AI in Medical Imaging: Privacy Risks You Should Know About

Intro

Artificial intelligence is increasingly used to interpret X-rays, CT scans, and MRIs. It can speed up diagnosis, catch subtle abnormalities, and reduce radiologist fatigue. But as these tools become standard in hospitals and clinics, a less discussed side effect is emerging: new privacy risks for patients. Recent research presented by the Radiological Society of North America (RSNA) has highlighted that medical imaging AI can expose patient data in unforeseen ways—and even make it possible to create realistic fake X-rays that fool both humans and machines.

What Happened

At the RSNA annual meeting in 2025, researchers presented findings on a set of privacy vulnerabilities tied to AI in medical imaging. One of the more attention-grabbing results involved deepfake X-rays: synthetic chest radiographs generated by AI that were indistinguishable from real ones to both board-certified radiologists and commercial AI diagnostic systems. The study raised questions about how such fakes could be used to manipulate medical records, fraudulently claim insurance payouts, or even sabotage a person’s health data.

Beyond deepfakes, the researchers outlined standard privacy risks that become more acute when AI is involved. For instance, large imaging datasets used to train AI models may contain patient identifiers that are not fully stripped away. Even when images are anonymized, researchers have shown that facial features or bone structures can be used to re-identify individuals. Additionally, cloud-based AI services that process scans off-site create more opportunities for data exposure or breach.

Why It Matters

For patients, these risks are often invisible. You go in for a scan, the image is analyzed by an AI tool, and the results are returned to your doctor. What you may not know is how that image is stored, who else has access to it, or whether it could be altered without your knowledge.

The deepfake threat is particularly troubling. If a malicious actor can insert a fake X-ray into your medical record, it could lead to unnecessary treatments, missed diseases, or false insurance claims. Correcting such errors afterward can be laborious and stressful. And as AI-generated content becomes harder to detect, the burden shifts onto patients to ask tougher questions about data integrity.

There is also the question of consent. Many AI tools are trained on retrospective patient data, sometimes without explicit permission. Even when data is de-identified, the possibility of re-identification means your privacy may not be fully protected. A 2023 study in Nature Communications found that 3D facial reconstructions from CT scans could match patients with high accuracy, undermining common anonymization practices.

What Readers Can Do

You don’t need to be a cybersecurity expert to take reasonable steps. Here is a practical checklist:

  • Ask your provider about AI. Before undergoing an imaging exam, ask whether an AI tool will be used to interpret the scan. Then ask: “Is my data stored locally or sent to a third party? Is it encrypted? How long is it kept?”
  • Inquire about opting out. Some institutions allow you to decline having your images used for AI training. This may not affect your care, though it could limit the quality of AI tools over time. It is your right to ask.
  • Request a copy of your own images. In the US, you have the right to access your medical records, including imaging files. Holding a copy gives you a reference in case discrepancies arise later.
  • Watch for inconsistencies. If you receive a diagnosis that seems abrupt or contradicts earlier imaging, ask for a second review—especially if AI was heavily involved. Radiologists can be misled by deepfakes, but a careful human look may catch anomalies that AI missed.
  • Support stronger regulations. Current laws like HIPAA in the US set a baseline, but they were not written with AI-generated content or cloud processing in mind. Patient advocacy groups are pushing for clearer rules on AI transparency, data retention limits, and the right to know when an AI has made an error.

Sources

  • Radiological Society of North America. “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” RSNA News, 2025.
  • RSNA. “Deepfake X-Rays Fool Radiologists and AI.” Presented at RSNA 2025 Annual Meeting.
  • Nature Communications. “Re-identification of Individuals from 3D Facial Reconstructions of CT Scans.” 2023.
  • U.S. Department of Health and Human Services. “Your Rights Under HIPAA.” hhs.gov.

Note: Privacy protections vary by country. The advice here is based on current best practices and may not apply to every healthcare setting. If you have concerns, speak directly with your provider’s privacy office.