Regulatory Context for Radiology

Radiology practice in the United States operates within a layered framework of federal and state regulations governing radiation safety, equipment standards, practitioner credentialing, reimbursement, and patient privacy. These obligations originate from multiple independent agencies with overlapping but distinct jurisdictions. Understanding where each authority begins and ends is essential for facilities, radiologists, and technologists managing compliance across imaging departments. The full scope of this framework extends from constitutional licensing powers held by states to federal programs that condition Medicare reimbursement on meeting specific quality standards.

Compliance Obligations

Radiology facilities and practitioners face compliance requirements across at least five distinct regulatory domains.

1. Radiation Protection and Equipment Standards — The Nuclear Regulatory Commission (NRC) governs the possession and use of radioactive materials, including radionuclides used in nuclear medicine and PET imaging. Agreement States — 39 states as of the NRC's published list — have assumed NRC authority under Section 274b of the Atomic Energy Act and enforce equivalent radiation control programs independently. Non-ionizing radiation equipment such as MRI is not under NRC jurisdiction; it falls under the Food and Drug Administration's Center for Devices and Radiological Health (CDRH), which regulates diagnostic imaging devices under 21 CFR Part 892.

2. Facility Accreditation and CMS Conditions — The Centers for Medicare & Medicaid Services (CMS) requires advanced diagnostic imaging suppliers billing Medicare to obtain accreditation from a CMS-approved accrediting organization, a mandate established under the Medicare Improvements for Patients and Providers Act of 2008 (MIPPA). The American College of Radiology (ACR), the Intersocietal Accreditation Commission (IAC), and The Joint Commission are the three primary approved bodies. Accreditation covers equipment performance, personnel qualifications, and quality control protocols.

3. Mammography-Specific Compliance — Mammography facilities must comply with the Mammography Quality Standards Act (MQSA), enforced by the FDA. MQSA mandates annual inspections, equipment certification, and specific credentialing requirements for interpreting physicians, radiologic technologists, and medical physicists.

4. Patient Privacy — The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules (45 CFR Parts 160 and 164) apply directly to radiology departments as covered entities or business associates. Imaging records, reports, and DICOM files constitute protected health information (PHI) subject to minimum necessary access controls and breach notification requirements.

5. State Licensure and Scope of Practice — Each state independently licenses radiologic technologists and defines scope of practice. 38 states have enacted legislation specifically requiring licensure of radiologic technologists, though requirements vary substantially.

Exemptions and Carve-Outs

Not all imaging activity falls under the full weight of this regulatory structure. Chiropractic and podiatric offices operating plain radiography equipment in states without comprehensive radiation control programs may operate under lighter inspection regimes. Veterinary imaging facilities are excluded from MQSA and most human-health imaging standards, though state veterinary boards may impose equipment rules.

Research imaging conducted under an Institutional Review Board (IRB)-approved protocol and funded without Medicare billing can avoid certain MIPPA accreditation requirements, though radiation safety obligations remain in force. Under 21 CFR 361.1, radioactive drugs used in research at tracer doses may proceed without a full New Drug Application, a pathway frequently used in academic PET research.

Low-dose ionizing radiation devices — including some dental cone beam computed tomography units — occupy a gray zone in state radiation control programs where inspection frequency and dose reporting requirements differ from standards applied to hospital-grade CT equipment.

Where Gaps in Authority Exist

The regulatory framework contains documented coordination gaps. Artificial intelligence software used for image analysis, including products marketed as computer-aided detection (CAD) tools or automated triage algorithms, is regulated by the FDA as a medical device, but the pace of 510(k) clearances for AI imaging tools has generated debate about whether pre-market review adequately captures post-deployment performance drift. The FDA's Digital Health Center of Excellence has published discussion documents on this gap without resolving it through binding rulemaking.

Teleradiology — the remote interpretation of images across state lines — exposes a jurisdictional seam. CMS sets reimbursement conditions, but physician licensure remains a state power. A radiologist licensed in one state interpreting images from a facility in another state may technically require licensure in both states, yet enforcement has been inconsistent. The Interstate Medical Licensure Compact (IMLC), which covered 39 member states and jurisdictions as of its published roster, provides an expedited pathway but does not eliminate the underlying dual-licensure obligation.

Contrast agent adverse event reporting operates through the FDA's MedWatch program, but under-reporting in radiology has been documented in published literature, partly because MQSA and CMS accreditation standards do not mandate facility-level contrast reaction tracking in the same granular way that adverse drug event programs do in pharmacy settings.

How the Regulatory Landscape Has Shifted

The most consequential structural shift in radiology regulation since 2005 has been the move toward mandatory accreditation as a condition of Medicare payment, established by MIPPA. Before MIPPA, accreditation was voluntary for most outpatient imaging suppliers. The law created a payment differential that effectively compelled participation.

The FDA's 2023 update to mammography regulations under MQSA — the first comprehensive revision since 1999 — expanded reporting requirements to include breast density information directly in lay-language summaries sent to patients. Facilities had until September 10, 2024 to comply with the density notification provisions, per the FDA's published implementation timeline.

Radiation dose management has moved from voluntary best practice toward structured documentation. The Joint Commission incorporated diagnostic imaging standards into its hospital accreditation program in 2015, including requirements tied to CT dose monitoring. CMS has separately proposed imaging appropriateness criteria through the Protecting Access to Medicare Act of 2014 (PAMA), which mandated consultation with clinical decision support tools before ordering advanced imaging — a program that moved through multiple delayed implementation cycles before limited application.

For a broader orientation to the field that underlies these regulatory obligations, the Radiology Authority home page provides structured access to topics spanning imaging modalities, safety, and clinical applications.

References

• Nuclear Regulatory Commission — Agreement State Program
• FDA Center for Devices and Radiological Health — Mammography Quality Standards Act
• FDA — 21 CFR Part 892: Radiology Devices
• CMS — Advanced Diagnostic Imaging Accreditation (MIPPA)
• HHS — HIPAA Security Rule, 45 CFR Parts 160 and 164
• Interstate Medical Licensure Compact
• The Joint Commission — Diagnostic Imaging Standards
• FDA — Mammography Final Rule 2023

The law belongs to the people. Georgia v. Public.Resource.Org, 590 U.S. (2020)