Medical AI Raises Privacy Risks: What Patients Need to Know

Medical AI Raises Privacy Risks: What Patients Need to Know

Artificial intelligence is making its way into radiology departments, helping radiologists spot tumors, fractures, and other abnormalities faster than ever. But the same technology that improves diagnosis also creates new avenues for patient data to be exposed or misused. Recent findings presented at the Radiological Society of North America (RSNA) underscore that medical imaging AI opens a Pandora’s box of privacy-related risks. For patients, understanding these risks and knowing how to protect their health data is increasingly important.

What Happened

Researchers at RSNA demonstrated that advanced AI tools can be manipulated in ways that threaten patient privacy. One striking example involves deepfake X‑rays—synthetic images generated by AI that are realistic enough to fool both radiologists and diagnostic algorithms. These fakes could be inserted into a patient’s record to alter a diagnosis or to extract training data from an AI model.

Beyond deepfakes, studies presented at RSNA highlighted two other attack types:

• Model inversion attacks, where an adversary uses a trained AI model to reconstruct the original patient images or sensitive attributes (like age or sex) that were used in training.
• Membership inference attacks, which allow someone to determine whether a specific patient’s data was included in the AI’s training set. That alone can reveal that the person has a particular medical condition.

These methods do not require access to the original data; they work by probing the AI model itself. The RSNA presentations made clear that these vulnerabilities are not theoretical—they have been tested and confirmed in lab settings, and the tools needed to carry them out are increasingly accessible.

Why It Matters

Medical images contain far more than the clinical finding. They can include facial features, body shape, implanted devices, and metadata such as the patient’s name, date of birth, and hospital. Even when identifiers are stripped, re‑identification remains possible by linking image features with publicly available data.

HIPAA (the Health Insurance Portability and Accountability Act) covers traditional healthcare data, but its application to AI training datasets is not always straightforward. De‑identified data is often considered outside HIPAA’s reach, yet modern re‑identification techniques can often defeat de‑identification. Furthermore, hospitals and developers may share imaging data for AI research without explicit patient consent, relying on broad consent forms or institutional waivers.

If your scan is used to train an AI system, that system may encode details about you. A breach of the model—or an adversary who queries it—could expose those details. Potential harms include insurance discrimination, identity theft, or embarrassment if sensitive conditions become known. The risk is especially high for conditions like genetic disorders, mental health issues, or HIV status.

What Readers Can Do

Patients are not powerless. Here are concrete steps to protect your health data in an AI‑enabled healthcare environment:

• Ask your provider about AI use. Before an imaging exam, ask whether AI will be used to interpret the results and whether your images might be used to train or validate that AI. You have the right to know.
• Opt out of data sharing where possible. Many hospitals allow patients to restrict the use of their data for research or commercial purposes. Request an opt‑out form or update your privacy preferences in the patient portal.
• Use secure patient portals. Avoid sending medical images via email or unencrypted messaging. Use the official portal provided by your healthcare system.
• Be cautious on social media. Never post your X‑rays, MRIs, or CT scans online—even with names removed. Metadata can reveal your identity, and images can be copied or used to train AI without your knowledge.
• Know your rights. Under HIPAA, you can request an accounting of disclosures, meaning a list of who has accessed your health data. Some states have additional privacy laws (e.g., California’s CCPA) that give you more control.
• Ask about federated learning. When discussing AI tools with your provider, inquire whether the hospital uses “federated learning”—a technique that trains AI models without moving patient data off‑site. It reduces exposure, though it is not foolproof.

No single step guarantees perfect privacy, but combining these measures significantly reduces your risk. As AI in radiology expands, patient advocacy will be essential to ensure that privacy protections keep pace with the technology.

Sources

• Radiological Society of North America. “Deepfake X‑Rays Fool Radiologists and AI.” March 2026. (RSNA 2026 presentation)
• Radiological Society of North America. “Medical Imaging AI Opens a Pandora’s Box of Privacy‑Related Risks.” May 2026. (RSNA news release)
• Additional privacy risk classifications (model inversion, membership inference) are drawn from peer‑reviewed studies presented at RSNA and subsequently reported by radiology informatics outlets.