Your Medical Scans, AI, and Privacy: What You Need to Know

If you’ve had an X-ray, MRI, or CT scan recently, there’s a good chance an AI system helped your radiologist interpret the images. AI tools are being adopted quickly in radiology because they can spot subtle patterns that human eyes might miss. But as the technology spreads, a less-discussed issue is drawing attention from privacy researchers: the same AI that reads your scan can also extract far more personal information than you might expect—and that data can end up in places you didn’t intend.

What Happened

In May 2026, a report from the Radiological Society of North America (RSNA) highlighted what it called a “Pandora’s Box” of privacy risks tied to medical imaging AI. The report, covered by multiple outlets, described how AI models trained on millions of scans do more than detect disease. They can learn to infer a patient’s age, sex, race, and even genetic markers from image features that are invisible to a human radiologist. That information might be embedded in the AI’s training data or be re-identifiable when the model is used. The RSNA report is not alone—similar concerns have been raised in academic papers and by the American College of Radiology.

The core issue is that medical images are no longer just pictures. Once they are fed into an AI system, they become part of a larger dataset that can be copied, shared, or used for purposes beyond your original care. De-identification—stripping your name and ID numbers—is supposed to protect you, but AI can sometimes undo that process by matching image features with public records or other datasets.

Why It Matters

This matters because medical imaging data is increasingly stored in the cloud, shared with third-party AI vendors, and used for research. Current US health privacy law (HIPAA) covers images held by your provider, but it does not fully cover how AI companies use those images to train their models or what happens after data is transferred. A hospital may share anonymized scans with a tech firm; that firm might later combine them with other data, or a breach could expose them. And because AI can re-identify people from scan features, “anonymized” might not mean what you think.

The consequences go beyond embarrassment. If an insurer or employer obtains re-identified health information, it could affect your coverage or employment. Genetic information inferred from a scan could be used in ways you never consented to. While large-scale abuse has not been widely reported yet, the RSNA report warns that the safeguards we rely on are not keeping pace with AI capabilities.

What Readers Can Do

You don’t have to avoid necessary medical imaging, but you can take steps to protect your privacy:

  • Ask about AI use. Before a scan, ask your provider whether AI will be involved and who has access to the images. Many hospitals have policies they can explain.
  • Request an opt-out for research use. Some facilities allow you to restrict your images from being used for research or AI training. It may not affect your care, and you can choose to allow it only for direct treatment.
  • Check your provider’s privacy notice. Look for language about data sharing with third parties, cloud storage, and whether they use “de-identification” methods that are current with AI threats.
  • Consider using a patient portal to monitor access. You can sometimes see who has viewed your records. If something looks unusual, ask.
  • Support stronger regulation. Proposed laws would require explicit consent for AI training on medical data and mandate transparency about re-identification risks. Contacting your representatives can help.

The RSNA report recommends that patients and providers demand “differential privacy” techniques—adding noise to data so AI cannot pinpoint individuals—and better patient consent forms.

Sources

  • RSNA report: “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks,” May 2026.
  • Radiological Society of North America news release, covered by Google News and other outlets.
  • American College of Radiology guidelines on AI and data security.
  • HIPAA Privacy Rule (45 CFR 164.514) and its limitations on de-identified data.
  • Peer-reviewed studies on re-identification of medical images using AI (e.g., Nature Communications, 2023).

The goal is not to scare you away from imaging that could save your life, but to help you make informed choices. AI in radiology is a powerful tool—and like any powerful tool, it needs careful handling to protect the people it serves.