When Your X-Ray Isn’t Just a Picture: Privacy Risks in AI-Powered Medical Imaging
If you’ve had an MRI, CT scan, or even a routine chest X-ray in the past year, there’s a good chance artificial intelligence helped read it. AI tools in radiology can spot tumors, fractures, and other abnormalities faster than a human eye alone—sometimes more accurately. But these tools need massive amounts of medical images to train on, and that data carries risks most patients never consider.
A recent report from the Radiological Society of North America (RSNA) spelled out those risks directly: medical imaging AI can expose your private health data in ways that go far beyond a typical data breach. Combined with a separate study showing that AI-generated deepfake X-rays can fool both radiologists and other AI systems, the picture is sobering.
What happened: A Pandora’s box of privacy issues
In May 2026, the RSNA published an article titled “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” The report outlines how the same data that makes AI diagnostic tools possible—thousands of medical images and associated patient information—creates new avenues for privacy violations. These include unauthorized access to image databases, re-identification of patients from supposedly de-identified scans, and the growing threat of manipulated or fake images.
Just two months earlier, another RSNA study demonstrated that deepfake X-rays can convincingly alter a scan—adding or removing a tumor, for example—and that both human radiologists and AI detection systems could be fooled. This means not only can data leak, but false medical evidence can be inserted into a patient’s record without detection.
Why it matters to you
Most patients trust that their medical images stay private and accurate. Here are three specific risks that undercut that trust:
1. Data breaches and unauthorized access. Hospitals and imaging centers store images in large databases often connected to cloud services. If those systems are breached, your scan—together with your name, date of birth, and sometimes insurance details—can be exposed. Unlike a stolen credit card number, you can’t change your anatomy or your medical history.
2. Re-identification from de-identified images. Even after a hospital strips your name and ID from an image, researchers have shown that facial features (from 3D scans) or unique anatomical markers (like the shape of your spine or lungs) can link the image back to you. When these images are shared for AI training, your privacy can be lost.
3. Deepfake X-rays and manipulated scans. The RSNA deepfake study proved that AI-generated modifications to medical images are hard to spot. Someone with malicious intent—a disgruntled employee, an identity thief, or even a fraudster—could alter a scan to suggest a condition you don’t have, or erase evidence of one you do. This isn’t just a privacy concern; it’s a safety and legal concern.
Beyond these risks, there’s also the question of consent. Many patients don’t know their images are being used to train commercial AI tools. Even when data is de-identified, the line between research, profit, and patient care gets blurry.
What you can do as a patient
You can’t stop hospitals from using AI, but you can take steps to protect your data:
Ask your provider: Before an imaging exam, ask whether your images will be used for AI training or any purpose beyond your direct care. Many facilities have a consent form for research use. If they do, read it and decide whether to opt out.
Request a data-use notice: Under HIPAA and similar laws in many countries, you have a right to know how your health information is used and shared. Ask for the facility’s Notice of Privacy Practices and look for language about “de-identified data” and “research” or “development.” If it’s vague, ask for specifics.
Check for image-sharing opt-outs: Some radiology departments participate in large image-sharing networks (like the RSNA Image Share network). You can usually decline to have your images included. Ask if this is optional.
Monitor your medical records. Review your online patient portal for imaging reports and images. If you see something that doesn’t look right—a report you don’t recognize or an image that seems altered—report it to your provider immediately.
Support stronger regulations. Health data privacy laws (like HIPAA in the US) were written before AI was widely used in imaging. Several bills have been introduced to address these gaps. Letting your representatives know you care about medical data privacy can help.
Regulatory protections and their limits
Current laws like HIPAA protect your health information in clinical settings, but they don’t fully cover de-identified data used for AI research. Once your image is stripped of direct identifiers (name, SSN, etc.), it can often be shared or sold without your consent. There are no federal rules yet that require informed consent for AI training on medical images. The RSNA report notes that voluntary guidelines from professional societies exist, but enforcement is inconsistent.
The deepfake X-ray problem also falls into a regulatory blind spot. No standard exists for verifying the authenticity of medical images at the point of use. Some researchers are working on digital watermarking and blockchain-based verification, but these are not widespread.
Balancing innovation with privacy
AI in radiology holds real promise. It can catch cancers earlier, reduce radiologist burnout, and even lower costs. None of that requires ignoring privacy. The key is transparency: patients should know how their data is used, have a meaningful choice, and trust that images can’t be altered or leaked without consequence.
For now, being an informed patient is the best defense. Ask questions, read forms, and speak up if something feels off. Your medical images belong to you—treat them that way.
Sources
- Radiological Society of North America, “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks,” May 2026.
- Radiological Society of North America, “Deepfake X-Rays Fool Radiologists and AI,” March 2026.
- RSNA 2025 Technical Exhibits, “Largest Radiology AI Showcase,” September 2025.