Medical AI in Radiology: A New Privacy Threat – Here’s How to Protect Your Data

Introduction

Artificial intelligence is increasingly used to interpret medical images like X-rays, CT scans, and MRIs. The technology can detect abnormalities faster than human radiologists in some cases, and its adoption is growing across hospitals and clinics. But a report published in May 2026 by the Radiological Society of North America (RSNA) warns that these same AI systems also create new vulnerabilities for patient privacy. For anyone who has ever had a medical scan, the findings are worth understanding.

What Happened

The RSNA report identifies several ways that AI in medical imaging can inadvertently expose sensitive health information. Most AI models are trained on large datasets that include not only the scanned images but also metadata such as patient names, dates of birth, and medical record numbers. Even when data is “de-identified” — stripped of obvious identifiers — research has shown that it can often be re-identified by cross-referencing with other information.

The report also points to risks around how images are stored and shared. AI systems may send data to cloud servers for processing, sometimes across borders, without adequate encryption. In one scenario described in the document, an internal hospital database used to train an AI model was left accessible on the public internet because of a misconfigured cloud bucket. No single massive breach was reported, but the paper argues that the cumulative risk is growing as more institutions deploy AI without fully auditing their data pipelines.

Why It Matters

For patients, the implications go beyond abstract privacy concerns. Medical images are uniquely sensitive. A facial X-ray or a body scan can reveal not only your identity but also details about your health, lifestyle, and even genetic predispositions. Once such data is exposed, it is difficult to contain. Unlike a credit card number, you cannot simply cancel and replace a medical record.

Re-identification attacks are not hypothetical. Researchers have demonstrated that they can match anonymized MRI scans to individuals by using publicly available facial recognition tools. The RSNA report notes that current privacy regulations like HIPAA in the United States were written before AI became common, and they do not fully address the ways that machine learning can infer identity from seemingly anonymous data.

There is also the question of consent. Many patients are not told that their scans might be used to train commercial AI systems. Even when consent forms mention research use, the language is often vague. Few people realize that their medical images could end up in a training dataset that is shared with third parties or sold to technology companies.

What Readers Can Do

You don’t need to become a privacy expert to reduce your risk. Here are practical steps to take the next time you have a medical imaging procedure:

  • Ask about data policies. Before a scan, request a copy of the hospital’s or clinic’s policy on how your images and metadata will be used. Ask specifically whether they will be shared with outside AI developers or used for internal model training. Most facilities are required to provide this information under HIPAA, though they may not volunteer it.

  • Opt out of secondary research. Many consent forms include an option to decline having your data used for research. Check the box or tell the technician you do not wish your images to be used beyond your immediate care. This is your right in most jurisdictions.

  • Use encrypted communication. If you receive digital copies of your scans (on CD or via a patient portal), ensure the transmission is encrypted. Ask the facility whether they use secure file transfer protocols. Avoid downloading images over public Wi-Fi.

  • Limit sharing of your images. Be cautious about uploading scans to third-party services or apps that claim to provide second opinions or AI analyses. Some of these services have unclear privacy practices. Verify the service’s data handling policy before uploading any medical image.

  • Monitor your medical records. Regularly request copies of your medical records and review them for unauthorized access. Most healthcare providers now offer online portals where you can see who has viewed your records.

Sources

The information in this article is based on the RSNA special report “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks,” published in May 2026. Additional context comes from prior research on re-identification of medical images published in peer-reviewed journals and from public guidance on HIPAA compliance in the context of artificial intelligence. For further reading, the full RSNA report is available through the Radiological Society of North America’s website (note: access may require a subscription or institutional login).