Radiology AI Compliance: FDA 510(k) Clearance, ACR Guidance, and SaMD Regulations for Imaging AI

Published February 25, 2026Reading time ~11 minCategory Healthcare AI

Radiology is the specialty most directly transformed by AI — and most directly regulated by the FDA as Software as a Medical Device. Over 700 AI-enabled radiology devices have received FDA clearance through the 510(k) or De Novo pathways as of 2024. The American College of Radiology has issued extensive guidance on AI integration, and the intersection of FDA device regulation, HIPAA for imaging data, and ACR clinical practice standards creates a three-layer compliance framework that radiology practices must navigate carefully.

700+

FDA-cleared AI-enabled radiology devices as of 2024 (FDA AI/ML Action Plan data)

The FDA's AI/ML-Based Software as a Medical Device (SaMD) Action Plan documents over 700 FDA-authorized AI/ML-enabled medical devices, the majority of which are radiology applications. Categories include: chest X-ray AI (pneumonia, lung nodule detection), mammography AI (cancer detection), CT/MRI AI (stroke detection, fracture identification), and pathology AI (cancer cell classification). Each cleared device has specific indications, limitations, and performance benchmarks that radiologists must understand.

FDA 510(k) AI Device Clearances: Key Radiology Examples

Selected FDA-Cleared Radiology AI Products

Aidoc CT Triage: K192678 — Intracranial hemorrhage detection on CT; first AI radiology triage clearance
Zebra Medical: Multiple clearances for chest X-ray findings including vertebral fractures, liver fat
iCAD: K202278 — Mammography AI for cancer detection probability scoring
Viz.ai: K182895 — Large vessel occlusion detection for stroke triage
Standard: ACR-NASCI-SIR-SPR AI Practice Parameter (2022) governs clinical AI deployment

ACR Guidance on Radiology AI

The American College of Radiology's 2022 Practice Parameter for AI in Radiology establishes expectations for radiologists using AI tools. Key ACR positions:

Radiologist responsibility: The interpreting radiologist remains responsible for the final interpretation regardless of AI assistance. AI findings cannot be signed out without radiologist review — AI is a second reader, not a replacement
Performance monitoring: Practices using AI must monitor AI performance in their specific patient population. Published FDA clearance performance may not generalize to different demographics or imaging equipment
Disclosure: ACR guidance suggests that AI use in image interpretation may require disclosure to referring clinicians and potentially patients, particularly for AI that makes clinically actionable recommendations
Audit trail: HIPAA requires audit trails for PHI access; radiology AI that accesses DICOM images must generate audit logs meeting HIPAA Security Rule requirements

SaMD Classification Framework: Radiology AI is classified by the FDA based on the significance of the clinical information provided and the severity of the condition detected. AI detecting critical/emergent conditions (stroke, pulmonary embolism) from CT scans is typically Class II/III with higher regulatory requirements. AI providing administrative workflow support (routing, prioritization without clinical interpretation) may be classified outside the SaMD framework entirely.

Compliance and Implementation Checklist

Radiology AI Compliance — Key Requirements

FDA Clearance Verification
Before deploying any radiology AI, verify FDA clearance status at the FDA 510(k) database (accessdata.fda.gov). Note the cleared indication — AI cleared for lung nodule detection on chest CT is not cleared for other findings. Using AI outside its cleared indication is an unauthorized use of a medical device.

ACR Accreditation Alignment
Verify that AI deployment aligns with ACR accreditation requirements for your modality. ACR mammography accreditation, CT accreditation, and MRI accreditation standards address equipment and protocol requirements that AI tools must not circumvent.

DICOM Data HIPAA Compliance
DICOM imaging files contain embedded patient PHI in image headers. AI platforms processing DICOM images must handle this PHI under HIPAA — de-identification for research use, BAAs for clinical use, and encryption for transmission. Verify the AI platform's DICOM PHI handling before deployment.

Performance Monitoring in Your Population
Establish ongoing performance monitoring for radiology AI in your specific patient population. FDA clearance performance data is based on validation datasets that may not represent your demographics, equipment, or imaging protocols. Monthly performance review against radiologist reads is ACR best practice.

Radiologist Override Documentation
Implement and document a radiologist override process — when the radiologist disagrees with AI findings, the override must be documented. This data is essential for quality monitoring and creates a medico-legal record demonstrating radiologist clinical judgment over AI output.

Vendor Contract AI Liability Allocation
Radiology AI vendor contracts must clearly allocate liability for AI performance failures. Who bears liability when AI misses a finding that the radiologist then also misses based on AI confirmation bias? Legal review of radiology AI contracts should address this question explicitly.

Frequently Asked Questions

Do all radiology AI tools need FDA clearance?

AI that is intended to aid in the diagnosis or treatment of disease, or that provides clinical information for healthcare decisions, requires FDA clearance as a medical device. AI that purely manages workflow (routing, scheduling, prioritization without clinical interpretation) may not require clearance. The FDA's 2022 CDS guidance provides the analytical framework — when in doubt, consult with regulatory counsel.

What is the ACR AI-LAB and how does it affect compliance?

The ACR AI-LAB is the ACR's initiative to validate and monitor AI tool performance in real-world radiology practice. Participation is voluntary but provides practices with comparative performance data. The ACR also maintains an AI Central registry of FDA-cleared radiology AI tools with performance data. Using ACR AI-LAB data demonstrates due diligence in AI monitoring per ACR practice parameter requirements.

How does HIPAA apply to DICOM images in AI systems?

DICOM images contain PHI embedded in the DICOM header (patient name, DOB, MRN, accession number). AI platforms accessing, transmitting, or storing DICOM images are Business Associates subject to HIPAA. BAAs must be in place; data must be encrypted in transit (TLS 1.2+) and at rest (AES-256). DICOM images sent to cloud AI platforms for analysis must travel through HIPAA-compliant channels with documented BAAs with the cloud provider.

What liability exposure exists when radiology AI misses a finding?

When a radiologist uses AI and the AI misses a finding that the radiologist also misses, liability typically rests with the radiologist — AI is a decision support tool, not a co-signer. However, if AI confirmation bias contributed to the miss (radiologist trusted AI over their own observation), this may affect the legal analysis. Practices should maintain clear documentation that the radiologist performed an independent review, not merely relied on AI output.

How should radiology practices disclose AI use to patients and referring physicians?

ACR guidance suggests AI use disclosure is ethically appropriate but does not mandate specific disclosure language. Referring physicians should understand when AI tools are used in interpretation and their limitations. Patient disclosure of AI use is increasingly expected — some states may require it. Practices should develop a standard disclosure process aligned with ACR guidance and legal counsel advice.

HIPAA-Compliant AI for Radiology Practice Administration

Claire handles radiology scheduling, prior authorization for imaging studies, and patient communication — with HIPAA compliance for DICOM data environments and ACR workflow compatibility.

Book a Demo See How It Works