How Medical Imaging AI Could Put Your Privacy at Risk — and What to Do About It
Artificial intelligence is being integrated into radiology at a rapid pace. AI tools can help radiologists detect tumors, fractures, and other abnormalities faster, and in some cases more accurately, than humans alone. But the same technology that improves diagnosis also introduces new privacy risks for patients. A recent report from the Radiological Society of North America (RSNA) warns that AI in medical imaging is opening a Pandora’s box of privacy-related concerns, including the creation of deepfake X-rays and increased vulnerability to data breaches.
Understanding these risks—and knowing what to ask your healthcare provider—can help you protect your medical images and personal health information.
What happened
In March 2026, the RSNA published findings showing that deepfake X-rays can fool both radiologists and AI diagnostic systems. Researchers created synthetic chest X-rays that appeared genuine to human experts and AI algorithms alike. The implication is significant: if malicious actors can generate fake medical images, they could potentially manipulate diagnoses, commit insurance fraud, or create false evidence.
The report also highlighted that medical images, even when anonymized, are increasingly susceptible to re-identification. AI models can sometimes reconstruct patient identities from de-identified scans by matching them with other data sources. Furthermore, the large datasets used to train imaging AI—often containing millions of scans—become attractive targets for hackers. A breach of such a dataset could expose not only images but also linked demographic and clinical information.
These findings stem from a broader RSNA presentation titled “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks,” delivered at their annual meeting. The presentation covered deepfake manipulation, model inversion attacks (where an attacker uses an AI model to infer training data), and the inadequacy of current consent practices for secondary use of imaging data.
Why it matters for patients
For most people, a routine X-ray or MRI is a private exchange between patient and doctor. But AI changes that relationship in several ways. First, imaging data is often shared with third-party AI vendors for algorithm training or validation, sometimes without explicit patient knowledge. While HIPAA (the Health Insurance Portability and Accountability Act) regulates the use of protected health information, it was not designed to address modern AI-specific threats like deepfake generation or model inversion.
Second, the risk is not theoretical. Deepfake X-rays have already been demonstrated to be convincing enough to alter diagnoses. If your medical record contains a manipulated image, it could lead to incorrect treatment or delayed care. And because medical images are stored indefinitely in many health systems, the potential for retrospective misuse exists long after the initial scan.
Finally, re-identification risk means that even “de-identified” images used in research may not guarantee your anonymity. Researchers have shown that matching a facial image from a CT scan to a driver’s license photo is possible in some cases. Your medical image could potentially be traced back to you.
What readers can do
While you cannot eliminate all privacy risks, you can take several practical steps to be informed and reduce exposure.
Ask your radiology provider about AI use. Before a scan, ask whether AI will be used in interpretation, and if so, which company provides the AI tool. You can also ask whether your images will be shared with any third party for training or research. Many facilities have policies requiring written consent for secondary use, but it is worth confirming.
Review consent forms carefully. When signing a consent form for an imaging procedure, note any language about data sharing, research, or de-identification. If the form is vague, ask for clarification. You have the right to opt out of non-treatment-related data use in most cases, though that might limit your access to AI-assisted diagnostics in some settings.
Use patient portals to monitor your records. Most health systems now offer online access to imaging reports and sometimes the images themselves. Periodically review your records for any inconsistencies. If you spot an image you do not recognize or that seems mismatched with your history, report it to your provider.
Be cautious with medical image sharing outside your healthcare system. Some patients upload their scans to online second-opinion services or AI-powered analysis apps. These platforms may have different privacy protections. Research their data handling practices before sharing.
Support stronger regulations. Existing laws like HIPAA have gaps when it comes to AI. Contact your elected representatives and ask for updates that specifically address AI-generated medical content, data re-identification, and breach notification requirements for imaging datasets.
Future outlook
As AI evolves, so will the privacy challenges. Deepfake technology is improving rapidly, and detection methods remain an arms race. The medical community is beginning to call for new standards—such as watermarking authentic images, creating blockchain-based audit trails, and requiring transparency from AI vendors. Patients can help drive change by staying informed and asking the right questions.
The benefits of AI in medical imaging are real, but they should not come at the cost of patient privacy. By understanding the risks described in the RSNA report and taking proactive steps, you can protect yourself without forgoing the advantages of advanced diagnostic technology.
Sources
- Radiological Society of North America. “Deepfake X-Rays Fool Radiologists and AI.” RSNA News, March 24, 2026.
- Radiological Society of North America. “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” RSNA Annual Meeting presentation, 2025–2026.
- U.S. Department of Health and Human Services. “HIPAA Privacy Rule.” HHS.gov. Accessed May 2026.