Your Medical Scans Are Fueling AI—Here’s What That Means for Your Privacy

Artificial intelligence is changing how radiologists read X-rays, MRIs, and CT scans. These tools can detect tumors, measure organ sizes, and flag abnormalities faster than a human eye alone—and in many hospitals, they’re already in use. But as AI becomes more common in medical imaging, a quieter conversation is emerging about what happens to the data inside those scans.

At the 2026 meeting of the Radiological Society of North America (RSNA), researchers and privacy experts issued a clear warning: the same AI that helps diagnose disease can also expose sensitive information about patients in ways that traditional privacy rules never anticipated.

What happened

The RSNA’s report, titled “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks,” outlined how AI tools that process medical images can unintentionally create new privacy vulnerabilities. The report noted that scans contain far more than just anatomical structures. A CT scan of the head, for instance, can include enough data to reconstruct a recognizable face. An MRI of the chest may capture tattoos or surgical scars. And even when images are de‑identified—meaning patient names and IDs are removed—AI models can sometimes re‑identify individuals by matching facial features or analyzing metadata embedded in the image files.

The concern isn’t only about accidental leaks. In some cases, researchers have shown that generative AI can perform “model inversion” attacks: if someone gains access to a trained AI model, they can recreate images of the original patients who contributed to the training data. A 2023 MIT study demonstrated this risk in medical imaging, and the RSNA report cited it as a credible threat.

Why it matters

For most patients, the privacy of their health data is supposed to be protected by HIPAA—the Health Insurance Portability and Accountability Act. But HIPAA was written before AI became a routine part of radiology, and it has significant gaps when it comes to the new risks.

HIPAA covers identifiable health information, but it does not explicitly address AI‑generated inferences. For example, if an AI model predicts a patient’s age, sex, or even genetic predispositions from a scan, that derived data may not be treated as protected health information under current rules. Similarly, de‑identified data—which is often used to train AI models—can sometimes be re‑identified using the techniques described above. Once data is shared for research or commercial purposes, there is often little legal recourse if it is later linked back to a specific person.

There are also real‑world implications. Insurers and employers could potentially use AI‑analyzed scans to make coverage decisions or discriminate. In 2024, news reports surfaced of insurers using AI to deny claims based on imaging data, though the full extent of that practice is still unclear. The risk is not hypothetical: the more data flows into AI systems, the more opportunities there are for misuse.

What readers can do

Patients are not powerless, but the steps they can take are still limited by how opaque many AI systems are. Here are practical actions to consider:

  • Ask your doctor or radiologist whether AI tools are used to analyze your scans. You have a right to know what software is involved and how your data is handled. Some hospitals publish this information, but many do not.

  • Inquire about data sharing policies. Many medical centers allow patients to opt out of having their images used for AI training or research. This option is rarely advertised, so you may need to ask specifically. Even if you allow your data to be used for clinical care, you can often refuse secondary uses.

  • Request a copy of your imaging records. Under HIPAA, you can obtain your own scans and reports. Having a copy gives you a record of what exists and makes it harder for unauthorized access to go unnoticed.

  • Monitor for breaches. If your hospital notifies you of a data breach involving imaging data, take it seriously. Ask what specific information was exposed and whether AI models were involved.

  • Support stronger privacy regulations. Laws are beginning to catch up—some states are considering AI‑specific health data protections—but progress is slow. Letting your elected officials know that medical AI privacy matters to you can help move the needle.

Sources

The information in this article draws on the following sources:

  • Radiological Society of North America. “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” RSNA press release, May 2026. (Available via RSNA.org)
  • MIT Computer Science & Artificial Intelligence Laboratory. “Model Inversion Attacks on Medical Imaging AI.” 2023.
  • U.S. Department of Health and Human Services. “HIPAA Privacy Rule.” HHS.gov.

Note: Laws and policies vary by institution and jurisdiction. The risks described are based on published research and public reports; specific vulnerabilities may not apply to every AI system or hospital.