How AI in Medical Imaging Creates New Privacy Risks for Patients

If you’ve ever had an X‑ray, MRI, or CT scan, those digital images are more than medical records—they are a detailed map of the inside of your body. Increasingly, those scans are used to train artificial intelligence systems that help radiologists detect disease faster. But the same technology that powers AI‑assisted diagnosis also introduces novel privacy threats that most patients are unaware of. Medical imaging AI opens a Pandora’s box of privacy‑related risks, the Radiological Society of North America warns, and the safeguards designed for older forms of health data may not be enough.

What happened

In 2026, researchers presented findings at the RSNA annual meeting demonstrating that deepfake X‑rays can fool both experienced radiologists and the AI systems meant to detect forgeries. The synthetic images were created using generative AI trained on real patient scans, and in blinded tests they were mistaken for authentic exams nearly as often as real ones. This raises the possibility that fabricated scans could be inserted into medical records to commit insurance fraud, manipulate a diagnosis, or even blackmail a patient.

Separately, investigations have shown that large repositories of medical images—often de‑identified according to standards like HIPAA—are routinely used to train commercial AI models without explicit patient consent. While de‑identification strips obvious identifiers like names and social security numbers, researchers have demonstrated that it is often possible to re‑identify individuals by cross‑referencing pixel‑level data with public databases. Moreover, existing privacy laws like HIPAA were written before generative AI existed and do not clearly cover synthetic medical data created from real images.

Why it matters

For patients, the risks go beyond a theoretical breach of confidentiality. A deepfake scan that mimics a real condition could lead to unnecessary treatments or missed diagnoses. A manipulated image entered into a health insurance claim could trigger an investigation or denial of coverage. And because medical images are a form of biometric data—unique to each person—they cannot be reissued like a credit card number once compromised.

The problem is compounded by the fact that many patients sign broad consent forms at imaging centers that permit their data to be used for “research and development.” Few patients are explicitly told that this includes feeding their scans into commercial AI products that may not have the same privacy protections as clinical systems. Data that leaves your provider’s network can be copied, aggregated, and used in ways you never intended.

What readers can do

You don’t need to avoid needed medical imaging. But you can take concrete steps to protect your data:

  • Ask your imaging provider about data‑sharing policies. Before a scan, request a written explanation of how your images will be stored, who will have access, and whether they will be used to train AI. Many facilities have opt‑out forms for research use.
  • Opt out of AI training where possible. Some healthcare systems now give patients a choice to allow their data to be used for algorithm development. If you are not comfortable with it, say no. Your care will not suffer.
  • Review your medical records regularly. Most hospitals offer patient portals where you can view your imaging reports. Check for any scans you did not receive or unexplained entries. Report discrepancies immediately.
  • Read consent forms carefully. If a form mentions “de‑identified data may be used for secondary purposes,” understand that de‑identification is not foolproof. Consider crossing out or declining that clause if you can.
  • Advocate for stronger rules. Contact your elected representatives and support legislation that requires explicit consent for AI training on health data and mandates transparency about how synthetic images are generated and labeled.

Sources

  • Radiological Society of North America, “Deepfake X‑Rays Fool Radiologists and AI,” RSNA Press Release, March 2026.
  • Radiological Society of North America, “Medical Imaging AI Opens a Pandora’s Box of Privacy‑Related Risks,” RSNA News, May 2026.
  • RSNA 2026 Technical Exhibits coverage and related research presentations.

Note: While HIPAA offers baseline protections, its application to AI‑generated medical images remains uncertain. Consult a privacy professional if you have specific concerns about your data rights.