Your Medical Scans Are Feeding AI – What That Means for Your Privacy

Your Medical Scans Are Feeding AI – What That Means for Your Privacy

If you’ve ever had an X-ray, MRI, or CT scan, those images become part of a digital record. Today, that record is increasingly used not just by your radiologist, but by artificial intelligence systems that help detect tumors, measure blood flow, or flag fractures. AI has genuine diagnostic benefits, but a growing number of radiologists and privacy experts are warning that the same data pipelines powering these tools also create new vulnerabilities for your personal health information.

What’s Happening

A report released in May 2026 by the Radiological Society of North America (RSNA) with the headline Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks summarizes the concerns. The core issue is that AI models require vast amounts of medical images to train on, and those datasets often contain more than just pixel data.

The RSNA article notes that re-identification is a real threat. Even when images are “de-identified” – with names and direct identifiers removed – researchers have shown they can sometimes be linked back to individuals using metadata or distinctive anatomical features. Another risk is that third-party vendors (the companies developing the AI tools) may store, process, or share images in ways patients never consented to. Data breaches at hospitals or at the vendors themselves can expose the same images, and because medical images are rich in biometric and diagnostic data, the damage from a leak can be long-lasting.

The report also points out that many patients are never asked whether their scans can be used for AI training. Consent forms are often vague, and the option to opt out of future data sharing is not always clearly offered.

Why It Matters to Patients

This isn’t a hypothetical worry for tech specialists. If your medical images are part of a training set, the AI model might “remember” unique features of your anatomy or condition. In theory, a third party with access to the model could try to confirm whether you were in the training data (a membership inference attack). That could reveal that you have a certain disease.

Beyond re-identification, there’s the question of control. Once a scan is shared with an AI vendor, you lose influence over where else that image might end up – for example, in research repositories in other countries with weaker privacy laws. The RSNA article highlights that large imaging AI datasets are sometimes assembled from multiple hospitals, and patients rarely have a clear picture of who gets copies of their data.

For everyday readers, this means that an MRI you had for a sprained knee could wind up in a cancer detection model without you ever knowing about it. While the intent is beneficial, the result is that your health data is circulating more widely than you might expect.

What You Can Do

You don’t have to avoid needed medical imaging, but you can take steps to protect your privacy.

• Ask your provider. Before a scan, ask whether the facility uses AI in image analysis and whether your images may be shared with third-party vendors. Many hospitals have a patient privacy office that can explain their policies.
• Read the consent form. Most hospitals ask you to sign a general consent for treatment and data use. Look for language about “research,” “machine learning,” or “de-identified data.” If it’s vague, ask what opting out would mean.
• Request an opt-out. Several institutions allow you to restrict your data from being used for research or AI training. The RSNA report notes that patients should assert this right – and that facilities should make it easy to do so.
• Ask about de-identification. If your images are to be used for AI training, ask what method of de-identification is used. Some methods are stronger than others. Experts advise against relying on simple name removal.
• Stay informed. This area is evolving quickly. Regulations such as HIPAA in the U.S. cover identifiable health information, but de-identified data falls into a gray zone. Future rules may require stronger patient consent.

It’s also worth remembering that not all AI use is unsafe. Many radiology departments apply AI locally, without sending images outside the hospital network. The risk varies by vendor and implementation. But as the RSNA report makes clear, transparency is currently inconsistent, and patients are often left in the dark.

Sources

• Radiological Society of North America, “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks,” May 2026.