect patient health information and online user data. Developing healthcare software that complies with these regulations is challenging due to the complexity and sheer volume of legal and policy requirements. With the advent of generative AI (GenAI) and large language models (LLMs), legal text analysis has become more systematic and efficient. However, existing LLM-based solutions are constrained by context window limitations and the probabilistic nature of their predictions, making comprehensive clause processing difficult. In this paper, we propose an LLM pipeline that ingests regulatory text and software component descriptions to extract relevant actionable requirements while filtering out those that do not apply to the software engineer's scenario. The pipeline stages include compiling references into related provisions, reaching consistent decisions through a selfdebating mechanism, and finalizing requirements using a resolution system that consolidates results and highlights potential conflicts. We apply our LLM pipeline to a case study to ensure HIPAA and GDPR compliance for cross-border healthcare data sharing. Using multiple gpt-4o and gpt-4o-mini models, the pipeline extracts over 100 distinct requirements that directly impact software development.

Ähnliche Arbeiten