Medical AI and Your Privacy: What You Need to Know About Risks in Medical Imaging

Artificial intelligence is making its way into radiology departments across the country, promising faster diagnoses and fewer missed abnormalities. But a recent report from the Radiological Society of North America (RSNA) highlights a less discussed side of this trend: the privacy risks that come with medical imaging AI. From data breaches to deepfake X-rays that can fool both doctors and algorithms, the technology is raising hard questions about who has access to your medical images and what they can do with them.

What Happened

In March 2026, researchers presented findings at the RSNA annual meeting showing that AI can generate realistic deepfake chest X-rays—synthetic images that look like real patient scans. When shown to experienced radiologists and AI diagnostic tools, these fakes were misidentified as authentic a significant portion of the time. The study is a stark demonstration of how the same AI techniques that help interpret medical images can also be used to fabricate them.

Beyond the deepfake problem, privacy researchers have long warned that medical imaging data is more sensitive than many people realize. Even when a patient’s name and date of birth are stripped from an image, the scan itself can often be re-identified by linking it to other stored data—such as the unique anatomy of a person’s lungs or bones. And many healthcare providers are not transparent about how they store, share, or use imaging data for AI training. A survey cited by RSNA found that a majority of patients were unaware their medical images could be used to develop commercial AI products.

Why It Matters

Health data is among the most private information a person has. A chest X-ray can reveal not just a broken rib but also signs of chronic disease, pregnancy, or even substance use. If that data leaks—through a breach, a poorly secured cloud storage system, or by being fed into an AI model without proper consent—the consequences go beyond embarrassment. Deepfake scans could be used to commit insurance fraud, blackmail individuals, or create false medical records that affect treatment decisions.

The legal protections are also patchy. HIPAA covers how hospitals and doctors handle protected health information, but it was written long before AI became a common tool in radiology. De-identification standards under HIPAA are often considered insufficient by privacy experts, and there are no federal rules yet specifically addressing how AI models treat training data that includes medical images. Some states are beginning to step in with their own laws, but the regulatory landscape remains fragmented.

What Readers Can Do

You don’t have to forgo medical imaging to protect your privacy, but it pays to be proactive. Here are concrete steps to consider:

  • Ask your provider about data practices. Before a scan, ask how your images will be stored, who will have access to them, and whether they will be used to train or validate AI systems. Not all staff will know the answer, but raising the question signals that privacy matters to you.
  • Read the consent form carefully. Many radiology consent forms include clauses about research and commercial use. You may have the right to opt out of having your data used for AI development. If the form is vague, ask for clarification in writing.
  • Prefer providers with strong security policies. Look for imaging centers that advertise or disclose encryption, regular security audits, and limits on data retention. Some facilities now offer “AI-free” or “opt-out” options for patients who want their scans used only for their own diagnosis.
  • Stay informed about new regulations. Keep an eye on updates from the Office for Civil Rights (which enforces HIPAA) and your state attorney general’s office. New AI-specific privacy laws are being proposed in several states, and public comment periods are one way patients can have a voice.

Sources