Medical Imaging AI: A New Privacy Risk You Should Know About

Artificial intelligence is transforming how radiologists read X-rays, MRIs, and CT scans—often catching things a human eye might miss. That faster diagnosis is a genuine benefit. But the same technology that powers these improvements also introduces privacy risks that most patients are never told about.

Recent presentations at the Radiological Society of North America (RSNA) have raised concerns that are worth understanding, especially if you or a family member has ever had a medical image taken.

What happened

The RSNA 2025 technical exhibits featured the largest radiology AI showcase to date, underscoring how quickly these tools are being adopted in hospitals and imaging centers. At the same time, researchers presented studies showing that AI systems can be manipulated in alarming ways.

One study demonstrated that deepfake X-rays—synthetic images generated by AI—could fool both practicing radiologists and AI detection systems. The fake scans were so realistic that even experts couldn’t reliably tell them apart from genuine images. This raises the prospect of someone inserting a fraudulent scan into a patient’s record, either for insurance fraud or to alter a diagnosis.

Separately, other research has shown that medical image datasets are not as anonymous as many people assume. Even after removing obvious identifiers like name and date of birth, re‑identification attacks can link images back to individuals using techniques that match unique anatomical features or combine the image data with other publicly available information.

Why it matters

Most patients assume their medical images are protected by laws like HIPAA (the Health Insurance Portability and Accountability Act). While HIPAA does cover the confidentiality of medical records, it was written before AI became a routine part of imaging workflows. It does not specifically address the ways AI models use patient data for training, nor does it require that patients be told when their scans are used to train commercial AI tools.

That gap matters because many hospitals and imaging centers share de‑identified imaging data with AI vendors to improve their algorithms. “De‑identification” sounds safe, but researchers have repeatedly shown it is not foolproof. Once a scan is linked back to you, your entire medical history and even your physical anatomy become part of a dataset that can be copied, leaked, or sold.

Beyond the data‑leak risk, deepfake scans introduce a new kind of vulnerability. If an attacker can insert a fake image into your record, they could trigger unnecessary treatments or cover up a real condition. The same technology that helps diagnose diseases can also be used to tamper with evidence.

What you can do

You don’t need to become a cybersecurity expert to protect yourself. A few practical steps can make a difference.

  • Ask your imaging center about their AI use. Before you have an X‑ray, MRI, or CT scan, ask whether your images will be used to train AI systems. Some centers have opt‑out policies. Others may not even know themselves—so asking raises awareness.

  • Read the consent form carefully. Many imaging consent forms include broad language allowing your data to be used for “research” or “quality improvement.” That often includes AI training. If you’re uncomfortable, ask to strike that clause or choose a provider that does not share images.

  • Check your patient portal. After your scan, see what is being shared and with whom. If you find your images are being accessed by parties you don’t recognize, file a complaint with the provider’s privacy officer.

  • Understand your legal rights. HIPAA gives you the right to request an accounting of disclosures—a list of who has seen your medical information. State laws in some places (like California’s CCPA) give additional rights over how your data is used. HIPAA itself does not preempt stronger state protections.

  • Be skeptical of third‑party health apps. Never upload your medical images to an app that claims to give a second opinion unless you have verified its privacy policy and data security practices.

The bottom line

Medical imaging AI holds real promise for earlier and more accurate diagnoses. But that promise comes with trade‑offs that are only beginning to be understood. The best way to protect yourself is to stay informed, ask direct questions, and treat your imaging data as carefully as you treat your credit card number.

It is your health, and your data. Don’t assume someone else is protecting it.

Sources

  • Radiological Society of North America. “Deepfake X‑Rays Fool Radiologists and AI.” RSNA, March 2026.
  • Radiological Society of North America. “RSNA 2025 Technical Exhibits Feature Largest Radiology AI Showcase.” RSNA, September 2025.
  • Various studies on re‑identification of medical images (see RSNA annual meeting abstracts and peer‑reviewed radiology journals).