What Patients Should Know About Privacy Risks in Medical Imaging AI
Artificial intelligence is transforming radiology, helping radiologists detect tumors, fractures, and other findings more quickly and accurately. But the same technology that makes diagnosis faster also creates new privacy risks for patients. A recent report from the Radiological Society of North America (RSNA) warns that AI tools can inadvertently re-identify people from supposedly anonymized medical images, and that large imaging datasets used for AI training are vulnerable to breaches. For many patients, the question is no longer just “Will AI help my care?” but “What happens to my data after the scan?”
Understanding the Risk
Medical imaging data is among the most sensitive personal information a person can share. An X-ray or MRI contains not only anatomical details, but also metadata such as age, sex, and sometimes geographic or institutional identifiers. Even when names and direct identifiers are stripped, researchers have shown that AI models can reassociate these images with specific individuals using facial recognition or other biometric patterns. The RSNA report specifically highlights this risk: de-identification alone is not a guarantee of anonymity when AI is in the picture.
Beyond re-identification, there is the risk of data breaches. Large repositories of medical images are attractive targets because they contain high volumes of sensitive information. If a hospital or cloud provider storing imaging data for AI training suffers a breach, patients’ images—and any linked demographic data—could be exposed.
There’s also the less visible issue of consent. Many patients are not told that their medical images might be used to train or validate commercial AI systems. In some cases, images are shared with third-party developers under broad data-use agreements that patients never see or agree to. The RSNA report notes that patients are often not informed when their images are used for AI development.
Why It Matters to You
If you’ve ever had a mammogram, CT scan, or MRI, your imaging data may already be part of a research or training dataset. That doesn’t mean it has been misused, but it does mean you have very little control over how it is being used in the future. The benefits of AI in radiology are real—earlier detection, fewer missed diagnoses—but these benefits should not come at the cost of your privacy without your knowledge.
The issue is especially pressing because regulations have not kept pace with technology. In the United States, HIPAA protects health information but does not clearly cover all uses of de-identified data for AI development. The European Union’s GDPR offers stronger protections, but enforcement varies. Meanwhile, AI models are being deployed in clinical settings faster than new laws are passed.
What You Can Do
While you cannot fully control what happens to your images after they are taken, there are practical steps you can take to reduce the privacy risk.
Ask your provider about AI use before the scan. When scheduling an imaging appointment, ask whether AI software will be used to interpret the results, and whether your images might be shared with third-party developers. Many hospitals have a privacy officer or data governance team that can answer these questions. If you do not get a clear answer, consider asking in writing.
Request to opt out of AI training and research. Some institutions allow patients to opt out of having their data used for research or commercial AI development. This option is not always advertised, so you may need to specifically ask. If the facility offers an opt-out, request that it be noted in your record.
Ask about data anonymization. Find out what steps are taken to remove or obscure identifying information before images are used for any purpose beyond your direct care. Ask specifically whether facial features or other biometric identifiers are stripped from the images.
Store your own records safely. You can often request a copy of your imaging data on a CD or secure digital download. Having your own copy gives you more control, but be mindful of how you store and share it.
The Bigger Picture
Regulation is slowly catching up. The RSNA itself is advocating for clearer policies around patient consent and data security in AI development. Some states in the U.S. are introducing bills that require hospitals to disclose AI use and obtain patient permission for data sharing. In Europe, ongoing work on the AI Act and GDPR guidance may strengthen protections.
But for now, the responsibility largely falls on patients to ask questions and push for transparency. AI will continue to improve medical imaging, but it should do so with respect for the people whose data makes those improvements possible.
Sources:
- Radiological Society of North America: “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks”
- RSNA: “Radiologists Share Tips to Prevent AI Bias” (2025)
- RSNA: “Special Report Highlights LLM Cybersecurity Threats in Radiology” (2025)