View the IHE-RO Flyer
Integrated with MOSAIQ radiation oncology is the MOSAIQ image-enabled electronic medical record (EMR), which supports the entire cancer care team by uniting diverse systems and devices. The ‘Integrating the Healthcare Environment for Radiation Oncology’ (IHE-RO) initiative seeks to improve the practice of radiation oncology through a standardized exchange of information. Working through the IHE-RO, Elekta Software leads the way in promoting open systems standards, leveling the interoperability playing field and affording vendors greater latitude to focus on maximizing efficiency and achieving high patient throughput.
The Health Insurance Portability and Accountability Act (HIPAA) affects every facet of the healthcare industry. HIPAA is intended to facilitate the most efficient and effective use of modern communication technology to reduce the immense cost of administrative overhead in the healthcare industry, while ensuring that the confidentiality, integrity, and availability of patient information is not unduly compromised. While no software application vendor can render your facility ‘HIPAA-compliant’ simply by using their product, we can provide products and services that make it easier for you, our valued customer, to meet your compliance requirements.
Elekta Software has provided customers with practical solutions that efficiently manage the process of delivering care. Elekta Software stands side-by-side with you to assist you in maintaining a high level of quality care.
Elekta is busy keeping pace with legislative developments so that our products continue to offer you the functionality you require.
Elekta Region North America
For more information about Elekta Region North America HIPAA efforts, HIPAA, Privacy or Security, please contact:
Data Privacy Officer Americas
400 Perimeter Center Terrace, Suite 50
Atlanta, GA 30346, United States
+1 (770) 670 2359
For more information about Elekta Software’s HIPAA efforts, HIPAA, Privacy or Security, please contact:
Global Data Protection Officer
Elekta Instruments AB Stockholm
P.O. Box 7593
SE-103 93 Stockholm
The Health Insurance Portability and Accountability Act (HIPAA) was created to satisfy three objectives:
Administrative Simplification began as President George Bush, Sr. assembled a group of healthcare industry leaders to discuss the reduction of healthcare administration costs; increased electronic data interchange (EDI) was the overwhelming answer. Faced with resistance in Congress, the Act only passed with extensive industry support.
The Department of Health and Human Services (DHHS) defines the purposes of the Administrative Simplification rule thusly:
[65 Fed. Reg. 82463 (December 28, 2000)]
The Standards for Electronic Transactions and Code Sets
The cost of administration in the healthcare industry is very high. Providers, insurers, health plans, and others have utilized many different electronic data formats and transmission requirements. This complex web of data interchange has resulted in delays, confusing rejections, bureaucratic authorization processes, and low levels of remittance. The creation of national conformance standards covering the most routine electronic transmissions has the potential of reducing the resources – financial, time, and human – necessary to do business in the healthcare industry, as well as enhance the effectiveness of the intended transactions. The Standards for Electronic Transactions regulation has established mandatory transaction and coding requirements for defined electronic transactions. Providers are able to submit standard transactions to health plans and payers that have to accept them. Hence, electronic data interchange enables healthcare facilities to pursue the most effective and efficient use of modern information technology in the administration of their organizations.
Congress also recognized the power of modern information technology. Continually advancing technology enables the collection and aggregation of large quantities of data in any desired format or structure; subjects these data to endless permutations of sorting, filtering, and analysis; and the instantaneously widely distributes the raw data or analysis results – all without significant human thought. Hence, the need to protect the privacy and security of patient health information is unquestionable.
The Security and Electronic Signature Standard (“Security”) and the Privacy of Individually Identifiable Health Information Standard (“Privacy”) comprise a team of regulations intended to protect patient health information. Privacy defines the permissible means of access, use, and disclosure of the applicable patient information, while Security governs the operational, physical, and technical mechanisms necessary to protect this information.
Standards for Privacy of Individually Identifiable Health Information
The Privacy rule is intended to prevent the unreasonable offense against patient’s interest in restricting unnecessary knowledge or dissemination of personal information provided or accumulated to assist in their diagnosis or treatment. The specific requirements restrict access, use, or disclosure of personal patient information to those legitimately involved in the patient’s treatment, the healthcare facility’s required operations, and billing for the treatment.
Security and Electronic Signature Standards
The Security rule is intended to ensure that organizations that hold personal patient information provide operational, physical, and technical protections to support privacy restrictions. That is, the organization must create a comprehensive system of operational, physical, and technical protections to prevent unintended access, use, and disclosure of protected information. Security refers to protections at three levels:
Confidentiality – Protection of entrusted information from unauthorized use, access, or disclosure;
Integrity – Preservation of the specific nature, character, and content of the information; and
Availability – Ability to access, use, or disclose information as intended in an effective and efficient time, place, and manner.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice of Privacy Practices (the "Notice") is required by law under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and the Health Information Technology for Economic and Clinical Health Act ("HITECH Act"). This Notice describes the legal obligations of the Elekta, Inc. Health & Welfare Plan (the "Plan"), as well as your legal rights regarding your Protected Health Information ("PHI") held by the Plan.
This Notice is intended to inform you of the privacy practices followed by the health plan options under the Plan. It also explains the Federal privacy rights afforded to you and the members of your family as Plan Participants covered under the Plan regarding your Protected Health Information ("PHI").
PHI includes all "individually identifiable health information" held or transmitted by the Plan or its business associate, in any form or media, whether electronic, paper, or oral. "Individually identifiable health information" is information collected from you or created or received by a health care provider, the Plan, the Plan sponsor, or a business associate, including the third-party administrator for the Plan, that relates to:
and that identifies you or for which there is a reasonable basis to believe it can be used to identify you. Individually identifiable health information includes, for example, your name, address, birth date, and Social Security Number. PHI does not include employment records that Elekta Inc. may maintain in its role as an employer.
The Plan is part of an organized health care arrangement under the HIPAA Privacy Rule. It is important to note that this Notice applies primarily to the self-insured medical and prescription drug, employee assistance, and health care flexible spending account offered as part of the Plan. As applicable, the Plan and the insurers participating in the organized health care arrangement will share PHI with each other as necessary to carry out treatment, payment, or health care operations relating to the organized health care arrangement. The insurers are separate covered entities under HIPAA and if you are enrolled in an insured health plan, the applicable insurer will provide you with a separate notice describing the insurer’s own privacy practices. The Plan is a hybrid entity under the HIPAA Privacy Rule that includes health care components subject to HIPAA and non-health care components that are not subject to HIPAA. This Notice applies only to the health care components subject to HIPAA.
As a plan sponsor, Elekta, Inc. often needs access to health information in order to perform Plan Administrator functions. While this Notice does not apply to Elekta, Inc. as the plan sponsor, Elekta, Inc. wants to assure the Plan Participants that the Plan complies with Federal privacy laws and respects your right to privacy. The Plan is required by law to:
The Plan requires all members of our workforce and business associates that are provided access to health information to comply with the privacy practices outlined below. For purposes of this Notice, any reference to "the Plan" includes our business associates. The Plan will not use or share your PHI other than as described in this Notice unless you tell us it can in writing.
This section describes the different ways that the Plan is legally allowed or required to use and disclose your PHI without your prior written authorization.
The following categories describe ways that the Plan may use and disclose your PHI after you have been informed in advance of such use or disclosure and have had the opportunity to agree or object. If you are not available to give your permission, the Plan may generally share your PHI if it is in your best interests.
The following categories describe ways that the Plan may use and disclose your PHI only after receiving your written authorization:
If you choose to sign an authorization to disclose information, you can later revoke that authorization to cease any future uses or disclosures.
You have the following rights regarding the protected health information that the Plan maintains about you:
The Plan may change our policies at any time. Before the Plan makes a significant change in our privacy policies, the Plan will provide you with a revised copy of this notice. You can also request a copy of our current notice at any time. For more information about our privacy practices, contact the person listed below:
HR Administration Manager
400 Perimeter Center Terrace, Suite 50
Atlanta, GA 30346
If you have any questions or complaints, please contact the Plan Administrator.
Effective Date of this revised Notice is: 07/26/2021