AI in Medical Imaging: What Patients Need to Know About Privacy Risks

AI in Medical Imaging: What Patients Need to Know About Privacy Risks

Artificial intelligence is increasingly used to analyze medical images like X-rays, CT scans, and MRIs. These tools can detect diseases faster and sometimes more accurately than unaided radiologists. But a new report from the Radiological Society of North America (RSNA) warns that this technology also introduces privacy risks that patients and healthcare providers need to take seriously.

What Happened

In May 2025, the RSNA published a special report on cybersecurity threats to large language models (LLMs) used in radiology. The report outlines several ways AI systems can inadvertently expose sensitive patient data. Among the concerns:

• Model inversion attacks – An attacker who gains access to an AI model can sometimes reconstruct the original images it was trained on, including the patient’s face or other identifying features.
• Re-identification of de-identified data – Even after removing names and other direct identifiers, AI algorithms can sometimes match scan metadata or image characteristics back to specific individuals using publicly available records.
• Unauthorized training – If a hospital or imaging center uses patient scans to train an AI model, that model may encode private information. If the model is later shared or made public, the encoded data can be extracted.

The RSNA report specifically focuses on LLMs, which are used not only for image analysis but also for generating radiology reports and interacting with electronic health records. These models can inadvertently memorize and regurgitate personal health information if not properly secured.

Why This Matters for Patients

Medical images are among the most sensitive pieces of personal data. A facial CT scan can reveal identity, while a full-body scan can expose details about a person’s organs, implants, or even genetic markers. If such data leaks, the consequences could include:

• Identity theft – Criminals could use medical images and associated records to file fraudulent insurance claims or obtain prescriptions.
• Discrimination – Employers, insurers, or others could misuse imaging data to deny coverage or employment based on health conditions.
• Embarrassment or blackmail – Unusual medical findings or images of private body parts could be exploited.

Current privacy regulations were not designed with AI in mind. HIPAA in the United States covers traditional data breaches and requires safeguards for electronic protected health information, but it does not explicitly address threats like model inversion or re-identification via AI. Similarly, GDPR in Europe requires data protection by design but leaves room for interpretation when it comes to machine learning.

What You Can Do as a Patient

You don’t need to become a cybersecurity expert to protect your privacy. Here are practical steps you can take before undergoing any AI-assisted imaging:

1. Ask if AI is used – When scheduling a scan, ask the provider whether AI tools will be involved in analyzing your images. Not all facilities use AI, and many will disclose it upon request.

2. Review the consent form carefully – Some consent forms include language about using your de-identified data for research or product development. Look for phrases like “anonymized data,” “training algorithms,” or “third-party AI vendor.” If it’s vague, ask for clarification.

3. Inquire about data safeguards – Ask whether the facility uses encryption, differential privacy (a technique that adds noise to data to protect individuals), or federated learning (a method where AI models are trained locally without moving data to a central server). These are signs the institution takes privacy seriously.

4. Limit sharing when possible – If you have the choice, request that your images not be used for research or AI training. Many facilities allow you to opt out without affecting your care.

5. Stay informed about your rights – Under HIPAA, you have the right to access your medical records and request an accounting of disclosures. If you suspect a breach, you can file a complaint with the Office for Civil Rights.

Looking Ahead

The RSNA report is a wake-up call for the radiology community and for regulators. Some hospitals are already implementing better safeguards, such as strict access controls, audited logs, and AI models that are “forgotten” after training. However, the pace of regulation lags behind technology.

For now, it is wise to treat medical imaging AI as a powerful tool that comes with trade-offs. The benefits in detection and diagnosis are real, but so are the risks to privacy. By asking questions and understanding the policies at your healthcare provider, you can make more informed decisions about your care.

Sources: RSNA Special Report: LLM Cybersecurity Threats in Radiology (May 2025). Additional context drawn from HIPAA Privacy Rule, GDPR, and public reports on medical data breaches.