Medical AI Raises Privacy Red Flags: What Patients Should Know About Imaging Data Risks
Artificial intelligence is increasingly used to read X-rays, CT scans, and MRIs. The technology can spot tumors, fractures, and other abnormalities faster than humans in some cases, and many major hospital systems are adopting it. But the same data that makes AI so useful — detailed medical images — also creates new privacy risks for patients.
Recent discussion at the Radiological Society of North America (RSNA) has highlighted that current safeguards may not be enough. Here is what everyday patients need to understand about these risks, and how to protect themselves.
What happened
In May 2026, RSNA published a report titled “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” The report details several ways that AI systems used in radiology can expose patient data:
Re-identification from scans. Medical images often contain facial features, tattoos, or unique anatomical markers. Even when images are “anonymized” (stripped of name and date of birth), AI tools can match these features to individuals using public databases or other datasets. Research has shown that facial recognition algorithms can re-identify patients from CT and MRI scans with high accuracy.
Data sharing with third parties. Many AI systems are developed by outside companies. When a hospital sends images to a vendor for analysis, those images may be stored on the vendor’s servers, used to train new algorithms, or shared with subcontractors — sometimes without explicit patient consent. The extent of this data flow is not always clear to patients.
Long-term retention. Medical images are often kept for years, even decades, for research or legal reasons. As AI techniques improve, older scans become more vulnerable to re-identification or misuse. Once an image is out in the digital ecosystem, it is difficult to delete completely.
Why it matters
For most people, a chest X-ray or a mammogram feels like a routine, one-time event. But the digital image generated becomes part of your permanent medical record. When that image is fed into an AI system, it may be used in ways you never expected.
The privacy risk is not hypothetical. There have been documented cases where insurance companies, employers, or third-party data brokers obtained medical imaging data and used it for purposes unrelated to care. With AI tools becoming more common and cheaper to run, the barrier to mining this data for insights — or for profit — continues to drop.
Importantly, current regulations like HIPAA (the Health Insurance Portability and Accountability Act) do cover medical images, but they have gaps. HIPAA does not fully address how AI vendors handle data after it leaves the hospital’s network, nor does it give patients a clear right to opt out of having their images used for AI training.
What readers can do
You do not have to avoid AI-assisted imaging altogether — the technology can improve diagnosis. But there are practical steps you can take to reduce your exposure:
Ask your provider about AI use. When your doctor orders an X-ray or MRI, ask: “Will an AI system be involved in reading my image? If so, which company, and what happens to my data after the scan?” Not every provider will have an answer ready, but asking signals that you care about privacy.
Request a copy of the provider’s privacy notice. Under HIPAA, healthcare providers must give you a notice of privacy practices. Look for sections about “disclosure to business associates” or “data used for research.” If the notice is vague or uses broad language like “we may share data for quality improvement,” consider asking for more details.
Opt out of research databases where possible. Some institutions allow patients to decline participation in research that uses their medical data, including images. This opt-out may not be automatic — you may need to sign a form. Check your patient portal or call the medical records department.
Ask about data retention and deletion. After your care is complete, you can request that your images be deleted from third-party systems. Not all hospitals will comply, but it is worth asking. Some states have laws that give patients more control over their health data beyond what HIPAA requires.
Use a patient privacy advocate. If you are undergoing a series of scans or have a condition requiring repeated imaging, consider working with a patient advocate who can help you navigate data sharing agreements and flag any concerning terms.
The bigger picture
The RSNA report is not calling for a halt to AI in radiology — it is urging stronger safeguards. The authors recommend clearer consent processes, data minimization (keeping only what is needed for care), and independent audits of AI systems for privacy risks.
For now, the responsibility falls largely on patients to stay informed. As AI becomes more embedded in healthcare, the trade-off between convenience and privacy will only grow sharper. Knowing what questions to ask is the first step toward protecting your data.
Sources
- Radiological Society of North America, “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks,” May 2026.
- Additional context from RSNA 2026 presentations on AI and data privacy.
- U.S. Department of Health and Human Services, “HIPAA Privacy Rule.”