Many members and their business staffs have read and heard much about HIPAA. But what is HIPAA, what does it mean for radiology, radiation oncology and medical physics, and how can practices comply with it? The Health Insurance Portability and Accountability Act of 1996 imposes major compliance obligations on ACR members and their staffs for using and sharing patient health information, and keeping that information secure.


Effective September 23, 2013, ACR members and their practices must comply with the amended HIPAA regulations that govern privacy and security of patient health information.

The U.S Department of Health & Human Services (HHS) recently adopted new rules that change privacy, security and breach notification requirements. These new rules originate from the Government’s revisions to HIPAA under the Health Information Technology for Economic and Clinical Health (HITECH) Act.

All covered physician practices must update their HIPAA policies and procedures and otherwise implement the required changes by the September 23, 2013 enforcement date. ACR members likely will have to revise their Business Associate Agreements (BAAs) and their Notices of Privacy Practices (NPPs). They also should assess how they would handle an actual or potential breach of patient health information


Thanks to our colleagues at the AMA who have developed a new free HIPAA TOOLKIT to help physicians comply with sweeping revisions to the federal privacy and security rules for health information that go into effect on Sept. 23, 2013. You can access it at the following link:

For more information, please refer to the RADLAW column in the April 2013 Bulletin. AMA’s HIPAA Toolkit is another helpful resource, available at