AI in Medical Imaging Is Putting Your Privacy at Risk: Here’s How to Protect Yourself

Your X-ray, MRI, or CT scan is more than a picture—it’s a digital file packed with sensitive data. As hospitals rapidly adopt artificial intelligence to analyze these images, that data is being used in new ways that many patients don’t realize. The same technology that can spot a tumor faster than a radiologist also creates fresh openings for privacy breaches, re-identification, and even manipulation.

At the Radiological Society of North America (RSNA) 2026 conference, researchers presented work showing how deepfake X-rays can fool both radiologists and AI systems. That finding is part of a wider concern: the more medical images are shared, stored, and analyzed by third-party algorithms, the harder it is to keep them private. This article explains what’s changed and, more importantly, what you can do about it.

What Happened: How AI Is Changing Medical Imaging

AI tools are now used in radiology departments to flag abnormalities, prioritize urgent cases, and reduce reading time. These models require large volumes of images to train—often thousands of CT scans, mammograms, or chest X-rays. To get that data, hospitals and researchers sometimes share de-identified datasets.

But de-identification is not foolproof. Research has repeatedly shown that seemingly anonymous medical images can be re-linked to individual patients using facial recognition software, age, sex, or unique anatomical features. A study published in Nature Communications demonstrated that 3D facial reconstruction from CT scans could identify patients with high accuracy.

Meanwhile, the RSNA 2026 presentation on deepfake X-rays showed how synthetic images can be created to mimic real pathologies—or hide them. If such images are injected into a hospital system, they could alter diagnoses or be used for fraud. The same generative techniques also raise questions about consent: has your medical image ever been used to train an AI model without your knowledge?

Why It Matters for Everyday Patients

For most people getting an X-ray or MRI, the immediate concern is clinical. But the data you generate at that moment can persist in ways that matter years later. Here are the concrete risks:

  • Data breaches. Medical images are digital files stored in picture archiving and communication systems (PACS). These systems are frequent targets. The 2024 Change Healthcare breach exposed records for a large portion of US patients, including imaging data.
  • Re-identification. Even when your name is stripped, enough metadata (age, scan date, facility, body region) can be cross-referenced with public records to identify you.
  • Misuse by insurers or employers. DNA and imaging data offer predictive health information. Without strong protections, third parties could use it to assess risk or deny coverage.
  • Deepfake manipulation. Altered images could be used to fabricate injuries in insurance claims, or to falsely clear someone of a condition.

HIPAA covers medical images as protected health information, but the law has gaps. It does not always apply to researchers or AI vendors that receive de-identified data. And enforcement is reactive—by the time a breach is detected, the data is already out.

What Readers Can Do to Protect Their Medical Imaging Data

Before Your Scan

  1. Ask how your images will be used. Most consent forms are broad. Before you sign, ask: “Will my images be shared with any third parties, including AI developers?” You have the right to know. Some hospitals allow you to opt out of data sharing for research if you request it.

  2. Request that facial features be removed. Many facial CT scans include the eyes, nose, and mouth. You can ask the technologist if the facility can crop or anonymize facial structures before the images are stored.

  3. Check your patient portal. Major hospital systems let you see what data is being held. If you find images you didn’t authorize, flag them to the privacy office.

After Your Scan

  1. Opt out where possible. Some institutions participate in large imaging datasets like The Cancer Imaging Archive. They usually offer a consent withdrawal option. Contact the radiology department’s privacy officer.

  2. Monitor for suspicious activity. If you receive a bill for a scan you didn’t have, or see a radiology report in your portal you don’t recognize, report it immediately. It could indicate identity theft using your images.

  3. Use HIPAA rights. You can request an accounting of disclosures—a list of who has accessed your medical records, including images. This helps you see if data was shared without your knowledge.

  4. Be wary of non‑clinical uses. If an employer or insurance company asks for imaging records as part of a wellness program, consider whether it’s truly necessary. You can often decline.

If You Suspect a Breach

  • File a complaint with the HHS Office for Civil Rights (OCR). They investigate HIPAA violations.
  • Notify your healthcare provider’s privacy office.
  • Place a fraud alert on your credit report if you believe SSN or other identifiers were exposed (since imaging files sometimes contain embedded identifying data).

Sources and Further Reading

  • RSNA 2026 presentation: Deepfake X-Rays Fool Radiologists and AI – Radiological Society of North America.
  • Nature Communications (2023): “Re-identification of individuals from 3D facial reconstructions of CT scans.”
  • HHS Office for Civil Rights: HIPAA Privacy Rule and medical imaging guidance.
  • American College of Radiology: Data sharing and patient consent recommendations.

Medical imaging AI offers real benefits. But the privacy side of the ledger is often understated. By asking questions and exercising your rights, you can keep your health data where it belongs—under your control.