Is Your Medical Imaging Data Safe From AI? What Patients Need to Know Now
If you’ve had an X‑ray, MRI, or CT scan recently, there’s a good chance the images were reviewed with help from artificial intelligence. AI tools are becoming standard in radiology—they can speed up diagnosis, reduce human error, and even detect abnormalities the eye might miss. That’s promising for patient care.
But there’s another side to this trend that isn’t discussed as often during the consent process. At the 2026 Radiological Society of North America (RSNA) annual meeting, a presentation titled “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks” laid out the growing privacy concerns that patients and providers face. If you undergo imaging, it’s worth understanding what’s at stake and what you can do about it.
What happened
The RSNA presentation, covered by the society itself, spelled out how AI systems in medical imaging can inadvertently expose patient data. The core problem: imaging data—your scan itself, plus any associated labels, measurements, or clinical notes—is being used to train, validate, and sometimes improve AI models. This data often flows beyond the hospital or clinic where you were scanned.
According to the presentation, many institutions share imaging data with third-party AI vendors or research collaborators. Sometimes this happens under the umbrella of “quality improvement” or “algorithm development.” Patients may not be explicitly asked for permission, or the consent language in the standard paperwork may be vague enough that most people don’t realize their images could leave the system.
Why it matters
The risks fall into three main categories.
1. Data breaches. Medical imaging data is highly sensitive. A scan may reveal not just a broken bone or tumor, but also details about your anatomy, implants, or even your identity (e.g., face reconstruction from CT data). If that data is stored or transmitted by a third party, it becomes part of another attack surface. Hospitals have been breached before; vendors can be breached too.
2. Re-identification. You might think that once your name and other identifiers are stripped, the images are safe. But AI techniques have advanced to the point where de-identified images can often be re-identified by matching them against public databases, facial features, or other metadata. The RSNA presentation warned that the idea of “anonymized” imaging data is increasingly unreliable.
3. Unclear consent and HIPAA gaps. HIPAA covers how your protected health information is used and disclosed. However, it was written before AI training on medical images became routine. Many uses of imaging data for AI development fall into gray areas—such as “research” or “operations”—where patients may have fewer rights to opt out. Even when HIPAA applies, the enforcement relies on institutions to follow their own policies, which can be inconsistent.
The bottom line: your medical images may be used in ways you haven’t agreed to, and the protections you assume are in place may not be as strong as you think.
What readers can do
You don’t need to refuse imaging—the clinical benefit is usually worth it. But you can take steps to protect your privacy.
1. Ask before you scan. When your doctor orders an imaging study, ask a direct question: “Will my images be used to train AI or be shared with any outside company?” The technologist or front desk may not know the answer; ask to speak with the privacy officer. Under HIPAA, you have the right to be informed of how your data is used.
2. Read the consent form carefully. Many radiology departments now include a section about AI or research use. If you don’t understand it, ask for clarification. Some forms allow you to check a box to opt out of secondary uses without affecting your care. If that option isn’t offered, request it.
3. Seek a written assurance. If you want to be certain your images won’t be shared, ask for a written note in your record that you withhold consent for AI training or third-party sharing. Not all institutions will honor this for all uses, but many will.
4. Review your hospital’s privacy policy. Look for language about “de-identified data,” “research,” or “business associates.” If the policy is vague, consider raising the issue with patient relations.
5. Be aware that opting out may have limits. Some uses—like FDA-approved AI that is integrated into the scanner—may not be avoidable because the AI is part of the device’s normal function. Ask whether the AI is embedded in the equipment or added by the facility.
Sources
- “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks,” Radiological Society of North America (RSNA), May 2026.
- HIPAA Privacy Rule, U.S. Department of Health and Human Services.
- RSNA 2026 Annual Meeting presentations on AI and privacy.