Who’s at Higher Risk of Data Exposure from Medical AI? New Study Reveals Surprising Groups
Medical AI is moving fast. Tools that analyze symptoms, suggest treatments, and monitor chronic conditions are becoming part of routine care. But along with the convenience comes a serious question: who actually sees that data?
A recent study published by Telehealth.org suggests that the risks are not evenly distributed. Some patients are far more likely to have their health data exposed when using AI-driven medical tools. If you use telehealth platforms or have a rare condition, you may be in a higher-risk group without realizing it.
Here’s what the study found, why it matters, and what you can do about it.
What happened: disparities in data exposure
The study examined how different medical AI applications collect, store, and share patient information. The full findings are still emerging, but early reporting points to three key patterns:
Patients with rare conditions are more exposed. Because these diseases are less common, data from a small number of patients can be highly valuable to researchers and companies. AI models trained on limited datasets may also require more raw data per patient, increasing the amount of sensitive information collected.
Users of certain telehealth platforms face greater risk. Not all telehealth services are built the same. Some platforms use AI triage tools that record conversations, log symptoms, and share data with third-party analytics firms. The degree of protection varies significantly depending on whether the platform is covered by HIPAA and how it handles data retention.
Demographic disparities also appear. Patients in lower-income areas or those using free or low-cost health apps may have fewer legal protections and less transparent privacy policies. The study suggests that race, age, and income can correlate with weaker data safeguards, though the reasons are still being investigated.
It’s important to note that the study does not claim all medical AI is unsafe. Rather, it highlights that the risk of exposure is not uniform. Some patients are far more exposed than others.
Why it matters
Health data is among the most sensitive personal information you have. It cannot be changed like a credit card number. A leak of your diagnosis, prescription history, or genetic data can have consequences for employment, insurance, and personal relationships.
Medical AI tools often collect more than you might expect. They can record voice interactions, track location during appointments, and log behavioral patterns. And not all of them fall under HIPAA—the US law that sets minimum privacy standards for healthcare data. Generative AI chatbots for mental health, for example, have been flagged by the American Psychological Association for lacking adequate protections.
When disparities exist, certain groups bear the brunt of the risk. Patients with rare diseases may be frightened to share data because they fear being identified. The very tools that could help them get better care may instead make them more vulnerable.
What readers can do
You don’t have to stop using medical AI tools to protect yourself. But you can take practical steps to reduce your exposure.
Review app permissions and privacy policies. Before entering any health data into an app or chatbot, check what the company collects and who they share it with. Look for clear language about data retention, encryption, and third-party sharing. If the policy is vague, treat it as a red flag.
Choose HIPAA-compliant services when possible. For telehealth or AI-assisted diagnostics, select platforms that state they are covered by HIPAA. This doesn’t guarantee perfect privacy, but it does impose legal requirements for data protection. Many free wellness apps are not HIPAA-compliant.
Limit the data you share. Only provide information that is necessary for the specific consultation or analysis. Avoid giving consent for broad data collection “to improve our services” unless you understand exactly what that means.
Use encrypted communication. When possible, use end-to-end encrypted messaging or video for telehealth appointments. Standard text messages and email are often not secure.
Ask your provider directly. If a doctor or clinic uses an AI tool to review your data, ask how it is stored and who has access. They should be able to give you a straight answer.
Stay informed about data breach trends. The HIPAA Journal reported that healthcare data breaches are on the rise, with hacking and unauthorized access being the top causes. Knowing the landscape helps you judge which services to trust.
The bigger picture
This study is a reminder that technology does not affect everyone equally. As medical AI becomes more embedded in healthcare, patients need to be aware that their privacy may depend on factors they cannot control—like the rarity of their disease or the platform their clinic uses.
Regulation is still catching up. For now, your best defense is to ask questions, read the fine print, and limit data sharing to what is truly necessary. No AI insight is worth losing control of your health information.
Sources
- Telehealth.org – “Medical AI Privacy Study Finds Some Patients Face Greater Data Exposure Risks” (2026). Link
- HIPAA Journal – “Trends In Healthcare Data Breach Statistics” (2026). Link
- American Psychological Association – “Health advisory: Use of generative AI chatbots and wellness applications for mental health” (2025). Link