Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks
Examining the radiologist’s duty to protect patient privacy in the AI imaging era
The development of AI applications in medical imaging has shifted how radiologists need to think about privacy. “Medical images are highly detailed and clinically rich. Even when obvious identifiers are removed, they can still carry patient-specific information,” said Li Xiong, PhD, a professor of computer science and biomedical informatics at Emory University in Atlanta.
Traditionally, privacy meant safeguarding patient-identifiable information during the handling and sharing of medical images used to train AI systems. However, once AI models are trained and deployed, they can create new privacy risks.
For example, generative AI models trained on medical images can reproduce images that are very similar to real patient scans, raising concerns about potential data memorization and privacy leakage. This capability also raises an important question: How similar can synthetic images be to real patient data without compromising patient privacy?
Even privacy-preserving frameworks such as federated learning, which enable collaborative training without the need to share raw data, can be vulnerable to attacks. In fact, recent studies have shown that attackers can exploit shared gradients— equivalent model updates that enable them to infer or reconstruct information about the underlying training data.
“These examples highlight why privacy considerations in medical imaging AI must go beyond metadata protection and include the security of the models themselves,” explained Michail Klontzas, MD, PhD, a radiologist at the University of Crete School of Medicine in Greece, and senior author of a Radiology: Artificial Intelligence article on the topic.
Practical Steps for Mitigating Privacy Risks
In his article, Dr. Klontzas and colleagues outline practical steps that radiologists and clinical institutions can take to mitigate privacy risks when using AI in medical imaging. “The first step is to carefully de-identify imaging data before sharing,” he said. “This includes removing patient identifiers from DICOM metadata and all potentially identifiable image features.”
Dr. Klontzas further recommends that data sharing follow established regulatory frameworks, such as the GDPR or HIPAA, and be supported by appropriate ethical approvals and data governance procedures. Institutions should also implement secure data management practices and carefully evaluate AI models for potential privacy risks before deployment.
“In essence, any models used in clinical settings need to be rigorously vetted in terms of privacy-related risk,” Dr. Klontzas noted.
Part of the Solution Too
Despite their potential to aggravate privacy concerns, AI models can serve as effective mitigation tools when deployed with appropriate safeguards. “AI can be an important part of the solution for detecting, monitoring and mitigating the privacy risks it creates,” Dr. Xiong said.
For instance, AI-based techniques can support the automated de-identification of imaging data by detecting and removing identifiable features such as facial structures in brain MRI scans. Likewise, generative models can create synthetic medical images, allowing researchers to develop and validate AI systems without directly sharing real patient data.
Privacy-preserving training strategies such as federated learning can support collaborative model development while limiting the transfer of sensitive data across institutions. Approaches like differential privacy and encryption-based methods have also been proposed to prevent models from revealing information about their training data.
Dr. Klontzas is quick to remind radiologists of the privacy risks each of these techniques present. “Radiologists would be remiss to see such contemporary techniques as a panacea for privacy protection as they are also vulnerable to attacks that can expose sensitive patient information,” he said.
Striking a Balance Between Patient Privacy and Clinical Value
Radiology’s increasing use of AI technology has opened a Pandora’s box of new privacy-related risks. While mitigating these risks is challenging, doing so responsibly is equally complex.
“In radiology and medicine, utility is not just model accuracy—it’s diagnostic reliability and clinical usefulness, especially for subtle findings, rare conditions and underrepresented populations,” Dr. Xiong explained. “The challenge is to design privacy protections that safeguard patient privacy while preserving real clinical value.”
Drs. Xiong and Klontzas agree that the key to striking such a balance is identifying potential risks at the beginning of the model lifecycle.
“Identifying risks early will make it much easier to implement the appropriate safeguards while still preserving the intended benefits,” Dr. Klontzas concluded.
For More Information
Read the Radiology: Artificial Intelligence study, “Rethinking Privacy in Medical Imaging AI: From Metadata to Pixel-level Identification Risks to Federated Learning and Synthetic Data Challenges.”
Read previous RSNA News stories on privacy and AI: