AI in Medical Imaging: New Privacy Risks Patients Should Know About

AI in Medical Imaging: New Privacy Risks Patients Should Know About

Medical imaging has quietly become one of the most data-intensive areas of healthcare. Every X-ray, CT scan, or MRI is a detailed digital file containing not only anatomical information but also biometric markers that are unique to each person. As artificial intelligence tools become more common in radiology, these images are being processed, stored, and shared in ways that raise new privacy questions.

Recent research from the Radiological Society of North America (RSNA) has highlighted that AI can generate highly realistic fake X-rays—so-called deepfakes—that fool both human radiologists and AI-based detection systems. The same technology that promises better diagnostics also opens a Pandora’s box of privacy risks. For patients, understanding these risks and knowing what to ask can make a real difference.

What Happened?

In a study presented at the RSNA annual meeting, researchers demonstrated that deepfake chest X-rays, created using generative adversarial networks (GANs), were able to deceive experienced radiologists. The fabricated images appeared medically plausible, and in some cases, they also evaded AI tools designed to detect manipulation. The study’s authors warned that such synthetic images could be used for insurance fraud, falsifying medical records, or even undermining trust in diagnostic imaging.

This is not a hypothetical problem. The same techniques that generate deepfake faces can be applied to medical images with minimal effort. A patient’s real X-ray could be altered to show a condition that doesn’t exist, or a healthy image could be swapped for one that suggests disease. The consequences range from wasted healthcare resources to serious misdiagnosis. Beyond fraud, the underlying data—the real images themselves—carry privacy risks. Medical images contain enough detail to potentially identify a person uniquely, and once shared online or with third-party AI services, control over that data can be lost.

Why It Matters

Most patients assume their medical images are protected by laws like HIPAA in the United States. That protection is real for records held by covered entities, but it has gaps. When images are uploaded to cloud-based AI analytics platforms, third-party vendors may have access. And HIPAA does not explicitly address AI-generated or manipulated images. If a fake X-ray is introduced into a medical record, it could become part of a patient’s permanent file—with no simple way to trace its origin.

Re-identification is another concern. Even after removing names and IDs, researchers have shown that facial features reconstructed from CT scans can be matched to individuals. Biometric data embedded in medical images can be used for identity theft or extortion. As AI evolves, so do the methods for extracting personal information from scans.

The RSNA study serves as a reminder that innovation in medical imaging brings not only diagnostic benefits but also new avenues for misuse. Patients deserve to know where their images are going and who can access them.

What Patients Can Do

1. Ask your provider about AI use. Radiology departments increasingly use AI tools for image analysis. Ask: “Does the AI tool process images on-site or send them to an external server? Is the data encrypted during transmission and storage? Who has access to the images after the analysis?” Healthcare providers should be able to give clear answers.

2. Read consent forms carefully. Some forms include clauses that allow your de-identified images to be used for AI training or research. De-identification is not always irreversible. If you are uncomfortable, ask to opt out or request clarification about what “de-identified” means in practice.

3. Be cautious about sharing images. Online forums or telemedicine platforms that ask you to upload scans may not have strong privacy safeguards. Verify the platform’s security policies before sharing any medical image. Avoid posting images on social media.

4. Request a copy of your imaging record. You have the right to access your medical images. Keeping a personal copy gives you some control and allows you to spot discrepancies if you ever need a second opinion.

5. Stay informed about updates. Regulations around medical data and AI are evolving. Organizations like RSNA and the American College of Radiology publish patient-friendly guidance. A quick search for “patient guide to AI in radiology” can yield reliable resources.

Future Outlook

Regulators and professional societies are beginning to address these risks. The RSNA has set up task forces to study AI integrity, and there are ongoing efforts to develop standards for detecting synthetic medical images. Some hospitals are implementing digital watermarking and blockchain-based audit trails to track image provenance. But these measures are not yet widespread.

For now, the best defense is awareness. Patients don’t need to become cybersecurity experts, but asking a few pointed questions can reduce the chance of their images being misused. The technology is moving fast, and the privacy protections have not kept pace—so a cautious, informed approach is a reasonable one.

Sources

• RSNA study on deepfake X-rays: Radiological Society of North America, “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks,” presented at RSNA 2025.
• Additional context on medical image re-identification: Schwarz et al., “Identification of Individuals from Medical CT Scans Using Facial Recognition,” Nature Communications, 2020.
• General guidance on HIPAA and AI: U.S. Department of Health and Human Services, “HIPAA and the Use of Artificial Intelligence,” updated 2024.