What You Need to Know About the Privacy Risks of AI in Medical Imaging

When you get an X-ray, MRI, or CT scan, you probably assume the images stay between you and your doctor. But with artificial intelligence now routinely used to analyze medical images, that assumption is no longer safe.

A recent report from the Radiological Society of North America (RSNA) warns that the adoption of AI in medical imaging has opened a Pandora’s box of privacy concerns. For patients, this means your scans—and the sensitive health data they contain—may be used in ways you never agreed to.

What happened

At the RSNA annual meeting in late 2025, researchers and ethicists presented findings that AI systems trained on medical images can extract far more information than intended. Even when images are anonymized—stripped of names, dates, and ID numbers—AI can sometimes reidentify individuals by reconstructing facial features from CT or MRI head scans, or by matching unique anatomical patterns across datasets.

The report highlighted several documented cases where patient data was shared with third-party AI vendors without explicit consent. In some instances, images were used to train commercial algorithms that later became part of diagnostic tools sold to other hospitals. Patients were never told their scans had left the health system’s control. The RSNA also expressed concern about the potential for data breaches, as large imaging datasets become attractive targets for hackers.

Why it matters for you

Medical images are not just pictures. They contain biomarkers, genetic indicators, and sometimes visible patient identifiers. Once an image leaves your provider’s network, you lose most legal protection over its use.

Here are the main risks:

  • Reidentification. Researchers have shown that deep learning models can match anonymized scans to public facial databases. Even without a face, the unique bone structure or vessel pattern in a scan can link back to you.
  • Unauthorized training. Your scan might feed an AI model that a company later patents or sells. You get no compensation or control.
  • Bias and discrimination. If training datasets lack diversity, the AI may perform poorly on certain groups, leading to misdiagnosis. But more directly, your data could be used in ways that affect your insurance or employment if it leaks.
  • Security breaches. Medical imaging datasets are large, valuable, and often less protected than electronic health records. They are a growing target for ransomware and data thieves.

What you can do about it

You cannot fully control how a hospital or imaging center handles your data, but you can take practical steps to reduce your exposure.

Ask before you scan. When your doctor orders an imaging exam, call the facility and ask: “Will my images be used for AI research or training? And will they be shared with any third-party companies?” Many facilities have policies that allow patients to opt out of data sharing for secondary uses, but they rarely mention it unless you ask.

Read the consent form. You will likely sign a general consent when you register. Look for clauses about “de-identified data,” “research use,” or “quality improvement.” If the language is vague or broad, ask to speak with the privacy officer. You can often decline to allow your data for anything beyond your direct care.

Check whether the facility has a data-sharing agreement. Some hospitals now disclose partnerships with AI vendors on their websites. If your facility uses an AI tool to read your scan, ask who trained that tool and on what data.

Opt out of research registries. Some imaging centers participate in large data repositories. You may be able to opt out by contacting the radiology department or the institution’s institutional review board (IRB).

Understand your rights under HIPAA. The Health Insurance Portability and Accountability Act gives you the right to request an accounting of disclosures—a list of who has seen your data. This does not cover all uses (research under an IRB may be exempt), but it’s worth knowing.

The bigger picture

Regulators are catching up slowly. The RSNA itself is developing guidelines for ethical AI use in radiology, including transparency requirements for how patient data is used in training. Some states have started to introduce bills that would require explicit consent for commercial use of medical images. But until those protections become standard, the burden falls on patients to be proactive.

AI in medical imaging can improve diagnosis and save lives. That’s a genuine benefit. But it should not come at the cost of your privacy. Knowing the risks and asking the right questions is the first step to keeping your health data yours.

Sources: Radiological Society of North America (RSNA) report on privacy risks from AI in medical imaging, presented at RSNA 2025 annual meeting. Additional context from peer-reviewed studies on reidentification of medical images (e.g., work by Schwartz et al., 2021; Baggili et al., 2022).