Medical Imaging AI Raises New Privacy Risks: What Patients Need to Know

Artificial intelligence is becoming a standard tool in radiology. Algorithms help radiologists detect fractures, tumors, and early signs of disease from X‑rays, CT scans, and MRIs. This technology can improve diagnosis, but it also introduces privacy concerns that many patients aren’t aware of. Recent reports from the Radiological Society of North America (RSNA) highlight a growing problem: medical imaging AI can inadvertently expose personal health data, and the safeguards that were built for traditional medical records don’t always apply.

What Happened

In May 2026, RSNA published an article titled “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” The piece outlines how AI models trained on large datasets of medical images can memorize and later reveal identifiable information about individual patients. This isn’t a hypothetical risk—researchers have demonstrated that under certain conditions, an AI model can be manipulated to reconstruct a person’s face from a CT scan, or to leak details like age, sex, and even genetic markers that were never meant to be shared.

The article points to several mechanisms. One is a technique called model inversion, where someone with access to a trained AI can extract training data. Another is membership inference, where an attacker can determine whether a specific patient’s scan was included in the training set. Both methods can violate patient privacy even if the images themselves were de-identified before being used.

Why It Matters

Medical images contain far more than the anatomical information needed for diagnosis. A chest X‑ray can reveal a person’s approximate age, body shape, and sometimes unique features like surgical implants or scars. When these images are fed into an AI model, that sensitive information becomes embedded in the algorithm’s parameters. Unlike a paper file locked in a cabinet, an AI model is a piece of software that can be copied, distributed, and reverse-engineered.

The scale of the problem is large. Hospitals and research institutions routinely share imaging datasets to train better algorithms. Consent forms often give broad permission for “research uses,” without explaining that the algorithm itself might be released publicly. And while laws like the Health Insurance Portability and Accountability Act (HIPAA) in the United States require removal of 18 specific identifiers from medical records, those rules were written before the rise of machine learning. They don’t account for the fact that an AI can re‑identify people using statistical patterns that aren’t explicit identifiers.

The RSNA report stresses that the pace of AI adoption has outstripped privacy protections. In many cases, patients aren’t told that their scans will be used to train AI, let alone asked for separate consent. And once an AI model is deployed in a clinical setting, it can continue to collect and store data from new scans, compounding the risk over time.

What Readers Can Do

You can take steps to protect your medical imaging data, even if the system around you isn’t perfect. Start by being proactive when you schedule an imaging exam.

Ask your provider about data sharing. Before your scan, ask whether your images will be used for AI training or research. Many hospitals have a checkbox on the consent form that allows you to opt out. Insist on understanding what “research” means in their context. If the answer is unclear, request a written explanation.

Read the consent form carefully. Look for phrases like “de‑identified data may be shared with third parties” or “used to improve algorithms.” If the form is vague, ask a staff member to point out the specific clause. You have the right to refuse participation in research without affecting your medical care.

Request an explanation of AI use. If your hospital uses AI tools to read scans, they should be able to tell you which AI systems are in place and whether those systems have been independently audited for privacy. Some vendors have started publishing “model cards” that describe training data and privacy measures. Ask if such documentation is available.

Follow up after your scan. You can request a copy of your imaging report and the images themselves. Check that the metadata—like your name, date of birth, and medical record number—is not embedded in the image file when it is stored or shared. Most PACS systems handle this automatically, but errors happen.

Support stronger regulations. The RSNA report itself calls for updated privacy standards that specifically address AI. Advocacy groups like the Electronic Frontier Foundation and the American Civil Liberties Union are tracking this issue. Writing to your elected representatives or hospital administration can help push for change.

Sources

  • RSNA. “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” Radiological Society of North America, May 20, 2026.
  • Further academic research on model inversion and membership inference in medical imaging (see, e.g., studies by Fredrikson et al. and Shokri et al.).

The bottom line: AI in medical imaging offers real benefits, but it also creates new ways for private health data to slip into the open. Understanding the risks and asking the right questions gives you more control over your own medical information.