How AI in Medical Imaging Could Leak Your Health Data — and What to Do

Artificial intelligence has become a powerful assistant in radiology. It can help radiologists spot tumors, fractures, and other abnormalities faster than ever. But a recent report from the Radiological Society of North America (RSNA) warns that the same technology opens a “Pandora’s Box” of privacy risks for patients. If you’ve ever had an X-ray, MRI, or CT scan, your identity and sensitive health information may be more exposed than you realize.

What Happened

The RSNA report, titled “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks,” highlights a growing concern among radiologists and privacy experts. When AI algorithms are trained or run on medical images, they often need to process large datasets that include metadata, facial features, or body shapes. Researchers have demonstrated that AI can reconstruct a person’s face from a CT scan using the skull and soft tissue data—without the patient’s consent. In some cases, the same AI models that detect disease can inadvertently reveal personal identifiers like age, sex, or even unique anatomical markers.

These risks aren’t theoretical. A 2019 study published in Nature Communications showed that facial recognition software could accurately match CT scans to photographs of individuals. More recently, security researchers have found that AI tools used in imaging may store data in insecure cloud environments where breaches could expose thousands of patient records. The RSNA report emphasizes that even after de-identification, AI’s ability to re-identify individuals is improving rapidly, making traditional anonymization methods less reliable.

Why It Matters

Medical images are among the most sensitive pieces of personal data you possess. They can reveal not only your identity but also details about your genetics, reproductive health, and mental health. If leaked or misused, this information could lead to insurance discrimination, employer bias, or plain identity theft.

Under the Health Insurance Portability and Accountability Act (HIPAA), healthcare providers must protect your health information. But HIPAA was drafted before AI became common in clinical settings. It does not clearly cover all the ways AI can extract or re-identify data. For example, the law’s “Safe Harbor” de-identification method removes 18 specific identifiers, but it was never designed to stop AI from inferring those identifiers from pixel-level patterns. Many imaging AI tools also process data on third-party cloud servers, which introduces additional legal and security gaps. Patients are rarely told whether AI is being used on their scans, how the data is stored, or who has access to it.

What Readers Can Do

You don’t have to be a tech expert to protect yourself. Here are concrete steps you can take before and during your next medical imaging exam:

  1. Ask if AI is being used. When scheduling or checking in, ask the technician or your doctor: “Will an AI tool be used to analyze my images?” Many facilities will be honest if you ask directly. If they say yes, follow up with how your data is handled.

  2. Request anonymization. Ask if your images can be anonymized before being sent to any AI service. While some AI tools require non-anonymized data for clinical accuracy, many can work with de-identified versions. The facility should be able to explain.

  3. Read the consent form carefully. You may be asked to sign a general consent for “research” or “quality improvement.” Look for language about sharing data with third-party AI vendors. If the form is vague, ask for clarification or request to have the AI analysis done locally rather than in the cloud.

  4. Understand cloud storage risks. Ask where your data will be stored and how it’s encrypted. If the provider uses a cloud vendor, ask whether they have a data processing agreement and what happens if the vendor suffers a breach.

  5. Opt out when possible. Some facilities allow patients to opt out of having their images used for AI training or development. This may limit your exposure, though it’s not always possible if AI is part of the clinical workflow.

Sources

  • Radiological Society of North America. “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” May 2026.
  • Schwarz, C. et al. “Facial recognition from CT scans using deep learning.” Nature Communications, 2019.
  • U.S. Department of Health and Human Services. “Guidance Regarding Methods for De-identification of Protected Health Information.” Updated 2022.

The bottom line: AI in medical imaging offers real benefits, but the privacy landscape is shifting. By staying informed and asking the right questions, you can help ensure that your medical data stays yours—whether or not you see the algorithm behind the image.