|
Charles et al.:
Funny you should raise this issue in light of the terse cover page story in
this morning's Wall Street Journal entitled, "Hospitals Try Extreme Measures to
Collect Their Overdue Debts." Maybe worth a read if your blood pressure is
lower than you'd like this a.m.
Your issue underscores the intersection of the federal Fair Debt Collection
Practices Act ("FDCPA"), the Fair Credit Reporting Act ("FCRA"), and
HIPAA. A quick trek to the preamble of the HIPAA privacy rule and its
modifications reveals that the Office for Civil Rights has indicated in no
uncertain terms (despite what the so called "credit repair" websites reveal)
that debt collections, locational activities (skip tracing), and credit
reporting consistent with the FCRA (which data elements HIPAA tracks in
describing what can be credit reported) all fall within the "P" in TPO
(treatment, payment and health care operations) -- whether undertaken directly
by a covered entity or by its collection agency business associate. OCR's
position on this is also in a number of the FAQs on their website.
Marcallee is correct - if a debtor contacts a credit reporting agency
("CRA") and states that they dispute a debt reported either by a healthcare
provider or its collection agency because it has been paid, the CRA must, under
the FCRA, have the data furnisher ("data furnisher" is either the provider or
collection agency who reported the delinquent account to the CRA), research it
and respond within thirty (30) days (15 U.S.C. Section 1681i). The CRA
must also mark the account as "disputed" on any credit reports released before
the verification is complete. If the CRA makes a business decision not to
investigate the consumer's dispute, or alternatively investigates but the "data
furnisher" does not respond, the CRA must remove the reported delinquency from
the patient's credit report within that same 30 day period. Section 611 of
the FCRA (15 U.S.C. Section 1681i) is rather detailed on the specifics of how
information is to flow in response to a consumer's dispute. Of course if
the CRA determines that the dispute is frivolous or irrelevant it need not
undertake an investigation. A data furnisher has an obligation under the
FCRA to furnish accurate and complete information as well as to correct and
update information from time to time as new information becomes available to it
(certainly such as payment in full of a delinquent account). See, FCRA at
Section 623.
The use and disclosure of "payment" information between CRA, provider,
collection agency, and debtor/patient is potentially governed by each of these
three federal consumer information protection oriented laws (i.e., FDCPA, FCRA,
and HIPAA -- as well as potentially Section 5 of the Federal Trade Commission
Act) -- in fact it may be mandated. If a CRA received a consumer dispute,
contacted a hospital or collection agency for verification, and the hospital or
collection agency refused to respond (remember that 164.512(a) "permits" a
covered entity to make "disclosures required by law" -- but HIPAA itself
would not mandate the disclosure) - the refusal would be at odds with their
legal requirement under the FCRA to report accurate and complete
information.
It would not seem then that Judith's debtor or the credit repair helpsite
are accurately interpreting HIPAA -- or the FCRA. HIPAA does not require a
hospital to obtain a debtor's written permission to use a business associate to
either credit report, skiptrace, or collect his/her delinquent account -- or
even to handle insurance billing and follow up on his/her account. A quick
word of caution, if upon admission a patient seeks to "opt out" and restrict
communications about his/her PHI to anyone but for a specified list of people
and a provider agrees to that -- under those very limited circumstances a
debtor/patient may indeed have somewhat of an argument that his HIPAA rights
were violated when he is turned over to a collection agency if the provider
agreed to harsh restrictions on communications per that patient's request.
Leslie
Leslie Bender
roiWebEd Company
[EMAIL PROTECTED] --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org |
- Collection Accts. Charles Whitaker
- Re: Collection Accts. B BURGESS
- RE: Collection Accts. Marcallee Jackson
- RE: Collection Accts. Bentz-Miller, Judith
- Re: Collection Accts. Lbender
- Re: Collection Accts. Doug Webb
- Re: Collection Accts. Share HIPAA
- RE: Collection Accts. Wellons, David L
- Re: Collection Accts. Doug Webb
- RE: Collection Accts. Rachel Foerster
- RE: Collection Accts. Bentz-Miller, Judith
- RE: Collection Accts. Wellons, David L
- RE: Collection Accts. Bentz-Miller, Judith
- Re: Collection Accts. Charles Whitaker
