Study: Some Patients’ Data at Greater Risk When Using Medical AI Tools
A new study published by Telehealth.org has found that when medical artificial intelligence tools are used in healthcare, not all patients face the same level of data exposure risk. The research identifies certain demographic and clinical groups whose health information may be more vulnerable to unintended sharing or breach. With AI adoption in clinical settings accelerating, these findings are a practical prompt for patients to take a closer look at how their data is handled.
What Happened
The study, cited in a Telehealth.org report, analyzed how patient data flows through AI-powered diagnostic, triage, and monitoring systems. It found that factors such as race, income level, and specific medical conditions correlated with higher exposure risks. For example, patients from minority groups or lower-income backgrounds were more likely to have their data processed through less-secure or less-transparent AI systems. Similarly, individuals with complex or chronic conditions often generated richer data sets—making them more attractive targets for secondary use or accidental leakage.
These disparities are not simply theoretical. The HIPAA Journal’s 2026 trends report notes that healthcare data breaches have continued to rise, with the number of affected individuals exceeding 50 million in the past year alone. While not all breaches stem from AI tools, the expansion of digital health records and AI-driven analysis creates new points of vulnerability that may affect certain groups disproportionately.
The Telehealth.org study did not claim that the AI tools themselves are biased in terms of who gets breached, but rather that the systems and data-handling practices that surround them are not applied equally across patient populations. This uneven application, the authors argue, stems from differences in healthcare provider resources, the types of institutions that serve different communities, and the kinds of data that are generated.
Why It Matters
The immediate risk is that sensitive health information—including diagnoses, genetic data, and lifestyle details—could be accessed by unauthorized parties, used for marketing, or even leaked publicly. Beyond the personal harm, there is a broader erosion of trust. If patients in certain communities come to believe that using AI-enabled services puts them at greater privacy risk, they may avoid beneficial medical tools or delay care.
There is also a long-term fairness issue. If data from certain groups is more exposed, that data may be used to train future AI models, potentially embedding biases or amplifying vulnerabilities. Regulatory frameworks like HIPAA were not designed with AI’s complexities in mind, and the uneven playing field the study describes suggests that privacy protections need to be re-examined with an equity lens.
What Readers Can Do
You do not need to accept these risks as a given. Here are practical steps you can take now to better protect your health data when AI tools are involved:
- Ask your provider directly. Before agreeing to any AI-assisted test or assessment, ask: “What AI system are you using, and how is my data protected?” Many providers can share general privacy practices. If they cannot answer, consider that a red flag.
- Read the privacy notice for any patient portal or health app. Look for language about data sharing for research, marketing, or third-party processing. A clear “we do not sell your data” statement is better than vague wording. The Telehealth.org study recommends specifically asking if AI models are trained on your data and whether you can opt out.
- Use patient portals with care. Avoid entering more information than necessary. Do not use the portal’s messaging feature for sensitive conversations unless you are sure it is encrypted. If possible, log in from a personal device rather than a shared computer.
- Limit what you share with health apps and chatbots. The American Psychological Association issued a health advisory in 2025 warning about generative AI chatbots used for mental health support, noting that many collect extensive data that is not covered by HIPAA. Stick to tools offered by your healthcare provider rather than independent apps.
- Check breach notifications. If your healthcare provider has experienced a data breach, they are legally required to notify you. Keep contact information current so you receive those notices. The HIPAA Journal maintains an ongoing tracker if you want to see which institutions have had incidents.
If you belong to a group identified as higher risk—such as a low-income patient using a community health center or someone managing a rare condition—consider being especially vigilant. You might also raise the issue with patient advocates or during community health forums to push for stronger, uniform protections.
Sources
- Telehealth.org report on the medical AI privacy study (primary source)
- The HIPAA Journal – Trends in Healthcare Data Breach Statistics (2026 update)
- American Psychological Association – Health advisory on generative AI chatbots and wellness applications for mental health (2025)
- National Academy of Medicine – Advancing Artificial Intelligence in Health Settings Outside the Hospital and Clinic (2025)
- JD Supra – Decoded: Technology Law Insights, V 7, Issue 6, 2026
- Trend Micro – A Hidden Vulnerability in Healthcare: Exposed DICOM Servers and the Risk to Patient Data (2026)
Note: The specific demographic findings from the Telehealth.org study are described based on publicly available summaries. For the full methodology and breakdown, refer to the original report.