Medical AI and Your Privacy: What to Know About Imaging Risks

Artificial intelligence tools are becoming routine in medical imaging—helping radiologists detect tumors, fractures, and other abnormalities faster than ever. But the same technology that improves diagnosis also introduces new privacy risks for patients. Recent reports from the Radiological Society of North America (RSNA) suggest these risks deserve more attention than they’ve received.

What Happened

In May 2026, RSNA published a special report describing privacy-related risks in medical imaging AI as a “Pandora’s box.” The report followed earlier findings that researchers could create deepfake X-rays convincing enough to fool both human radiologists and AI detection systems (RSNA, March 2026). A separate RSNA report from May 2025 had already flagged cybersecurity threats involving large language models (LLMs) in radiology—tools that can process and generate text from medical imaging reports.

These are not theoretical warnings. The deepfake X-ray research demonstrated that synthetic images could be inserted into real patient records, potentially altering diagnoses or enabling insurance fraud. The LLM security report warned that AI models trained on radiology text could be manipulated to leak patient information or produce misleading outputs if not carefully secured.

Why It Matters

Medical images are not just pictures of bones or organs. They contain metadata—patient names, dates of birth, facility identifiers, and sometimes even face reconstructions from CT or MRI scans. When AI systems process these images, that data often travels to cloud servers operated by third-party vendors. Even when images are anonymized for research, researchers have shown that it’s sometimes possible to re-identify individuals using facial recognition or unique anatomical features.

HIPAA (the Health Insurance Portability and Accountability Act) covers traditional patient data, but AI introduces gray areas. For example, who is responsible when an AI vendor stores copies of your CT scan on its servers for model training? How long are those copies retained? Current regulations don’t always answer these questions clearly.

The RSNA’s characterization of these risks as a “Pandora’s box” reflects the reality that once patient data is fed into an AI system, controlling where it ends up becomes much harder. The scale of the problem is also growing: as more hospitals adopt AI tools, the number of patient images flowing through third-party algorithms increases every year.

What Readers Can Do

You can’t opt out of AI tools if your hospital uses them—but you can take practical steps to understand and protect your data.

Ask about AI use. Before an imaging exam, ask your provider whether AI will be used in analyzing your images. If yes, request a copy of the facility’s data privacy policy. Hospitals are required to give you a Notice of Privacy Practices under HIPAA, but this notice may not specifically mention AI vendors. Ask for details: Who has access to your images? Are they stored outside the hospital? How long are they retained?

Request a data use agreement. If your images will be used for AI training or research, you have the right to ask what data is collected and whether you can opt out without affecting your care. Many institutions allow this.

Monitor your medical records. Review your visit summaries and imaging reports via patient portals. If you notice unexpected entries—such as a report you don’t recognize—contact the provider immediately.

Be aware of re-identification risks. Anonymized images are not truly anonymous in all cases. If you participate in research that shares your imaging data, consider whether you are comfortable with that risk.

Sources

  • Radiological Society of North America. “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” May 20, 2026.
  • Radiological Society of North America. “Deepfake X-Rays Fool Radiologists and AI.” March 24, 2026.
  • Radiological Society of North America. “Special Report Highlights LLM Cybersecurity Threats in Radiology.” May 14, 2025.

These reports are accessible through the RSNA website. The full details of the deepfake and LLM studies are published in peer-reviewed radiology journals.


This article is for informational purposes only and does not constitute legal or medical advice. Privacy regulations vary by jurisdiction and are subject to change.