AI in Medical Imaging Is Raising New Privacy Risks: What Patients Need to Know

Medical imaging has long been a cornerstone of diagnosis, and artificial intelligence is making it faster and more accurate. But the same technology that helps radiologists spot tumors is also creating new ways for patient data to be misused. Recent research presented by the Radiological Society of North America (RSNA) highlights a growing concern: AI-driven tools are opening up privacy vulnerabilities that many patients and providers are not yet prepared for.

Here is what the research found, why it matters for anyone who has ever had an X-ray, MRI, or CT scan, and what you can do about it.

What happened

In May 2026, RSNA published findings detailing specific privacy risks tied to AI in medical imaging. Among the most concerning is the emergence of deepfake X-rays—digitally altered medical images that can fool both human radiologists and AI algorithms. Researchers demonstrated that these manipulated images could be used to add or remove clinical findings, potentially leading to misdiagnosis or fraudulent insurance claims.

The same research also identified risks around data re-identification. Medical images contain detailed biometric information—bone structure, facial features, even unique patterns in blood vessels—that can be used to identify individuals even after traditional identifiers (name, date of birth) are stripped. As AI models become more powerful, the ability to re-identify patients from anonymized imaging datasets is increasing.

A separate RSNA report from March 2026, titled “Deepfake X-Rays Fool Radiologists and AI,” confirmed that even trained clinicians had difficulty distinguishing real images from manipulated ones in controlled tests.

Why it matters

For most people, the privacy conversation around healthcare has focused on medical records and billing data. Medical images have largely flown under the radar. That is changing.

If your medical images are shared with third-party AI developers—often for algorithm training—you may have little control over how that data is used or how long it is retained. And because images are not always encrypted during transmission or storage, they can be intercepted.

The consequences go beyond a data breach notification letter. Deepfake medical images could be used to commit insurance fraud (falsifying a claim for a procedure that was never performed), or to fabricate evidence in legal cases. If someone obtains your scans, they could combine them with other personal data to commit identity theft. And if a manipulated image leads to a wrong diagnosis, the patient suffers directly.

The RSNA research also pointed out that many patients are never told that their images will be used for AI training, and that consent processes often do not address this use case.

What readers can do

You do not need to avoid necessary scans. But you can take a few practical steps to gain more control over your medical images.

  • Ask your provider about data sharing. Before the scan, ask whether your images will be shared with any third party—including AI companies or research institutions. Request to opt out if you are not comfortable with that. Some facilities may not allow opting out, but it is worth asking.

  • Inquire about encryption and storage. Ask how your images are stored and transmitted. Are they encrypted at rest and in transit? Who has access? If the staff cannot give you a clear answer, consider raising the question with the facility’s privacy officer.

  • Use patient portals carefully. Many healthcare systems now give you access to your own images through online portals. That is convenient, but it also means your images are accessible if your portal account is compromised. Use strong, unique passwords and enable two-factor authentication if available.

  • Limit unnecessary image sharing. If you are asked to provide copies of old scans for a second opinion, ask whether the receiving facility truly needs the full image data or just the radiologist’s report. Share only what is necessary.

  • Watch for legal notices. Pay attention to privacy policy updates from your healthcare provider. If they change their policy to allow broader use of imaging data for AI development, you may have a right to object or to request deletion in some jurisdictions.

What regulators and providers should do

This is not just a patient problem. Regulators like the Department of Health and Human Services in the US, and equivalents in other countries, will need to update guidelines to cover medical images specifically. The current HIPAA framework in the US treats images as protected health information, but it does not fully account for the risks of re-identification via AI or deepfake manipulation.

Healthcare providers should be transparent about whether they use AI tools and how patient data flows through those tools. Informed consent forms should include explicit language about image reuse, and facilities should offer a meaningful opt-out where possible.

Sources

  • Radiological Society of North America. “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” Published May 20, 2026. Available at RSNA.org.
  • Radiological Society of North America. “Deepfake X-Rays Fool Radiologists and AI.” Published March 24, 2026. Available at RSNA.org.

Note: The exact findings of RSNA’s May 2026 report are summarized here based on press materials and abstracts released prior to full publication. Some details may be refined once the peer-reviewed paper is available.