Medical Imaging AI Raises New Privacy Risks: What Patients Should Know

If you’ve had an X-ray, MRI, or CT scan recently, there’s a good chance artificial intelligence was involved in analyzing your images. AI tools in radiology can help detect tumors, fractures, and other findings faster and sometimes more accurately than a human eye alone. But as these tools become more common, a growing number of experts are warning about a less publicized side effect: new privacy risks for patients.

A recent article from the Radiological Society of North America (RSNA) uses the phrase “Pandora’s Box” to describe the privacy vulnerabilities that AI in medical imaging can open. If you’re a patient, it’s worth understanding what those risks are and what you can do about them.

What Happened

The RSNA article, published in May 2026, was written by radiologists and data security experts who have been studying the intersection of AI and medical imaging. Their core message is that AI introduces privacy threats that traditional medical data protections were not designed to handle.

Specifically, the authors point to several problems:

  • Re-identification. Even when medical images are stripped of obvious identifiers like name and date of birth, AI models can sometimes reconstruct enough facial features or other unique markers to re-identify a person.
  • Unauthorized data use. Large datasets of medical images are often shared across institutions to train AI models. Patients may not know their images are being used for purposes beyond their own care.
  • Inference attacks. AI can infer sensitive information from images—such as a person’s approximate age, sex, or even genetic traits—that the patient never consented to share.
  • Data breaches. Centralized repositories of imaging data, especially when stored in the cloud, create attractive targets for hackers.

The RSNA authors caution that current de-identification methods, which were developed for static databases, may not hold up against modern AI techniques that can find patterns humans would miss.

Why It Matters

You might assume that laws like HIPAA protect your medical images as thoroughly as they protect your written health records. In practice, HIPAA’s rules were written before AI became widespread in radiology. De-identification standards, for example, allow images to be used for research if 18 specific identifiers are removed. But as the RSNA experts note, that approach no longer guarantees anonymity.

The result is that your medical images could be shared, sold, or used to train commercial AI products without your explicit knowledge or consent. And once an image is used to train a model, it cannot be “unshared.” The image may live on in training datasets even if you later ask for your data to be deleted.

These risks are not theoretical. Researchers have already demonstrated that facial recognition AI can match a person’s 3D facial reconstruction from a CT scan to a photograph taken from a smartphone. Similar techniques could allow an attacker to link your medical images to your identity and then to other sensitive data.

What Readers Can Do

As a patient, you don’t have to be powerless. Here are concrete steps you can take to protect your privacy when undergoing medical imaging:

Ask about AI use. Before your scan, ask your doctor or the radiology department whether AI will be used to analyze your images and whether your images will be used for AI training. Many hospitals now have a policy, but they may not volunteer the information.

Review consent forms. When you sign a consent form for a scan, look for language that mentions “research,” “data sharing,” or “commercial use.” If it’s vague, ask for clarification. You have the right to know what will happen with your data.

Opt out if possible. Some institutions allow you to opt out of having your images included in research or training datasets. This may not affect your care. Ask if an opt-out option exists.

Inquire about data storage. Ask how your images are stored: locally, in a cloud service, or shared with third-party vendors. If it’s the latter, ask what safeguards are in place and whether the vendor uses the data for its own purposes.

Ask about de-identification methods. If your images are to be used for AI training, ask what specific steps are taken to de-identify them. Some newer techniques, such as removing facial features from scans before sharing, offer better protection than simple name removal.

Follow up with your medical record. Under HIPAA, you have the right to access your medical records, including imaging reports. You can also request an accounting of disclosures to see who has accessed your data.

No single step will eliminate all risk, but being an informed patient can reduce the chance of your images being used in ways you would not approve of.

Sources

Radiological Society of North America (RSNA). “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” Published May 20, 2026. This article served as the primary source for the expert warnings and specific risks described above.

Note: Additional context on de-identification limitations and re-identification risks is drawn from published research in medical imaging security and privacy, which the RSNA article cites. Individual hospital policies may vary, so always ask directly.