AI in Medical Imaging and Your Privacy: What You Need to Know
If you’ve had an X-ray, CT scan, or MRI in the past few years, there’s a good chance an AI system helped analyze the images. Radiology departments increasingly rely on machine learning models to detect tumors, measure blood flow, and flag abnormalities. The technology can improve accuracy and speed, but it also introduces privacy risks that most patients never think about.
Recent research presented at the Radiological Society of North America (RSNA) highlights a troubling reality: the same AI tools that assist doctors may also make your medical images vulnerable to new forms of misuse, including deepfake manipulation and re-identification of supposedly anonymized data. For patients, this raises questions about who has access to their scans and how that information could be used beyond their original purpose.
What Happened
At RSNA 2025 and 2026 meetings, researchers demonstrated that AI models trained on medical images can be tricked or turned against patient privacy. One study showed that deepfake X-rays—synthetic images generated by AI—could fool both radiologists and automated detection systems. In practice, that means someone with malicious intent could create a fake scan that looks real enough to alter a diagnosis or commit insurance fraud.
Another line of research exposed what are called “model inversion” and “membership inference” attacks. An AI model trained on thousands of chest X-rays might inadvertently memorize parts of individual patients’ scans. By probing the model, an attacker can infer whether a particular person’s data was included in the training set, and in some cases reconstruct recognizable images. That undermines the entire point of anonymization: even after identifiers are stripped, the model itself can leak private information.
The RSNA presentations underscored that these are not purely theoretical risks. In one experiment, deepfake lung X-rays were inserted into a hospital’s picture archiving and communication system (PACS) and clinicians could not reliably distinguish them from real images. The same technique could be used to inject false evidence into legal or insurance proceedings.
Why It Matters for Patients
Most people assume their medical images are protected by HIPAA, the U.S. health privacy law. HIPAA does cover traditional data breaches and limits how hospitals share personal health information. But it was written long before AI models became common in radiology, and it does not fully address the risks that come with machine learning.
For example, HIPAA generally allows de-identified data to be shared freely. But if a patient’s scan is used to train an AI model, the model might still retain enough detail to re-identify that patient—even though the scan itself was anonymized. The legal framework does not treat the model as containing “protected health information,” even when it does.
The consequences go beyond privacy. If deepfake scans become common, they could erode trust in diagnostic imaging. Radiologists already have a tough job; asking them to also verify the authenticity of every image adds a burden no one is prepared for. And if insurers or courts start questioning whether a scan is real, patients could face delays in treatment or disputes over coverage.
What Patients Can Do
You don’t need to be a cybersecurity expert to take reasonable steps. Here are practical actions you can take:
Ask your provider about data use. Before a scan, ask the facility how your images will be used. Questions to raise: “Will my images be used to train AI models?” “Will the data be shared with third-party companies?” “What steps are taken to de-identify the images?” A responsible provider should have clear answers.
Review privacy policies. Imaging centers and hospitals are required to provide a Notice of Privacy Practices under HIPAA. Read it. Look for language that discusses AI, machine learning, or “secondary use” of data. If the policy is vague, consider going elsewhere.
Opt out of research where possible. Many institutions allow you to withhold your medical records from research databases. The form is usually called an “opt-out” for research use of protected health information. It may reduce opportunities for your data to be included in AI training sets.
Use your right to access and request removal. HIPAA gives you the right to see your images and request corrections. Some states have stronger laws about deletion or restricting data sharing. If your facility uses a cloud-based imaging vendor, ask whether your images are stored outside the country and what security certifications they hold.
Stay informed about new risks. The deepfake X-ray problem is still emerging, but it will likely prompt new tools for image authentication. In the meantime, if you suspect a scan result is wrong, ask for a second opinion—and consider requesting a human re-read, not just an AI-assisted one.
The Bigger Picture
Regulation is lagging. The HHS Office for Civil Rights periodically updates guidance on HIPAA and AI, but no federal rules specifically address model inversion or membership inference in medical imaging. Some states, like California, have broader privacy laws (the CCPA and CPRA), but they were designed for consumer data, not medical scans. Until the laws catch up, the burden falls on patients to be proactive.
Industry groups are working on standards for securing AI pipelines and verifying image authenticity, but those efforts are not yet widespread. As a patient, you can help raise awareness by asking the questions and making informed choices about where you receive care.
Sources
- RSNA 2026: Deepfake X-Rays Fool Radiologists and AI. Radiological Society of North America, March 2026.
- RSNA 2025: Technical Exhibits Feature Largest Radiology AI Showcase. September 2025.
- HHS Office for Civil Rights: HIPAA Privacy Rule and AI Technologies (guidance documents, 2024–2025).
- Fredrikson, M. et al. “Model Inversion Attacks that Exploit Confidence Information.” USENIX Security 2015.
- Shokri, R. et al. “Membership Inference Attacks against Machine Learning Models.” IEEE S&P 2017.