Is Your Medical AI X-Ray a Privacy Risk? What Patients Need to Know

Is Your Medical AI X-Ray a Privacy Risk? What Patients Need to Know

Artificial intelligence is becoming common in radiology. Many hospitals now use AI to help radiologists interpret X-rays, CT scans, and MRIs faster and sometimes more accurately. But a recent presentation at the Radiological Society of North America (RSNA) meeting highlighted a less discussed side of this technology: new privacy risks that patients may not be aware of.

Researchers demonstrated that AI-generated “deepfake” X-rays can fool both human radiologists and AI-based diagnostic tools. The same technology that makes medical AI powerful also makes it vulnerable to manipulation and data misuse. For patients, this raises real questions about who has access to their medical images, how those images are used, and whether they can trust the results.

What Happened

At RSNA 2026, a team of researchers showed that they could create realistic-looking but entirely fake X-ray images using generative AI models. These deepfake images were convincing enough that trained radiologists misdiagnosed conditions, and AI diagnostic systems also made errors. The work demonstrates that medical image data can be altered or synthesized in ways that are hard to detect.

Separately, security researchers have long warned that the datasets used to train medical AI models are not always properly anonymized. Even when images are stripped of obvious identifiers like names and dates, re-identification can be possible by matching the image features to other records. Model inversion attacks—where someone extracts patient data from a trained AI model—are another documented risk. These are not hypothetical threats; they have been demonstrated in academic settings.

Why It Matters

For the average patient, these risks translate to several concerns. First, if a deepfake X-ray makes its way into your medical record, a doctor might see a condition that does not exist or miss one that does. That could lead to unnecessary treatment or delayed care.

Second, your medical images may be used to train commercial AI systems without your clear consent. Many hospitals have data-sharing agreements with technology companies. While HIPAA covers medical images as protected health information, the law has gaps when it comes to AI-specific uses. For example, de-identified data can be shared without patient authorization, but the de-identification process is not foolproof. Researchers at the University of Chicago previously showed that medical images can be re-identified even after anonymization.

Third, the same tools that allow AI to learn patterns can also be turned around to infer sensitive information about individuals. If a model trained on your scan is later used for other purposes, your health information could leak in ways you cannot control.

What Readers Can Do

You do not have to refuse medical imaging to protect your privacy. But you can take practical steps to reduce your exposure.

Ask your provider about AI use. Before a scan, ask whether AI will be used to interpret the images. If so, ask how the AI was trained and whether your images will be added to a training dataset. Most imaging centers have a consent form, but the details are often buried. Ask directly.

Request opt-out options. Some facilities allow you to refuse to have your data used for AI training. This may not affect your care. If no opt-out exists, ask if the data is shared with third parties. You have a right to know.

Use secure communication. When receiving results or images, insist on encrypted portals or email. Avoid having scans shared via unencrypted email or text message.

Know your HIPAA rights. You can request an accounting of disclosures—a list of who has accessed your health information and for what purpose. If you suspect misuse, you can file a complaint with the Office for Civil Rights.

Stay informed. Security and privacy standards for medical AI are still evolving. Organizations like RSNA and the American College of Radiology are developing guidelines. Regulatory bodies are beginning to address these issues, but change takes time. Keep an eye on news from these groups.

Sources

The findings described here were presented at the Radiological Society of North America’s 2026 annual meeting. The session “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks” included demonstrations of deepfake X-rays and discussions of data security vulnerabilities. Additional background comes from published academic research on model inversion attacks and re-identification of medical images, as well as guidance from HIPAA and health privacy advocates.

Medical AI is a promising tool. But like any powerful technology, it carries responsibilities—both for the institutions that deploy it and for the patients who trust them with their most personal health data. A few informed questions can go a long way.