Medical Imaging AI Could Expose Your Private Health Data: What to Watch For

Artificial intelligence is becoming a regular part of reading X-rays, CT scans, and MRIs. It helps radiologists spot tumors, fractures, and other findings faster than they could alone. But as hospitals and imaging centers adopt these tools, a less visible issue is emerging: the privacy of your medical images. A recent report from the Radiological Society of North America (RSNA) warns that the same AI systems designed to improve diagnosis can also introduce new ways for patient data to be exposed or misused.

What Happened

In May 2026, RSNA published a special report titled Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks. The report highlights several areas of concern that have received little public attention. For instance, the images themselves contain far more than the medical findings. A chest X-ray or a brain MRI can include facial features, metadata like the patient’s name or date of birth, and even subtle biometric patterns that could allow re-identification even after direct identifiers are stripped. When AI models are trained on large collections of scans, these data points become part of a permanent digital record that may be shared across institutions or countries.

The RSNA report follows an earlier special report from May 2025 that focused on LLM (large language model) cybersecurity threats in radiology. That report pointed out that text-based AI tools used for generating radiology reports can leak patient information if not properly secured, and that the same models can be tricked into revealing training data.

Why It Matters

For patients, the risks are not hypothetical. Radiological images are highly sensitive. They can reveal not only disease but also your body’s unique structure—bone shape, blood vessel patterns, and organ dimensions. Once an image is fed into an AI system, it may be stored on cloud servers, processed by third-party vendors, or used to improve future models. Under current health privacy law (HIPAA in the United States), many uses of data for AI training fall into a gray area. HIPAA’s “treatment, payment, and operations” exception can cover research and quality improvement, but it was written long before machine learning on imaging data became common. Patients are often not told that their scans will be used for AI training, and they rarely have a straightforward way to opt out.

There is also the risk of data breaches. Medical imaging databases are attractive targets for cybercriminals because they contain valuable personal information. A 2024 analysis of breach reports found that imaging systems were among the most commonly compromised medical devices. When AI tools are integrated directly into picture archiving and communication systems (PACS), the attack surface expands.

What Readers Can Do

You don’t need to refuse an MRI or CT scan to protect your privacy. Here are concrete steps you can take.

Ask your imaging center about AI use. Before a scan, ask: “Will my images be run through an artificial intelligence algorithm? If so, who developed the tool, where is the data stored, and can I request that my images not be used for training or research?” Many providers will give you a form or verbal explanation. If they can’t answer clearly, consider going to a facility that has a privacy policy you can review.

Review consent forms carefully. When you sign a general consent for treatment or imaging, look for language about data sharing for research or quality improvement. Some forms include a blanket permission to use your data “for any purpose.” You can ask to strike that clause or to limit use to your direct care.

Understand your rights under HIPAA. You have the right to see who has accessed your medical records, including images. You can request an “accounting of disclosures” from the healthcare provider. If you suspect that your images were shared without your permission, you can file a complaint with the Office for Civil Rights at the U.S. Department of Health and Human Services.

Consider opting out of imaging AI that isn’t necessary for your care. Some AI tools are used for screening purposes (e.g., detecting incidental findings) and are not essential for the diagnosis you came for. Ask your doctor whether the AI analysis is part of the standard of care, or whether it is an optional add-on. If it is optional, you can decline.

Keep copies of your own records. In many health systems, you can download your images and reports through a patient portal. Having your own copy helps you verify what has been shared and gives you control over third-party uses.

Be cautious about apps or services that offer to analyze your medical images. Direct-to-consumer AI tools for self-diagnosis are proliferating. Uploading a scan to an unknown company’s server may bypass all clinical privacy protections. Use only services recommended by your provider with a clear data-use policy.

Sources

  • Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks, Radiological Society of North America, published May 20, 2026.
  • Special Report Highlights LLM Cybersecurity Threats in Radiology, RSNA, published May 14, 2025.
  • Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, 45 CFR Parts 160 and 164.