Artificial intelligence is becoming a standard tool in radiology. Algorithms can now detect tumors, fractures, and early signs of disease faster than many human eyes. But as hospitals and imaging centers feed millions of scans into these systems, a quieter problem is growing: the privacy of your medical images. A recent report from the Radiological Society of North America (RSNA) warns that the widespread use of AI in medical imaging has created a “Pandora’s box” of privacy risks — and most patients have no idea their data may be part of it.

What Happened

In May 2026, the RSNA published findings that highlight how AI models trained on large datasets of X-rays, MRIs, and CT scans can inadvertently expose sensitive patient information. The report notes that many of these datasets, even when “de-identified,” can be re-identified using techniques like facial recognition on 3D reconstructions, or by linking image metadata to public records. The RSNA presentation pointed to real incidents: a 2023 ransomware attack on a medical imaging vendor leaked millions of patient scans, including names and birth dates. As AI adoption accelerates, the amount of imaging data being collected and shared — often without explicit patient consent — is growing exponentially.

Why It Matters

For patients, the stakes are personal. Medical images contain far more than a diagnosis. They can reveal body shape, bone structure, unique anatomical markers, and even implants that could identify you. If this data is breached, it could be used for discrimination by insurers or employers, sold to data brokers, or exploited for targeted scams. And unlike credit card numbers, you can’t change your iris pattern or spinal structure.

Current laws offer limited protection. HIPAA covers how healthcare providers handle medical records, but it does not always apply to the companies that develop or run AI systems, especially if they operate outside a covered entity. Many consent forms include broad language allowing your images to be used for “research and development” — which can include training commercial AI models. The RSNA report itself calls for stronger safeguards, including better transparency about how images are used and stricter limits on re-identification.

What Readers Can Do

You don’t have to stop getting necessary scans to protect your privacy, but you can take several practical steps:

  1. Ask before you scan. Before any imaging exam, ask your provider: “Will my images be used to train AI? Can I opt out?” Many hospitals now have policies that allow you to decline participation in research databases. If they can’t give a clear answer, that’s a red flag.

  2. Read the consent form carefully. Look for phrases like “data sharing,” “de-identified data,” or “secondary use.” If it’s vague, ask for clarification. You have the right to limit how your images are used, though you may need to sign an additional form.

  3. Request a data-use notice. Under HIPAA, you can ask for an accounting of disclosures — a list of who has received your medical information, including images. This can help you see if your data has been shared outside your provider’s network.

  4. Use privacy-focused providers if possible. Some imaging centers and radiology practices explicitly state they do not sell patient data or use it for AI training without explicit consent. Ask your doctor for recommendations.

  5. Report concerns. If you suspect your images have been misused or exposed, file a complaint with the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services. You can also notify your state attorney general’s office.

The future of medical AI doesn’t have to be a privacy nightmare. Researchers are developing techniques like differential privacy (which adds statistical noise to datasets) and synthetic data (artificial images that mimic real ones). But for now, the responsibility often falls on patients to ask questions and read the fine print. The RSNA’s warning is clear: the box is open, but it’s not too late to decide what you share.

Sources

Note: The RSNA article is cited as available in May 2026; if the link becomes unavailable, you can search for the RSNA report on their official website.