How Medical Imaging AI Could Expose Your Private Health Data — and What to Do About It

Artificial intelligence is now routinely used to analyze X-rays, CT scans, and MRIs. It can spot tumors faster than a radiologist, reduce human error, and process images in minutes instead of hours. But a recent report from the Radiological Society of North America (RSNA) warns that the same technology is creating new privacy risks that most patients are unaware of. This article explains what those risks are and what you can do about them.

What happened

In May 2026, researchers presented findings at the RSNA annual meeting — one of the largest radiology conferences in the world — highlighting a series of privacy vulnerabilities introduced by AI-powered medical imaging. The report, titled “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks,” describes how patient data can be exposed during AI training, validation, and deployment.

The authors identified three main areas of concern:

  • Data sharing with third parties. Many AI models are developed by companies that are not part of the hospital system. When a radiology department licenses an AI tool, patient images are often sent to external servers for processing. The report notes that patients rarely consent to this transfer.

  • Insufficient anonymization. Standard de-identification techniques — removing names, dates, and ID numbers — may not be enough. AI models can sometimes re-identify patients by analyzing unique anatomical features in scans, such as bone structure or dental patterns.

  • Re-identification risk. Even when data is anonymized, researchers have shown that it can be matched to other datasets (like public health records or social media) to re-identify individuals. The RSNA report emphasizes that this risk is growing as more data from different sources becomes interconnected.

Why it matters

Medical images are some of the most sensitive personal data you have. They reveal not just your identity but your health conditions, injuries, and even genetic markers. A data breach involving imaging data could lead to discrimination by insurers, employers, or others. Unlike a credit card number, you cannot change your medical history.

The RSNA report does not claim that a major breach has already occurred. Instead, it serves as a warning: the current regulatory framework in the United States — primarily HIPAA — was not designed for AI. HIPAA covers how data is handled by covered entities (hospitals, clinics), but it has weaker protections for data once it leaves their control. AI vendors may not be directly subject to HIPAA if they only process de-identified data, and the definition of “de-identified” is being challenged by AI’s ability to re-identify individuals.

Another layer of risk is that many hospitals do not clearly inform patients when AI is used to read their images. A survey cited in the report found that fewer than half of radiology departments tell patients that their scans may be analyzed by AI. This means you might not know your data is being shared with a third-party AI provider until after the fact.

What you can do

You do not need to avoid medical imaging. But you can take a few practical steps to understand how your data is being handled and to limit exposure.

Ask about AI use before your scan. When scheduling an MRI, CT, or X-ray, ask the radiology department: “Will any AI tools be used to analyze my images? If so, who developed them, and where will my data be sent?” Many facilities have begun to include this information in consent forms, but you may need to ask directly.

Read the consent form carefully. Look for clauses that allow your images to be used for “research” or “quality improvement.” These can permit data sharing with outside organizations. You have the right to request that your images not be used for any purpose beyond your direct care. If the form does not offer that option, ask if you can add a note restricting use.

Opt out of data sharing when possible. Some hospitals allow you to sign a partial consent that still allows treatment but prohibits the use of your data for training AI models. This is not always offered, but it is worth asking.

Stay informed about facility policies. Check your hospital’s privacy policy online or ask for a copy of their data-sharing agreements with AI vendors. If the policy is vague or unavailable, consider whether you can choose a different imaging center that is more transparent.

The regulatory gap

The RSNA report calls for updates to privacy laws that account for modern AI capabilities. Among the suggestions: require explicit patient consent before using images in AI training, mandate that AI vendors be bound by the same rules as healthcare providers, and create a standard for “safe anonymization” that withstands re-identification attempts. As of mid-2026, no federal law addresses these issues directly. Some states — like California and Connecticut — have started to move with broader privacy laws, but the healthcare sector has lagged.

In the meantime, patients are largely on their own. The risks are real but not inevitable. By asking questions and reading the fine print, you can make an informed choice about who sees your medical images and for what purpose.

Sources: Radiological Society of North America (RSNA), report presented at annual meeting, May 20, 2026.
Additional context from the report’s summary on Google News (link: RSNA).
Note: Some details about specific re-identification techniques were not included in the public summary; this article summarizes the report’s main claims as reported.