The Privacy Risks of AI in Medical Imaging: What Patients Need to Know

Artificial intelligence is changing how medical images such as X-rays, MRIs, and CT scans are interpreted. AI tools can help radiologists detect diseases faster and more accurately. But along with these benefits, there are growing concerns about patient privacy. A recent report from the Radiological Society of North America (RSNA) warns that AI in medical imaging opens what it calls a “Pandora’s box” of privacy-related risks. If you have ever had a medical scan, it is worth understanding what is at stake.

What Happened

In May 2026, RSNA published a report examining the privacy vulnerabilities created by AI systems in radiology. The report highlights that AI models are trained on large datasets containing thousands of patient images and associated metadata. This data often includes identifiable information such as names, dates of birth, and medical record numbers. Even when images are de-identified, researchers have shown that faces, tattoos, or unique anatomical features can still allow someone to re-identify a patient.

The RSNA report also notes that some AI systems are developed by third-party companies. When hospitals share imaging data with these vendors, data may be stored on external servers or used for purposes beyond the original clinical intent, such as training commercial algorithms. Data breaches and unauthorized access remain a real risk, as demonstrated by past incidents at major health systems.

Why It Matters

Medical images are among the most personal kinds of health data. A single scan can reveal not only a diagnosis but also age, body shape, and sometimes even identity. When this data is used to train AI, it may circulate beyond the original patient–doctor relationship.

Current privacy laws like HIPAA provide important protections, but they have limits. HIPAA applies to healthcare providers and their business associates, but it does not always cover every use of data by AI vendors, especially when data is de-identified. De-identification reduces risk, but it is not foolproof. Researchers have repeatedly demonstrated that de-identified data can be linked back to individuals using publicly available information.

There is also a less visible risk: secondary use. Your images might be used to train an AI model that your own hospital then licenses back from a vendor. You may never be asked for permission. While many institutions have ethics boards that review research, not all uses of clinical data for AI development require explicit patient consent.

For patients, the practical effect is a loss of control over personal health information. And because AI models can be shared broadly, a privacy breach or misuse at one institution could affect patients at many others.

What Readers Can Do

You have more rights and choices than you may realize. Here are practical steps you can take:

  1. Ask your provider about AI use. Before a scan, ask: “Will AI be used to interpret my images, and is my data shared with third parties?” Most hospitals have a privacy officer who can answer.

  2. Read consent forms carefully. Many consent forms include a clause that permits your data to be used for research or quality improvement. If you are uncomfortable, ask for more details or request that your data be excluded from AI training. Some institutions now allow you to opt out.

  3. Request a notice of privacy practices. Under HIPAA, you have the right to understand how your health information is used and disclosed. If the notice is vague about AI training, ask for clarification.

  4. Inquire about data storage and security. Ask if your images are stored locally or with a cloud provider. If they are stored with a vendor, ask about encryption and breach notification policies.

  5. Stay informed about your hospital’s policies. Patient advocacy groups and some hospital websites now publish transparency reports about AI use.

  6. Consider participating in data governance discussions. Some hospitals have patient advisory committees that review how patient data is used.

Sources

  • Radiological Society of North America. “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” 2026.
  • Radiological Society of North America. “Special Report Highlights LLM Cybersecurity Threats in Radiology.” 2025.
  • Radiological Society of North America. “Radiologists Share Tips to Prevent AI Bias.” 2025.

The balance between innovation and privacy is not easy. AI in medical imaging offers real clinical value, but patients deserve transparency about how their data is used. By asking the right questions, you can make informed decisions and help shape a system that respects both progress and privacy.