Medical Imaging AI Is Raising Serious Privacy Risks – Here’s What Patients Need to Know

Medical Imaging AI Is Raising Serious Privacy Risks – Here’s What Patients Need to Know

Intro

Artificial intelligence is changing how radiologists read X-rays, CT scans, and MRIs. Algorithms can spot tumors, fractures, and other abnormalities faster than a human eye in some cases. That’s a clear benefit for diagnosis. But the same technology introduces privacy risks that many patients don’t realize exist. Your medical images may be used to train AI models, stored by third-party cloud services, or even manipulated into convincing forgeries. Understanding these risks is the first step toward protecting yourself.

What happened

In March 2026, researchers at the Radiological Society of North America (RSNA) presented evidence that deepfake X-rays can fool both radiologists and AI detection systems. These synthetic images look real but could be used to insert fake findings, hide real ones, or impersonate a patient’s medical history. At RSNA’s 2026 annual meeting, the radiology AI showcase was the largest ever, underscoring how quickly these tools are being adopted.

The privacy issues go beyond deepfakes. When you undergo a medical scan, your images often travel through several hands: the imaging center, the hospital, the AI vendor’s servers, and sometimes cloud storage providers. Many AI models are trained on large datasets of real patient scans, often de-identified but still vulnerable to re-identification. A 2022 study showed that facial recognition algorithms could match de-identified head CT scans to individuals by reconstructing facial features from the imaging data. Similar risks apply to chest X-rays and other scans that contain enough anatomical detail to link back to a specific patient.

Why it matters

For everyday patients, the implications are concrete.

• Misdiagnosis or fraud: A deepfake X-ray inserted into your medical record could lead to incorrect treatment, unnecessary surgery, or insurance fraud in your name.
• Loss of control over your data: Once your scan is used to train an AI model, you can’t easily withdraw it. The model may be sold or shared with researchers, drug companies, or even insurers, potentially affecting your coverage or premiums.
• Weak legal protections: The Health Insurance Portability and Accountability Act (HIPAA) covers how healthcare providers handle your data, but it was written long before AI became widespread. HIPAA may not fully apply when your images are processed by an AI vendor that acts as a “business associate” – and the rules vary by state and country. There is currently no federal law in the U.S. that specifically regulates AI privacy in medical imaging. This legal gap leaves room for data practices that patients might not expect.

The RSNA deepfake research highlights another layer: if AI-generated fake scans can deceive radiologists, the trust in medical imaging itself could erode. A patient might not know whether the report they receive corresponds to a real scan or a manipulated one.

What readers can do

You don’t have to refuse necessary scans, but you can take steps to reduce the risk.

1. Ask about data handling before the procedure. Call the imaging center or your doctor’s office and ask: “Are my images shared with any AI vendors? Where are they stored? How long are they kept?” Reputable providers should have clear answers. If they seem uncertain, consider that a red flag.

2. Request an opt-out, if available. Some facilities allow patients to choose whether their scans can be used for research or AI training. State your preference in writing if possible. The downside is that opting out might not affect all uses – vendors often train models on historical data without seeking consent.

3. Use secure patient portals. When accessing your own images or reports, use the provider’s encrypted portal rather than email. If you download DICOM files (the standard format for medical images), store them on an encrypted drive and avoid sharing them on unsecured platforms.

4. Check your medical records regularly. Under HIPAA, you have a right to access and correct your health information. Look for any imaging reports that don’t match your records or that you don’t remember having done. Report discrepancies to your provider.

5. Support stronger transparency rules. Advocacy groups like the Electronic Frontier Foundation and Patient Privacy Rights are pushing for laws that require explicit patient consent before medical images enter AI training pipelines. Writing to your elected representatives can help close the regulatory gap.

Sources

• Radiological Society of North America. “Deepfake X-Rays Fool Radiologists and AI.” March 24, 2026.
• RSNA 2026 Annual Meeting: “At the Center of Care” – program notes on AI privacy sessions.
• Schwarz, C. et al. “Identification of Individuals from 3D Medical Imaging.” Nature Communications, 2022. (Re-identification risk study.)

The privacy risks posed by AI in medical imaging are real, but not inevitable. By staying informed and asking the right questions, patients can help ensure the benefits of AI don’t come at the cost of their personal data.