HIPAA and Medical Debt Collection
HIPAA and Medical Debt Collection
UPDATE, AUGUST 2014…. FICO 9 will not count paid medical debt against consumer credit scores and unpaid medical debt will do less damage. This major change will affect many people’s credit scores for the better. But many mortgage providers are slow to adopt new changes. Some mortgage providers use old FICO ystems and are 2 FICO scoring models behind. Changes will come first to credit card providers and auto loans. Unfortunately this will take some time.
HIPAA (Health Insurance Portability and Accountability Act) is the federal law that governs your right to privacy concerning medical information. HIPPA’s purpose is to enhance the integrity and confidentiality of Protected Health Information. It weighs in at 20,000 pages and contains very substantial civil and criminal sanctions. It went into effect on September 23, 2013.
With the shift into the use of electronic record keeping containing numerous loopholes for violations it strikes fear into the heart of the medical community. “Cloud ” security alone is a source of nightmares to those who fear running afoul of this law. The HIPAA Final Omnibus Rule of 2013 as it is formally known strikes even more fear into the hearts of the medical debt collection community. As if that title alone isn’t intimidating enough it’s full title is the HIPAA/HITECH/OMNIBUS RULE. HITECH stands for “Health Information Technology for Economic and Clinical Health“.
Medical Debt Collection Represents 47 per cent of Debt Collection Activity
How does a debt collector not violate your privacy when reporting it to the credit bureaus for all to see? You see where I’m going with this don’t you? How are they going to verify the bill without violating your privacy when you object to its accuracy? If you look at any report from a credit reporting agency you will see a reference to how this can become a problem to the bill collector and to the credit reporting agency. For example the Experian Dispute Summary in front of me has the following statement in a column on the side of page 1:
“By law, we cannot disclose certain medical information (relating to physical, mental or behavioral health or condition). Although we do not generally collect such information, it could appear in the name of a data furnisher (i.e. “Cancer Center”) that reports your payment history to us. If so, those names display on your report, but on reports to others they display only as Medical Payment Data.”
HIPAA penalties are designed to have teeth. Violations for Gain, Profit or to cause Harm carry a potential $250,000.00 Fine and/or 10 Years Imprisonment. Lesser violations carry proportional punishments.
The basic thrust is that any Healthcare provider or business associate must be HIPAA-compliant. They can be required to show due diligence with HIPAA compliance in their attempts to comply. Can there be any question that a person or company attempting a medical debt collection qualifies as a business associate of the health care provider? Much care must be exercised in litigation to collect these bills and remain HIPAA compliant at the same time. The potential for violations is very high. Any laptop hard drive that’s left in a car while shopping can cause a wave of violations. Memory sticks are constantly lost. Cell phone records can be a huge source of problems. Information must be rendered unusable, unreadable, indecipherable. Firewalls are insufficient.
An industry of very expensive experts is growing to help the medical community comply with this complex web of rules. Hundreds of webinars are being offered by Security companies hungry for a piece of this expanding pie. All protected health information (PHI) needs required physical, network and process security measures to be in place. This means business phone and fax service, call center systems, emails, online storage vendors, cloud service systems and on and on.
Auditing Visits From Regulators Expected to Increase This Year
The effectiveness of any law depends on the effectiveness with which it is enforced. With this in mind Federal regulators are expecting a banner year ahead. Policies covering use and disclosure, encryption/pass codes breach, notification, compliance, management will be scrutinized
And the Credit Repair Takeaway is….
Make the alleged creditor prove you owe that bill. Throw HIPAA right in their face. You think anyone wants HIPAA trouble? Do you think your bill is worth the chance that a HIPAA complaint by you to the Federal Consumer Protection Bureau will open up a giant expensive can of worms with the Feds? Be creative. Let the medical debt collection agent know you have nothing to lose by going down the HIPAA road. You may find out that the tune will change and you can get the medical debt collection deleted or at least make a favorable settlement if you set it up right. Let them know you are not bluffing. The CFPB did an exhaustive study of 5 million files between 2011-2013 that proved medical debt pushes credit scores down by about 10 points unfairly. People with medical debt on average paid their bills on a par with people whose credit scores were 10 points higher!