Medical Imaging AI Raises New Privacy Concerns — What Patients Should Know

Artificial intelligence is making medical imaging faster and more accurate. Algorithms now help radiologists detect tumors, fractures, and other abnormalities from X-rays, CT scans, and MRIs. But a growing body of research suggests that these same tools create new opportunities for patient data to be exposed, copied, or manipulated in ways patients may not expect.

A series of reports from the Radiological Society of North America (RSNA) over the past year has detailed these risks. The findings highlight how the widespread use of AI in medical imaging — while beneficial in clinical settings — opens a “Pandora’s box” of privacy-related vulnerabilities. For patients who trust their medical images to remain confidential, the implications are worth understanding.

What happened

In May 2026, RSNA published a report specifically addressing the privacy risks that come with integrating AI into medical imaging workflows. The report builds on earlier RSNA presentations from 2025, including a study showing that deepfake X-rays can fool both radiologists and AI systems. Researchers generated synthetic chest X-rays that appeared genuine enough to mislead trained specialists and the algorithms meant to detect abnormalities.

The RSNA’s 2025 technical exhibits also featured the largest showcase of radiology AI tools to date, signaling how quickly these technologies are being adopted. But as the volume of medical images stored and processed by AI systems grows, so does the attack surface for data breaches and unauthorized use.

Why it matters

Medical images are not just clinical records — they are also biometric data. A chest X-ray or MRI scan contains enough anatomical detail to identify a patient. If these images are leaked, mined for training datasets without consent, or used to generate convincing deepfakes, patients lose control over a uniquely personal part of their medical history.

There are at least three concrete concerns:

  1. Data breaches. Hospitals and imaging centers store vast numbers of scans. When AI tools are plugged into these systems, the images often flow through external servers or cloud platforms. If those services are not secured properly, the data can be exposed in a breach.

  2. Unauthorized sharing for AI training. Some AI vendors use patient images to train their algorithms. Depending on the consent language in a patient’s intake forms, this may happen without explicit permission. A 2025 RSNA article on AI bias also noted that training datasets can contain demographic imbalances, raising ethical questions about how data is collected and used.

  3. Deepfakes and medical fraud. The ability to generate synthetic X-rays that look real could be weaponized for insurance fraud, falsifying injury claims, or even generating misleading medical evidence in legal cases. While the RSNA research focused on proving the vulnerability, it underscores that current detection methods are not yet reliable.

The uncertainty is real: no one knows how widespread these practices are today because reporting is inconsistent. But the technological capability is already here, and the incentives for misuse exist.

What readers can do

Patients do not have to accept these risks passively. Here are practical questions to ask healthcare providers:

  • How are my images stored and processed? Ask if the imaging center uses AI tools, and whether those tools send images to third-party servers. Some facilities may have an opt-out policy.

  • What is your policy on data use for AI training? Many consent forms include broad language allowing use of de-identified data for research. Clarify whether you can restrict your images from being used for algorithm training.

  • Do you have a data breach notification plan? Under HIPAA, covered entities must notify patients if their data is compromised. But not all AI vendors fall under HIPAA directly. Ask who has access to your images outside your provider’s system.

  • Can I request an audit trail? Some electronic health record systems allow patients to see who accessed their records. Inquire whether that includes image access.

  • What are you doing to verify images aren’t tampered with? It may be early for most clinics, but asking can raise awareness.

Beyond these questions, stay informed about your rights under privacy laws. HIPAA gives you the right to request an accounting of disclosures. Consider reviewing your provider’s notice of privacy practices before signing it.

Sources

  • Radiological Society of North America. “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” May 2026.
  • Radiological Society of North America. “Deepfake X-Rays Fool Radiologists and AI.” March 2026.
  • Radiological Society of North America. “Radiologists Share Tips to Prevent AI Bias.” May 2025.

The privacy implications of AI in medical imaging are still unfolding. For now, the best defense is a few direct questions — and an awareness that your scan may be more than just a picture.