What Your Medical Images Could Reveal: The Privacy Risks of AI in Radiology

Artificial intelligence is transforming medical imaging at a rapid pace. Hospitals and clinics now use AI to help radiologists read X‑rays, CT scans, and MRIs faster and more accurately. That sounds like good news for patients, and in many ways it is. But there is a less visible side to this progress: the privacy of your medical images.

A recent article from the Radiological Society of North America (RSNA) frames the issue bluntly, calling AI‑enhanced radiology a Pandora’s box of privacy‑related risks. The piece, published in late May 2026, details how the very data that makes AI useful—your raw medical scans—can also expose personal information in ways patients (and sometimes even providers) do not fully anticipate.

What happened

The RSNA article highlights several emerging risks. Medical images are not just pictures of bones or organs. They contain metadata such as your name, date of birth, the facility where the scan was taken, and sometimes the referring doctor. When these images are used to train AI models or are sent to cloud‑based processing services, that metadata can be exposed to third parties.

Even more concerning is the ability of some AI tools to reconstruct a person’s face from a head CT or MRI scan. A facial image, combined with metadata, can re‑identify a patient whose data was supposed to be anonymous. Researchers have demonstrated that de‑identified medical images can be matched to real individuals through these methods. The RSNA article notes that this creates a tension between the benefits of AI (better diagnoses, faster workflows) and the loss of control over personal health information.

Why it matters

For an everyday patient, these risks may not be obvious. You go in for a routine chest X‑ray, and your doctor sends the digital file to an AI service that flags potential abnormalities. That service may be run by a vendor outside your healthcare system. In the United States, HIPAA governs how healthcare providers handle your data, but its protections do not always extend to third‑party AI vendors. And once data is considered “de‑identified” under HIPAA, providers are free to share or sell it without your consent.

Re‑identification is not just a theoretical risk. In 2019, researchers showed they could match CT scans to patient identities using facial recognition techniques. As AI becomes more common, the potential for such privacy breaches grows. If your medical images are leaked or re‑identified, the consequences could include discrimination by insurers or employers, embarrassment, or even identity theft.

What readers can do

You do not need to refuse a medically necessary scan, but you can take a few practical steps to protect your privacy.

First, ask your healthcare provider how your imaging data is handled. Specifically, ask whether they use any AI tools, whether those tools run inside the hospital system or in the cloud, and whether your images are shared with external vendors. Some providers may have a consent form that covers data use for AI—read it carefully.

Second, request that your images be anonymized before any use beyond your immediate care. Many facilities can strip metadata and remove facial reconstructions. While this does not guarantee protection from re‑identification, it significantly reduces the risk.

Third, ask whether your hospital allows you to opt out of research databases or AI training datasets. Some institutions give patients a choice, but they may not advertise it. You have the right to refuse permission for your data to be used outside your direct care.

Finally, keep in mind that regulations vary internationally. In Europe, the GDPR offers stronger protections, but the same technology challenges apply. Knowing the local rules can help you frame your questions.

Sources

The primary source for this article is the RSNA piece, “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks,” published May 20, 2026. Additional context comes from prior research on facial re‑identification using CT scans and from discussions at the 2025 RSNA annual meeting, which featured the largest radiology AI showcase to date. These events have kept the privacy debate active among radiologists and data security experts. As this field evolves, staying informed remains the best protection.