Medical Imaging AI Raises New Privacy Concerns – Here’s What Patients Need to Know

Artificial intelligence is making its way into radiology departments across the country. Algorithms can now help detect tumors, fractures, and other findings in X‑rays, CT scans, and MRIs faster than ever. But a recent report from the Radiological Society of North America (RSNA) warns that these advances come with a growing set of privacy risks that patients should be aware of. While the benefits of AI in medical imaging are real, the way patient data flows into these tools is often invisible to the people whose images are being used. This article explains what the RSNA found, why it matters for you, and what you can do to protect your medical data.

What Happened

In May 2026, the Radiological Society of North America (RSNA) – a leading authority on radiology – released a report detailing privacy vulnerabilities in medical imaging AI. The report highlights several specific threats:

  • Re‑identification of de‑identified images. Even after patient names and identifiers are stripped, AI techniques can sometimes match images back to individuals by comparing them with other available data.
  • Data breaches. Large datasets of medical images are stored in the cloud or shared between institutions. A breach could expose not only the images but any linked metadata, such as age, diagnosis, and treatment history.
  • Unauthorized secondary use. Images collected for one purpose (like training a breast cancer detector) may later be used for completely different tasks – without the patient’s knowledge or consent.
  • Gaps in consent forms. Many consent forms for imaging procedures do not clearly state whether images will be used for AI development or shared with third‑party companies.

The RSNA report does not call for a halt to AI use – it seeks to bring these risks into the open so that patients and providers can make informed decisions.

Why It Matters

Medical images are unlike most other health data. A chest X‑ray or a brain MRI can reveal not only a specific condition but also subtle physical characteristics that are nearly as unique as a fingerprint. Once an image is linked to a patient, re‑identification can expose sensitive information that patients may not want made public – such as a history of mental illness, genetic markers, or reproductive health issues.

Data breaches in healthcare are already common. Adding large‑scale AI training datasets to the mix increases the appeal of these troves to attackers. And even when data stays inside the system, secondary use without consent can undermine trust. A patient may be comfortable with their images being used to improve diagnostic accuracy, but less so if the same images end up training a commercial algorithm that gets sold to insurance companies – potentially affecting coverage decisions.

The RSNA report comes as AI adoption accelerates. Radiology departments are under pressure to demonstrate advanced capabilities, and many outsource data handling to third‑party vendors. Patients rarely see the data flow agreements behind the scenes. Without greater awareness, they may unknowingly forfeit control over their most personal medical records.

What Readers Can Do

You do not need to become a data security expert to reduce your risk. Here are concrete steps you can take at your next medical imaging appointment:

  • Ask your provider about data use. Before an MRI, CT, or X‑ray, ask: “Will my images be used for AI training or research? If so, who sees them? Can I choose to opt out without affecting my care?” Many facilities have policies in place but do not volunteer the details.
  • Read the consent form carefully. Look for phrases like “de‑identified data may be used for research,” “images may be shared with business partners,” or “data may be stored on cloud servers.” If the language is vague, ask for clarification – and consider whether you want to sign.
  • Request data minimization. Ask whether the facility can store only the images and a limited set of metadata (e.g., no address or full date of birth). Some institutions allow this upon request.
  • Check whether the facility publishes a privacy notice. Legitimate providers should have a clear, publicly available notice explaining how they handle patient data, including who has access and how long data is retained.
  • If you are participating in a research study, confirm what data will be collected, how it will be anonymized, and whether it can be withdrawn later. The RSNA recommends that consent forms for imaging AI specifically mention the possibility of re‑identification.

These steps may feel inconvenient, but they are the surest way to learn how your data is being used – and to assert your right to control it.

Sources

  • RSNA report: “Medical Imaging AI Opens a Pandora’s Box of Privacy‑Related Risks.” Radiological Society of North America, May 20, 2026.
    [Note: The full report is available through RSNA’s official channels.]

This article is based on the RSNA’s findings and is not a substitute for legal or medical advice. If you have specific concerns about your healthcare data, consult your provider or a patient rights organization.