AI in Medical Imaging: A Privacy Risk You Should Know About

AI in Medical Imaging: A Privacy Risk You Should Know About

Artificial intelligence is being integrated into radiology at a rapid clip. At the Radiological Society of North America’s (RSNA) annual meetings, AI tools now fill entire exhibit halls, and hospitals are increasingly using them to speed up image interpretation, flag abnormalities, and even predict patient outcomes. The benefits are real—but so are the privacy risks that come with handing over your medical images to software systems that were not originally designed with strong data protection in mind.

What Happened: Deepfakes, Data Hoarding, and the Rush to AI

Recent research presented at RSNA has highlighted a disturbing capability: deepfake X-rays that can fool both radiologists and the AI algorithms meant to catch forgeries. In one study, researchers generated synthetic CT scans and chest X-rays that appeared genuine to human readers and to detection software. This raises the possibility of medical image tampering—an attacker could insert a fake lesion or remove a real one, leading to misdiagnosis.

At the same time, AI vendors often require access to large volumes of patient imaging data to train and improve their models. This data is frequently uploaded to cloud servers managed by third parties, sometimes without patients’ explicit knowledge. While HIPAA requires that protected health information be de-identified before sharing for research, the de-identification process is not always airtight. Moreover, many consent forms in radiology departments now include broad language allowing data to be used for “algorithm development” or “quality improvement,” which may not clearly spell out that your scans could end up on external servers.

Why It Matters

The convergence of these trends creates several concrete risks for patients.

First, unauthorized data sharing and retention. When you undergo an MRI or CT scan, the images themselves are rich in biometric information—bone structure, organ shape, even vascular patterns. Once an AI vendor stores that data, it may be used for purposes beyond the original diagnosis, such as research that you did not agree to, or sold to insurers or employers if not adequately de-identified. HIPAA enforcement is uneven, and some of these data transfers fall into regulatory gray areas.

Second, deepfake and manipulated images. If malicious actors gain access to imaging databases, they could alter scans to fake an injury for insurance fraud, or to hide evidence of a condition. For patients, the more immediate worry is that a manipulated image could lead your doctor to the wrong conclusion. As one RSNA presenter put it, “The same technology that helps AI detect cancer can also be used to hide it.”

Third, data breaches. Centralized AI cloud storage creates a single attractive target for hackers. Radiology records are high-value on the black market because they contain both personal identifiers and detailed health information. A breach could expose not just your name and address, but a lifetime of diagnostic images.

What You Can Do

You don’t need to avoid medical imaging, but you can take steps to protect your data.

• Ask your provider about AI use. Before a scan, ask whether an AI tool will be used to interpret your images, and if so, what vendor processes the data. If the answer is vague, request a copy of the consent form and read it carefully. Look for clauses that authorize “secondary use” or “research” without specific opt-out options.
• Opt out of data sharing when possible. Some hospitals allow patients to restrict their data from being used for purposes other than their own care. Ask if you can sign a limited consent that only allows data use for your immediate diagnosis.
• Request data deletion after care ends. Once your treatment is complete, you can ask the imaging facility to delete your images from their active systems—though this may not be feasible if state laws require retention for a certain period. Still, it is worth asking.
• Be skeptical of “de-identified” claims. No de-identification method is perfect. Given that researchers have re-identified people from supposedly anonymous datasets, treat any promise of total privacy with caution.
• Stay informed. Privacy practices vary by institution and vendor. Check the news for updates on breach incidents or policy changes at major imaging chains.

Sources

• RSNA. “Deepfake X-Rays Fool Radiologists and AI.” March 2026.
• RSNA. “RSNA 2025 Technical Exhibits Feature Largest Radiology AI Showcase.” September 2025.
• RSNA. “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” May 2026.

The potential of AI in radiology is enormous. But the privacy landscape has not kept pace with the technology. Understanding the risks—and knowing how to minimize them—allows you to benefit from these tools without handing over more than you intend.