Your Medical Scans Might Be Fed to AI – What That Means for Your Privacy

You probably don’t think twice about the X-ray, MRI, or CT scan you get at your doctor’s office. You lie still, the machine does its work, and a radiologist reads the images. But what happens to those images afterward is changing in ways that many patients aren’t aware of.

Hospitals and imaging centers are increasingly using artificial intelligence to help analyze scans. AI can spot fractures, tumors, and other findings faster than a human eye alone. That sounds like good medicine. But the same technology introduces privacy risks that researchers are only beginning to understand.

In March 2026, the Radiological Society of North America (RSNA) published research showing that deepfake X-rays can fool both radiologists and AI systems. The implication is unsettling: if AI can generate convincing fake medical images, it could also be used to manipulate real ones or expose sensitive patient data in ways that were previously impossible.

This article explains what’s happening with AI in medical imaging, why it matters for your privacy, and what steps you can take to protect yourself.

What happened: AI and medical imaging privacy risks

Hospitals have been digitizing medical images for years, usually storing them in systems called PACS (Picture Archiving and Communication Systems). AI tools are now layered on top of these systems to assist with diagnosis. But those tools often require large datasets to train on, and sometimes those datasets include real patient scans.

The privacy risks fall into three main categories:

  • Data breaches. Medical images, unlike credit card numbers, can’t be changed. Once they’re leaked, they’re out forever. And images often contain metadata (name, date of birth, patient ID) that can lead to identification.
  • Re-identification. Even after metadata is stripped, researchers have shown that facial features can be reconstructed from head CT scans or MRIs, potentially re-identifying patients. The RSNA and other groups have been studying this problem for years.
  • Deepfake manipulation. The March 2026 RSNA study demonstrated that AI-generated fake X-rays are realistic enough to fool trained radiologists and AI detection algorithms. This opens the door to fraud (e.g., fake injury claims) or blackmail (e.g., inserting a false tumor into a scan).

Why it matters for everyday patients

You might think, “I’m not a celebrity or a politician – why would anyone care about my scans?” But privacy breaches from medical data aren’t always targeted. They often happen in bulk, through insecure storage, vendor mistakes, or insider threats. Once your health data is exposed, it can be used for insurance discrimination, employment bias, or phishing scams that reference your actual medical conditions.

Moreover, the consent forms you sign before a scan may include broad language allowing your images to be used “for research and training purposes.” That can include sharing with third-party AI companies, sometimes without explicit opt-in.

The RSNA has raised awareness that AI creates new vectors for privacy invasion that patients and providers are just beginning to grasp. It’s not about stopping the technology – it’s about making sure you have control and transparency.

What readers can do: practical steps

You don’t need to become a privacy expert to protect yourself. Here are concrete actions you can take before your next scan:

  1. Ask your provider how AI is used. Before the procedure, ask: “Will AI be used to analyze my images? Are they shared with any outside companies for training or research?” Many radiologists or technicians can answer. If they can’t, ask for the privacy officer.

  2. Read the consent forms carefully. Look for phrases like “use for research,” “data sharing,” or “de-identified data.” If the form doesn’t specify that your data will be anonymized (stripped of identifiable information), ask what protections are in place. In the US, HIPAA requires disclosure of how your data is used, but not all hospitals are equally clear.

  3. Opt out if you can. Some institutions allow you to refuse to have your images used beyond your own care. This may be called a “restricted use” or “opt-out” option. It’s worth asking.

  4. Ask about anonymization. Even if your data is de-identified, re-identification is possible in some cases. Ask whether your provider uses methods that meet current standards (like the Safe Harbor method or expert determination under HIPAA).

  5. Be aware of deepfake risks. While you can’t prevent an attacker from generating a fake scan in your name, you can monitor your medical records for anomalies. Request a copy of your imaging report after each procedure and check that the findings match your diagnosis.

  6. Consider requesting no-AI interpretation. Some imaging centers now offer a “human-only” reading option. This may not be widely advertised, but you can ask.

Future outlook and your rights

In the US, HIPAA gives you the right to know who has accessed your medical records, including images. You can request an accounting of disclosures. In the EU, GDPR provides stronger protections, including the right to be forgotten and to object to automated processing.

Still, regulations are lagging behind AI’s capabilities. The RSNA and other medical societies are pushing for clearer standards, but individual patients shouldn’t wait. Even small steps – like asking questions and reading forms – can make a difference.

Medical AI promises better diagnosis and faster care. But that promise shouldn’t come at the cost of your privacy. By staying informed and proactive, you can get the benefits without giving up control of your most sensitive health data.

Sources:

  • RSNA, “Deepfake X-Rays Fool Radiologists and AI,” March 2026.
  • Radiological Society of North America, “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks,” 2026.
  • HIPAA Journal, “Medical Imaging Data Breaches: Risks and Prevention,” 2025.
  • European Data Protection Board, guidelines on AI and health data, 2024.