Is Your Medical Scan Safe? New AI Privacy Risks You Need to Know

Is Your Medical Scan Safe? New AI Privacy Risks You Need to Know

If you’ve ever had an X-ray, CT scan, or MRI, your images are now part of a digital file that may be used to train artificial intelligence systems. These AI tools can help radiologists spot tumors faster, reduce scan times, and even predict disease risk. But the same data that improves diagnosis also creates serious privacy concerns that patients rarely hear about.

What Happened

At the 2025 annual meeting of the Radiological Society of North America (RSNA), researchers and privacy experts presented a sobering assessment: the widespread use of medical imaging AI is opening what they called a “Pandora’s box” of privacy-related risks. The report highlighted that many AI systems are trained on large collections of medical images that may contain far more personal information than previously assumed—even after standard de-identification steps.

The core issue is that image metadata, facial features reconstructed from head scans, and unique anatomical markers can sometimes be used to re-identify a patient. In some cases, researchers have demonstrated that AI models can be “inverted” to recreate the original training images, potentially exposing sensitive health data.

Why It Matters

Most patients assume their medical images are protected by strict privacy laws like HIPAA. While HIPAA does regulate how healthcare providers handle health information, its protections can be weaker once data is shared with third-party AI developers. Here are the specific risks:

• Data re-identification. Even after removing names, dates, and ID numbers, medical images can contain enough anatomical or facial features to link them back to a specific person. This is especially concerning for patients with rare conditions or unusual anatomy.
• Secondary use without consent. Your scan might be sent to an AI company for research or product development without explicit permission. Many consent forms buried in hospital paperwork allow broad data sharing.
• Model inversion attacks. An attacker could query a trained AI model and reconstruct images that resemble the original patients, exposing private health details.
• Lack of opt-out options. In many radiology departments, AI processing is “baked in” to the workflow, and patients aren’t asked if they want to opt out.

The result is that your medical images—once considered relatively safe digital records—now travel through a pipeline with multiple hands, each a potential point of exposure.

What Readers Can Do

You don’t have to avoid necessary medical scans. But you can take steps to understand and limit how your imaging data is used:

1. Ask your provider about AI use. Before an imaging exam, ask: “Will AI be used to analyze my scan? If so, who will have access to my images beyond the hospital?” A simple question can prompt the staff to explain their data-sharing agreements.

2. Request an opt-out option. Some hospitals allow you to decline having your images used for AI training. This is often done by signing a specific form. If your provider says no opt-out is available, ask why—and consider whether you can go elsewhere.

3. Read the consent form carefully. When signing for a scan, check whether the form includes a blanket statement about data use for “research” or “quality improvement.” Ask for clarification and, if possible, strike through that clause.

4. Ask about de-identification methods. Most AI companies claim to use de-identified data, but the level of de-identification varies. Ask whether identifiable features like facial reconstruction from CT scans have been removed.

5. Stay informed about your hospital’s AI policies. Hospitals increasingly post their AI use policies online. Check for transparency about third-party data sharing.

6. Consider contacting your elected representatives. Privacy protections for medical AI are still evolving. Support legislation that requires stronger consent and transparency for AI training data.

It’s worth acknowledging that not all risks are equally likely. The chance that your specific scan ends up in a data breach may be low, but the stakes are high. And as AI becomes more embedded in radiology, we need clear rules that keep pace with the technology—not guesswork about what happens to our pictures after the radiologist reads them.

Sources

• Radiological Society of North America (RSNA), “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks,” May 2025.
• Additional context from privacy research cited in the RSNA presentation, including studies on re-identification feasibility in medical imaging datasets.
• HIPAA Privacy Rule, U.S. Department of Health and Human Services (for baseline legal comparisons).