Re: Collection Accts.
Thisprobably overlaps the wedi-transactions workgroup, but I think that the Wall Street Journalmay beon to something here. If the nation-wide mandate to implement standard transactions October 16, 2003 does disrupt cash flow thenefforts to collect on existing accounts receivables may be increased (dramatically? dependsif there is disruption, and if so, how much disruption). I remember seeing "Top 10 Questions to Ask About HIPAA Transactions" about two years ago.A comment at the bottom of this list (actually three lists, one for questions to ask payers, one for questions to ask providers, and one for questions to ask clearinghouses) caught my attention. The person who had collected all the questions and organized them stated that there was a recommendation that did not really fit in to any of the catagories but had been mentioned by several payers. This statement was "Providers should use standardization of transactionsto remove bad accounts receivables from their books." So I am wondering.is there any significant disruption of cash flow happening post October 16, 2003, and if so, will providers put more resources in to trying to collect on their accounts receivables? If so, might this develop into a HIPAA Privacy issue? Regards, ShareHIPAA http://health.groups.yahoo.com/group/ShareHIPAA Lbender [EMAIL PROTECTED] wrote: Charles et al.: Funny you should raise this issue in light of the terse cover page story in this morning's Wall Street Journal entitled, "Hospitals Try Extreme Measures to Collect Their Overdue Debts." Maybe worth a read if your blood pressure is lower than you'd likethis a.m. Do you Yahoo!? Exclusive Video Premiere - Britney Spears --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Collection Accts.
One more though on Leslie's last
paragraph.
Debt collection would not have specifics as
to the treatment, so there should not be any PHI in the issue. Now a
problem could arise, if for example an oncologist is trying to collect a bill
from a guarantor (note I didn't say patient), and someone else sees that
information, they can surmise theguarantor has cancer (apply this to any
other medical situation).
However, in collection activities, they are trying to collect money
from a guarantor, who may or may not be a patient. I don't see where the
fact you owe a debt to anyone BESIDES a healthcare provider would be treated one
way, and the collection for a health provider would be handled differently (or
not permitted). Too many scoundrels will hide behind that loophole.
So, the question/point is -
Collection activities are between creditor and guarantor. HIPAA therefore
shouldn't apply. One cannot accurately assume the guarantor is the
patient. And except for (possibly) the fact thatthe name of the
service provider MAY indicate the type of diagnosis the patient had, there is
not necessarily a direct correlation. Following the original logic, if I
were involved in a parking lot auto accident at a physician office, the police
report could not be made public under HIPAA since it may indicate that I have a
certain medical condition.
-Original Message-From: Doug Webb
[mailto:[EMAIL PROTECTED]Sent: Thursday, October 30, 2003 11:27
AMTo: WEDI SNIP Privacy Workgroup ListSubject: Re:
Collection Accts.
Leslie,
Thank you for a timely and
well-written analysis.
So many bad things happen when
HIPAA is mis-read to restrict information exchange it really isn't
restrict.
The "may" in the regulations
also opens a can of worms, but it has to be emphasized that if the release that
HIPAA says may happen is denied, HIPAA cannot be used as an excuse for the
denial. The denial is either based on the prohibitions of some
other law, or the CE's paranoia.
The opinions expressed here are my own and not
necessarily the opinion of LCMH.
Douglas M. WebbComputer System EngineerLittle
Company of Mary Hospital Health Care Centers[EMAIL PROTECTED]
"This electronic message may contain information that
is confidential and/or legally privileged. It is intended only for the use of
the individual(s) and entity(s) named as recipients in the message. If you
are not an intended recipient of the message, please notify the sender
immediately, delete the material from any computer, do not deliver,
distribute, or copy this message, and do not disclose its contents or take
action in reliance on the information it contains. Thank you."
- Original Message -
From:
Lbender
To: WEDI SNIP Privacy Workgroup List
Cc: B BURGESS ; [EMAIL PROTECTED]
Sent: Thursday, October 30, 2003 10:06
AM
Subject: Re: Collection Accts.
Charles et al.:
Funny you should raise this issue in light of the terse cover page story
in this morning's Wall Street Journal entitled, "Hospitals Try Extreme
Measures to Collect Their Overdue Debts." Maybe worth a read if your
blood pressure is lower than you'd likethis a.m.
Your issue underscores the intersection of the federal Fair Debt
Collection Practices Act ("FDCPA"), the Fair Credit Reporting Act ("FCRA"),
and HIPAA. A quick trek to the preamble of the HIPAA privacy rule
and its modifications reveals that the Office for Civil Rights has indicated
in no uncertain terms (despite what the so called "credit repair" websites
reveal) that debt collections, locational activities (skip tracing), and
credit reporting consistent with the FCRA (which data elements HIPAA tracks in
describing what can be credit reported) all fall within the "P" in TPO
(treatment, payment and health care operations) -- whether undertaken directly
by a covered entity or by its collection agency business associate.
OCR's position on this is also in a number of the FAQs on their website.
Marcallee is correct - if a debtor contacts a credit reporting agency
("CRA") and states that they dispute a debt reported either by a healthcare
provider or its collection agency because it has been paid, the CRA must,
under the FCRA, have the data furnisher ("data furnisher" is either the
provider or collection agency who reported the delinquent account to the CRA),
research it and respond within thirty (30) days (15 U.S.C. Section
1681i). The CRA must also mark the account as "disputed" on any credit
reports released before the verification is complete. If the CRA makes a
business decision not to investigate the consumer's dispute, or alternatively
investigates but the "data furnisher" does not respond, the CRA must remove
the reported delinquency from the patient's credit report within that s
RE: Collection Accts.
Actually, if the patient requests non-release of PHI to the provider for its own TPO then the provider is well within its rights to determine how it will be paid for the services to be rendered. If the patient cannot provide adequate assurance to the provider that it will be paid for services rendered such that there would not be any disclosure of PHI in order to collect payment, the provider is not obligated to treatunless there might be an EMTALA issue. Rachel Rachel Foerster Rachel Foerster Associates, Ltd. Voice: 847-872-8070 email: [EMAIL PROTECTED] -Original Message- From: Wellons, David L [mailto:[EMAIL PROTECTED] Sent: Thursday, October 30, 2003 4:19 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: Collection Accts. then all I as a scoundrel patient need to do (particularly if self pay) is to request non-release of information without my permission and then just refuse to pay my bill. Sounds like the provider's only recourse would be to contact me directly - use of a collection agency would violate HIPAA since I haven't given my permission, as would posting a bad debt on my credit record. Sounds like a winner to me! As to my example about the parking lot accident - agreed that police are not HIPAA bound, but with the DOJ conclusion that anyone (not just CEs) who release PHI can be prosecuted (q.e.d.), it makes sense should they list my name and the physician office name publicly, someone could 'interpret' HIPAA as being applicable. (I know this won't happen, but just saying that under the current interpretations I've seen in these threads, there is merit to the example). Also, the issue of the CA having a BAA with the CE and thus can use PHI. From other threads (the one about overseas transcriptions), someone said that HIPAA only applies to CEs, and that if BAAs are used, the non-CE who gets the data is not bound by HIPAA, their only exposure would be breach of contract issues with the CE. As the CA and CRAs are not CEs, then any collection data they have, even the PHI you list (name, amount) is not covered under HIPAA once they have it in their hands (EVEN with BAAs in place). While this may be circular logic, that is what I come up with when combining a couple of issues into one. Don't read my comments as argumentative, not meant that way, just a bit frustrated that even professional (as you and the others are) who are well-versed as anyone in HIPAA can't seem to find common agreement on some key points. Not your fault, just the way it was all written. The views expressed are mine personally and do not necessarily represent the views of my employer. -Original Message- From: Sherriann Hamilton [mailto:[EMAIL PROTECTED] Sent: Thursday, October 30, 2003 4:13 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: Collection Accts. David ~ PHI includes much more information than just specifics as to the treatment - it also includes information that Relates to ... the past, present, or future payment for the provision of health care to an individual... So, a name, an amount, and the creditor/provider/CE = PHI; and I would assume that debt collection would involve at least that much information. The reason that collection by, or on behalf of, a creditor/provider/CE is (potentially) handled differently is that the creditor/provider/CE is bound by HIPAA and the debt information is PHI. The creditor/provider/CE would need to have a BA agreement with the collection agency so that the CA can use/disclose the PHI on behalf of the creditor/provider/CE. The BA's disclosure of the information to the CRA is permitted because it's related to payment. As for the auto accident in the parking lot of the physician's office... the police are not bound by HIPAA. I don't know the rules about police reports being made public, but if they can't be made public... it's not because of HIPAA. Just my 2c. Sherriann Hamilton, Privacy Officer/Training Director The Christian Church Homes of KY 12700 Shelbyville Road, Ste. 1000 Louisville, KY 40243 (502) 254-4254 - phone (502) 396-4217 - cell (502) 254-5117 - fax Please check out our web site at www.cchk.org -Original Message- From: Wellons, David L [mailto:[EMAIL PROTECTED] Sent: Thursday, October 30, 2003 2:06 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: Collection Accts. One more though on Leslie's last paragraph. Debt collection would not have specifics as to the treatment, so there should not be any PHI in the issue. Now a problem could arise, if for example an oncologist is trying to collect a bill from a guarantor (note I didn't say patient), and someone else sees that information, they can surmise the guarantor has cancer (apply this to any other medical situation). However, in collection activities, they are trying to collect money from a guarantor, who may or may not be a patient. I don't see where the fact you owe a debt to anyone BESIDES a healthcare provider would be treated
