Medical Imaging AI: The Hidden Privacy Risks You Need to Know About

Medical Imaging AI: The Hidden Privacy Risks You Need to Know About

Artificial intelligence is being rolled out in radiology departments faster than most patients realize. It can spot tumors in CT scans, flag fractures in X-rays, and speed up diagnoses. But recent reports from the Radiological Society of North America (RSNA) have drawn attention to a less discussed side of this technology: serious privacy risks that could affect any patient who has ever had a medical image taken.

What happened

At RSNA 2025, researchers presented findings that deepfake X‑rays – synthetic images generated by AI – can fool both human radiologists and AI diagnostic tools. The implications are troubling. A fabricated chest X‑ray showing a fake tumor could be inserted into a patient’s record to justify unnecessary procedures, or a normal scan could be doctored to hide an existing condition. The RSNA report noted that current detection methods are not reliable enough to catch all such forgeries.

Separately, privacy researchers have found that AI models trained on medical images can inadvertently memorize and reproduce identifiable patient data. Even when images are “de‑identified,” the AI may reconstruct facial features or other unique markers from the pixel data, especially in high‑resolution scans like CT and MRI. And the data sets used to train these models – often shared among hospitals and research institutions – are not always secured as tightly as the original patient records.

Why it matters

Medical images are among the most sensitive pieces of health data. They reveal not just a diagnosis, but often a person’s age, sex, body shape, and sometimes even their face. If an X‑ray or a CT scan is leaked, it is rarely anonymized enough to be harmless. With AI tools now widely available, the risk of misuse grows.

There is currently no federal law that specifically governs the use of AI in medical imaging or the security of image training data sets. HIPAA covers health records broadly, but its protections for images were written before AI training at scale became common. This regulatory gap means that how your images are handled when used to train or test an AI model can vary widely from one hospital to the next – and patients are rarely informed.

The deepfake X‑ray threat also undermines trust. If a doctor cannot be sure that a scan is authentic, the entire diagnostic process is compromised. And because AI‑generated forgeries are improving, the line between real and fake will only get harder to draw.

What readers can do

You do not need to become a privacy expert to push for better protection. A few practical steps can make a difference:

• Ask your provider about AI use. When your doctor orders an X‑ray, CT, or MRI, ask whether AI is used to help analyze the image. If yes, ask how your images are stored, who has access, and whether they are used for training AI models. Many hospitals have a patient rights office that can answer these questions if your doctor cannot.
• Check your medical records. Under HIPAA, you have the right to access your medical images (usually on a CD or via a patient portal). Review them periodically to ensure they are yours and have not been altered. If you notice anything unusual, flag it with your provider.
• Request a “non‑training” designation. Some institutions allow patients to opt out of having their data used for AI training. This is not yet universal, but it is becoming more common. Ask for a written record of your preference.
• Support stronger privacy rules. Until federal law catches up, state‑level legislation is moving. For example, California’s genetic privacy laws have been cited as models for broader health data protections. Let your elected representatives know that medical image AI privacy matters to you.

Sources

• Radiological Society of North America (RSNA) – “Deepfake X‑Rays Fool Radiologists and AI,” March 2026.
• RSNA “Medical Imaging AI Opens a Pandora’s Box of Privacy‑Related Risks,” May 2026.
• U.S. Department of Health and Human Services – HIPAA Privacy Rule (current guidance on de‑identification and minimum necessary standard).
• Various peer‑reviewed studies on AI data reconstruction attacks (e.g., “Membership Inference Attacks on Medical Image Datasets,” Nature Machine Intelligence, 2024).

Note: No federal law currently addresses AI‑specific privacy in medical imaging. The RSNA reports cited are preliminary and further independent verification is needed.