View the IHE-RO Flyer


Integrated with MOSAIQ radiation oncology is the MOSAIQ image-enabled electronic medical record (EMR), which supports the entire cancer care team by uniting diverse systems and devices. The ‘Integrating the Healthcare Environment for Radiation Oncology’ (IHE-RO) initiative seeks to improve the practice of radiation oncology through a standardized exchange of information. Working through the IHE-RO, Elekta Software leads the way in promoting open systems standards, leveling the interoperability playing field and affording vendors greater latitude to focus on maximizing efficiency and achieving high patient throughput.


The Health Insurance Portability and Accountability Act (HIPAA) affects every facet of the healthcare industry. HIPAA is intended to facilitate the most efficient and effective use of modern communication technology to reduce the immense cost of administrative overhead in the healthcare industry, while ensuring that the confidentiality, integrity, and availability of patient information is not unduly compromised. While no software application vendor can render your facility ‘HIPAA-compliant’ simply by using their product, we can provide products and services that make it easier for you, our valued customer, to meet your compliance requirements.

Elekta Software has provided customers with practical solutions that efficiently manage the process of delivering care. Elekta Software stands side-by-side with you to assist you in maintaining a high level of quality care.

Elekta is busy keeping pace with legislative developments so that our products continue to offer you the functionality you require.

Contact us with questions or concerns

Elekta Region North America

For more information about Elekta Region North America HIPAA efforts, HIPAA, Privacy or Security, please contact:

Roberto Heckmann
Data Privacy Officer Americas
400 Perimeter Center Terrace, Suite 50
Atlanta, GA 30346, United States
+1 (770) 670 2359


Elekta Software

For more information about Elekta Software’s HIPAA efforts, HIPAA, Privacy or Security, please contact:     

Katrin Högstedt
Global Data Protection Officer
Elekta Instruments AB Stockholm
P.O. Box 7593
Kungstensgatan 18
SE-103 93 Stockholm
+46 768544664

HIPAA Overview

The Health Insurance Portability and Accountability Act (HIPAA) was created to satisfy three objectives:

  1. To provide for continued coverage of benefits between employment gaps (Portability),
  2. To reduce healthcare fraud (Accountability), and
  3. To reduce the cost of the administration of the healthcare industry (Administrative Simplification).

Administrative Simplification began as President George Bush, Sr. assembled a group of healthcare industry leaders to discuss the reduction of healthcare administration costs; increased electronic data interchange (EDI) was the overwhelming answer. Faced with resistance in Congress, the Act only passed with extensive industry support.

The Department of Health and Human Services (DHHS) defines the purposes of the Administrative Simplification rule thusly:

  1. To protect and enhance the rights of consumers by providing them access to their health information and controlling the inappropriate use of that information;
  2. To improve the quality of healthcare in the U.S. by restoring trust in the healthcare system among consumers, healthcare professionals, and the multitude of organizations and individuals committed to the delivery of care; and
  3. Improve the efficiency and effectiveness of healthcare delivery by creating a national framework for health privacy protection that builds on efforts by states, health systems, and individual organizations and individuals.

[65 Fed. Reg. 82463 (December 28, 2000)]

Three Major Elements of Administrative Simplification

The Standards for Electronic Transactions and Code Sets

The cost of administration in the healthcare industry is very high. Providers, insurers, health plans, and others have utilized many different electronic data formats and transmission requirements. This complex web of data interchange has resulted in delays, confusing rejections, bureaucratic authorization processes, and low levels of remittance. The creation of national conformance standards covering the most routine electronic transmissions has the potential of reducing the resources – financial, time, and human – necessary to do business in the healthcare industry, as well as enhance the effectiveness of the intended transactions. The Standards for Electronic Transactions regulation has established mandatory transaction and coding requirements for defined electronic transactions. Providers are able to submit standard transactions to health plans and payers that have to accept them. Hence, electronic data interchange enables healthcare facilities to pursue the most effective and efficient use of modern information technology in the administration of their organizations.

Congress also recognized the power of modern information technology. Continually advancing technology enables the collection and aggregation of large quantities of data in any desired format or structure; subjects these data to endless permutations of sorting, filtering, and analysis; and the instantaneously widely distributes the raw data or analysis results – all without significant human thought. Hence, the need to protect the privacy and security of patient health information is unquestionable.

The Security and Electronic Signature Standard (“Security”) and the Privacy of Individually Identifiable Health Information Standard (“Privacy”) comprise a team of regulations intended to protect patient health information. Privacy defines the permissible means of access, use, and disclosure of the applicable patient information, while Security governs the operational, physical, and technical mechanisms necessary to protect this information.

Standards for Privacy of Individually Identifiable Health Information

The Privacy rule is intended to prevent the unreasonable offense against patient’s interest in restricting unnecessary knowledge or dissemination of personal information provided or accumulated to assist in their diagnosis or treatment. The specific requirements restrict access, use, or disclosure of personal patient information to those legitimately involved in the patient’s treatment, the healthcare facility’s required operations, and billing for the treatment.

Security and Electronic Signature Standards

The Security rule is intended to ensure that organizations that hold personal patient information provide operational, physical, and technical protections to support privacy restrictions. That is, the organization must create a comprehensive system of operational, physical, and technical protections to prevent unintended access, use, and disclosure of protected information. Security refers to protections at three levels:

  • Confidentiality – Protection of entrusted information from unauthorized use, access, or disclosure;

  • Integrity – Preservation of the specific nature, character, and content of the information; and

  • Availability – Ability to access, use, or disclose information as intended in an effective and efficient time, place, and manner.