Is Your Medical Image AI Safe? What You Need to Know About Privacy Risks
If you’ve ever had an X-ray, MRI, or CT scan, your medical images are part of your health record. What you might not realize is that artificial intelligence tools are increasingly used to analyze those images — and a new report from the Radiological Society of North America (RSNA) warns that this practice comes with real privacy risks.
The report, published in May 2026, points out that AI systems can re-identify images that were supposed to be anonymous. Patients are often not told when AI is used in their imaging workflow, and their data could end up being shared, stored, or used to train commercial AI models without explicit consent.
Here’s what happened, why it matters for you, and what you can do.
What happened
The RSNA report (released May 20, 2026) highlighted several privacy vulnerabilities emerging from the rapid adoption of AI in medical imaging. According to the report, de-identified medical images — those stripped of obvious identifiers like name and date of birth — can sometimes be re-identified using patterns in the image data itself. This means that even if your personal information is removed, it may not stay private.
The report also noted that when patients’ images are used to train or improve AI algorithms — often without their knowledge — that data can be exposed in breaches or repurposed for secondary uses, such as developing commercial software without any patient benefit. The RSNA emphasized that current consent processes often fail to inform patients about these uses.
Why it matters
Medical images are not just pictures; they are highly personal data. They reveal anatomical details, sometimes even genetic information, and can be linked back to you. If an AI company mishandles your images, they could be leaked, sold, or used in ways you never agreed to.
The risks aren’t hypothetical. Health data breaches have been rising for years, and imaging AI adds a new layer of vulnerability because the data is often shared across institutions and with third-party vendors. Patients may unknowingly consent to broad data usage when they sign standard imaging release forms.
Moreover, once your images are used to train an AI model, it’s almost impossible to remove them. Even if you later revoke consent, the AI system may already have learned from your data.
What readers can do
You don’t have to avoid medical imaging, but you can take a few practical steps to protect your privacy:
Ask your provider about AI use. Before your scan, ask whether AI will be used to analyze the images and what happens to the data afterward. Some hospitals have policies that let you opt out of AI processing, though it may not be widely advertised.
Review consent forms carefully. Many imaging consent forms are written in broad terms. Look for language about “research,” “improving algorithms,” or “sharing with third parties.” If the form is vague, ask for clarification or request a version that limits data use to your direct care.
Ask about data storage and deletion. Find out how long your images are stored and whether they can be deleted after a certain period. Some facilities offer the option to have images removed from research databases — ask about it.
Check if you can opt out of commercial AI training. Some hospitals have begun offering an opt-out option for patients who don’t want their data used to train commercial AI systems. If you’re concerned, ask specifically about this.
Follow up on breaches. If your imaging facility suffers a data breach, you have a right to know what was exposed. Make sure you’re signed up for notifications if they offer them.
Sources
Radiological Society of North America. “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” Report published May 20, 2026. (RSNA News)
U.S. Department of Health and Human Services. Guidance on patient rights under HIPAA regarding medical imaging data. (hhs.gov)
HealthIT.gov. “What is de-identification of health data?” (healthit.gov)