Is AI Looking at Your Medical Scans? What Patients Should Know About Privacy Risks

If you’ve had an X-ray, MRI, or CT scan recently, there’s a decent chance that an artificial intelligence tool has already processed your images. AI is being adopted rapidly in radiology to help detect fractures, tumors, and other abnormalities. But as these systems become common, a new report from the Radiological Society of North America (RSNA) warns that they also introduce privacy risks that patients may not be aware of.

This article explains what’s happening, why it matters, and what you can ask your provider to protect your health data.

What happened

In May 2026, the RSNA published a report titled “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” The report highlights that many AI tools used for medical imaging do not process images solely inside a hospital’s secure network. Instead, images are often sent to cloud servers operated by third-party vendors. Even when images are de‑identified (stripped of names and birthdates), techniques using AI itself can sometimes re‑identify individuals by matching facial features or other anatomical markers.

The RSNA report also points out that patients rarely give explicit consent for AI analysis of their scans. Standard consent forms for imaging procedures often don’t mention AI use, let alone data sharing with external companies.

Why it matters

Your medical images contain detailed information about your body—beyond just the condition being diagnosed. A chest X‑ray, for example, can reveal your age, sex, and sometimes even your identity from bone structure or implanted devices. If that data leaks or is mishandled, it could be used for insurance discrimination, employment decisions, or personal embarrassment.

Current U.S. privacy law, primarily HIPAA, does cover medical images held by covered entities like hospitals. But once images are sent to an AI vendor, the protections become less clear. HIPAA’s business associate agreements offer some safeguards, but not all vendors are equally accountable. Moreover, pending state and federal legislation may change patient rights, but until then, the burden falls largely on patients to ask questions.

What readers can do

You can take practical steps without being an expert in data security:

  1. Ask your provider whether AI will be used on your scan. Before the procedure, ask the technician or your doctor. Most hospitals are open about this if you raise the question.

  2. Inquire about data storage and sharing. Specifically, ask: “Is my image sent to an outside company for AI analysis? Where is it stored? How long is it kept?” Some providers may give you a policy document or direct you to their privacy office.

  3. Request an opt‑out if available. Not all AI tools are mandatory. In many cases, the radiologist can review your scan without AI assistance, or a different algorithm might be used that processes data locally. Ask if you can decline AI analysis and still receive a full interpretation.

  4. Check your consent form. Read the fine print before signing. If it mentions “research” or “data sharing” without specifics, ask for clarification. If you aren’t comfortable, you can refuse and ask for a standard radiology interpretation.

  5. Stay informed about regulatory changes. Organizations like the RSNA and the American College of Radiology are pushing for clearer privacy standards. Following their public recommendations can help you know when your rights improve.

Sources

  • Radiological Society of North America (RSNA). “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” May 2026.
  • U.S. Department of Health and Human Services. HIPAA Privacy Rule and medical imaging.
  • American College of Radiology. Position statement on AI and data privacy (2025).