AI in Medical Imaging: What You Need to Know About Your Privacy

AI in Medical Imaging: What You Need to Know About Your Privacy

Artificial intelligence is transforming how doctors read X-rays, CT scans, and MRIs. These tools can detect fractures, tumours, and other abnormalities sometimes faster than a radiologist can. But as the technology spreads, so do questions about what happens to your medical images and the personal data they contain.

At the 2026 annual meeting of the Radiological Society of North America (RSNA), researchers and privacy advocates gathered to discuss these very concerns. The consensus was sobering: while AI holds real promise, current data practices around medical imaging may expose patients to risks that they are rarely told about.

What happened at RSNA

The RSNA 2026 programme included sessions focused on the privacy implications of AI in radiology. One presentation framed the issue as a “Pandora’s box” of risks—pointing out that once medical images are fed into AI systems, they may be stored, shared, or analysed in ways that go far beyond the original diagnosis.

Key concerns raised at the conference included:

• Large training datasets. Many AI models are trained on hundreds of thousands of medical images. These datasets sometimes come from multiple hospitals and may lack the strong anonymisation that patients assume.
• Re-identification risks. Even when identifying information like names are stripped, facial features or bone structures visible in scans can potentially be matched back to an individual.
• Secondary use without consent. Images submitted for AI training or research may later be used for unrelated purposes—such as developing commercial products or sharing with third parties.

These are not hypothetical scenarios. Data breaches in healthcare have been steadily rising, and medical images are not exempt from being targeted.

Why it matters to patients

Medical images are among the most intimate records you have. A CT scan may reveal not only an injury or disease but also your age, sex, body composition, and even unique anatomical markers. Unlike a credit card number, you cannot change your body after a leak.

Current regulations such as the Health Insurance Portability and Accountability Act (HIPAA) in the United States do provide some protections. However, HIPAA was written long before AI became common in radiology. The law does not clearly address what constitutes “de-identified” data when AI can re-identify individuals from a scan. Similarly, consent forms often give broad permission to use images for “research or quality improvement,” without explaining how that data might be shared with AI vendors or cloud providers.

The result is a patchwork of protections that may leave patients exposed, especially when data crosses state lines or international borders for AI processing.

What you can do

You don’t need to be a privacy expert to reduce your risk. Here are practical steps patients can take:

• Ask before you scan. Before an imaging exam, ask your provider: “How will my images be stored, and will they be used to train AI?” Many hospitals have policies that allow you to opt out of secondary use.
• Read the consent form carefully. If the form includes vague language about “research” or “data sharing,” ask for a clear explanation. You have the right to limit how your data is used.
• Know your HIPAA rights. You can request an accounting of disclosures—a list of who has accessed your medical images and why. This can help you spot unexpected sharing.
• Ask about de-identification. Inquire whether your images will have facial features removed or other steps taken to reduce re-identification risk before any AI processing.
• Stay informed. As the technology evolves, watch for updates from organisations like RSNA or patient advocacy groups about data privacy standards.

The road ahead

Several efforts are underway to improve the situation. The RSNA itself has launched initiatives to promote ethical AI practices, including guidelines for data anonymisation and transparency. In Europe, the General Data Protection Regulation (GDPR) already imposes stricter requirements on health data processing. In the US, lawmakers have introduced bills aimed at strengthening health data privacy for AI applications.

But regulation moves slowly, and technology moves fast. Patients should not assume that their medical images are completely private by default. A little caution now may prevent unwanted exposure later.

Sources

• Radiological Society of North America. “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” RSNA 2026, May 2026. Link
• U.S. Department of Health and Human Services. “HIPAA Privacy Rule.” Accessed May 2026.