|
One more though on Leslie's last
paragraph.
Debt collection would not have specifics as
to the treatment, so there should not be any PHI in the issue. Now a
problem could arise, if for example an oncologist is trying to collect a bill
from a guarantor (note I didn't say patient), and someone else sees that
information, they can surmise the guarantor has cancer (apply this to any
other medical situation).
However, in collection activities, they are trying to collect money
from a guarantor, who may or may not be a patient. I don't see where the
fact you owe a debt to anyone BESIDES a healthcare provider would be treated one
way, and the collection for a health provider would be handled differently (or
not permitted). Too many scoundrels will hide behind that loophole.
So, the question/point is -
Collection activities are between creditor and guarantor. HIPAA therefore
shouldn't apply. One cannot accurately assume the guarantor is the
patient. And except for (possibly) the fact that the name of the
service provider MAY indicate the type of diagnosis the patient had, there is
not necessarily a direct correlation. Following the original logic, if I
were involved in a parking lot auto accident at a physician office, the police
report could not be made public under HIPAA since it may indicate that I have a
certain medical condition.
Leslie,
Thank you for a timely and
well-written analysis.
So many bad things happen when
HIPAA is mis-read to restrict information exchange it really isn't
restrict.
The "may" in the regulations
also opens a can of worms, but it has to be emphasized that if the release that
HIPAA says may happen is denied, HIPAA cannot be used as an excuse for the
denial. The denial is either based on the prohibitions of some
other law, or the CE's paranoia.
The opinions expressed here are my own and not
necessarily the opinion of LCMH.
Douglas M. Webb
Computer System Engineer
Little
Company of Mary Hospital & Health Care Centers
[EMAIL PROTECTED]
"This electronic message may contain information that
is confidential and/or legally privileged. It is intended only for the use of
the individual(s) and entity(s) named as recipients in the message. If you
are not an intended recipient of the message, please notify the sender
immediately, delete the material from any computer, do not deliver,
distribute, or copy this message, and do not disclose its contents or take
action in reliance on the information it contains. Thank you."
----- Original Message -----
Sent: Thursday, October 30, 2003 10:06
AM
Subject: Re: Collection Accts.
Charles et al.:
Funny you should raise this issue in light of the terse cover page story
in this morning's Wall Street Journal entitled, "Hospitals Try Extreme
Measures to Collect Their Overdue Debts." Maybe worth a read if your
blood pressure is lower than you'd like this a.m.
Your issue underscores the intersection of the federal Fair Debt
Collection Practices Act ("FDCPA"), the Fair Credit Reporting Act ("FCRA"),
and HIPAA. A quick trek to the preamble of the HIPAA privacy rule
and its modifications reveals that the Office for Civil Rights has indicated
in no uncertain terms (despite what the so called "credit repair" websites
reveal) that debt collections, locational activities (skip tracing), and
credit reporting consistent with the FCRA (which data elements HIPAA tracks in
describing what can be credit reported) all fall within the "P" in TPO
(treatment, payment and health care operations) -- whether undertaken directly
by a covered entity or by its collection agency business associate.
OCR's position on this is also in a number of the FAQs on their website.
Marcallee is correct - if a debtor contacts a credit reporting agency
("CRA") and states that they dispute a debt reported either by a healthcare
provider or its collection agency because it has been paid, the CRA must,
under the FCRA, have the data furnisher ("data furnisher" is either the
provider or collection agency who reported the delinquent account to the CRA),
research it and respond within thirty (30) days (15 U.S.C. Section
1681i). The CRA must also mark the account as "disputed" on any credit
reports released before the verification is complete. If the CRA makes a
business decision not to investigate the consumer's dispute, or alternatively
investigates but the "data furnisher" does not respond, the CRA must remove
the reported delinquency from the patient's credit report within that same 30
day period. Section 611 of the FCRA (15 U.S.C. Section 1681i) is rather
detailed on the specifics of how information is to flow in response to a
consumer's dispute. Of course if the CRA determines that the dispute is
frivolous or irrelevant it need not undertake an investigation. A data
furnisher has an obligation under the FCRA to furnish accurate and complete
information as well as to correct and update information from time to time as
new information becomes available to it (certainly such as payment in full of
a delinquent account). See, FCRA at Section 623.
The use and disclosure of "payment" information between CRA,
provider, collection agency, and debtor/patient is potentially governed by
each of these three federal consumer information protection oriented laws
(i.e., FDCPA, FCRA, and HIPAA -- as well as potentially Section 5 of the
Federal Trade Commission Act) -- in fact it may be mandated. If a CRA
received a consumer dispute, contacted a hospital or collection agency for
verification, and the hospital or collection agency refused to respond
(remember that 164.512(a) "permits" a covered entity to make "disclosures
required by law" -- but HIPAA itself would not mandate the disclosure) -
the refusal would be at odds with their legal requirement under the FCRA to
report accurate and complete information.
It would not seem then that Judith's debtor or the credit repair helpsite
are accurately interpreting HIPAA -- or the FCRA. HIPAA does not require
a hospital to obtain a debtor's written permission to use a business associate
to either credit report, skiptrace, or collect his/her delinquent account --
or even to handle insurance billing and follow up on his/her account. A
quick word of caution, if upon admission a patient seeks to "opt out" and
restrict communications about his/her PHI to anyone but for a specified list
of people and a provider agrees to that -- under those very limited
circumstances a debtor/patient may indeed have somewhat of an argument that
his HIPAA rights were violated when he is turned over to a collection agency
if the provider agreed to harsh restrictions on communications per that
patient's request.
Leslie
Leslie Bender
----- Original Message -----
Sent: Thursday, October 30, 2003 9:04
AM
Subject: RE: Collection Accts.
A few months ago, I had a patient send
me a certified letter that had much of this exact wording in it. I
complied with the timeframe of the 10 days, but refused his request, sitting
the payment language and the BA information. (He also stated that
using a collection agency could only be done with his written permission,
therefore, we had violated his HIPAA rights.) I have not heard from
him or his attorney again.
If anyone would like to see my response,
email me and I will be happy to forward it (minus the PHI, of
course!!!!)
Judith
Judith Bentz-Miller
Privacy Officer
Arnett Clinic
765-448-8843
![]()
I recently came across some information that some credit repair
websites are giving out in relation to medical collections being reported
to the Credit Reporting Agencies (CRA). If a person disputes a listing on
a credit report, the CRA must request a validation from the Collection
Agency (CA), which must get a validation from the Original Creditor
(Health Care Provider). These credit repair websites are saying that if
the bill is paid in full the Health Care Provider has no "business
purpose" to send the information to the CA (no payment due).
See this Link
Has anyone seen this?
Any thoughts or opinions?
Charles Whitaker HIPAA Coordinator/IT Madison Parish
Hospital Tallulah, LA (318)574-2374 Fax (318)574-2396 [EMAIL PROTECTED]
The WEDI SNIP listserv to which you are subscribed is not
moderated. The discussions on this listserv therefore represent the views
of the individual participants, and do not necessarily represent the views
of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an
official opinion, post your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products
and services. They also are not intended to be used as a forum for
personal disagreements or unprofessional communication at any
time.
You are currently subscribed to wedi-privacy as:
[EMAIL PROTECTED]
To unsubscribe from this list, go to the
Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank
email to [EMAIL PROTECTED]
If you need to
unsubscribe but your current email address is not the same as the address
subscribed to the list, please use the Subscribe/Unsubscribe form at
http://subscribe.wedi.org ---
The WEDI SNIP listserv to
which you are subscribed is not moderated. The discussions on this listserv
therefore represent the views of the individual participants, and do not
necessarily represent the views of the WEDI Board of Directors nor WEDI
SNIP. If you wish to receive an official opinion, post your question to the
WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs
should not be used for commercial marketing purposes or discussion of
specific vendor products and services. They also are not intended to be used
as a forum for personal disagreements or unprofessional communication at any
time.
You are currently subscribed to wedi-privacy as:
[EMAIL PROTECTED]
To unsubscribe from this list, go to the
Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank
email to [EMAIL PROTECTED]
If you need to
unsubscribe but your current email address is not the same as the address
subscribed to the list, please use the Subscribe/Unsubscribe form at
http://subscribe.wedi.org ---
The WEDI SNIP listserv to which
you are subscribed is not moderated. The discussions on this listserv
therefore represent the views of the individual participants, and do not
necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP.
If you wish to receive an official opinion, post your question to the WEDI
SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should
not be used for commercial marketing purposes or discussion of specific vendor
products and services. They also are not intended to be used as a forum for
personal disagreements or unprofessional communication at any time.
You
are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe
from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but
your current email address is not the same as the address subscribed to the
list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
---
The WEDI SNIP listserv to which you are subscribed is not
moderated. The discussions on this listserv therefore represent the views of the
individual participants, and do not necessarily represent the views of the WEDI
Board of Directors nor WEDI SNIP. If you wish to receive an official opinion,
post your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and
services. They also are not intended to be used as a forum for personal
disagreements or unprofessional communication at any time.
You are
currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To
unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but
your current email address is not the same as the address subscribed to the
list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.
You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
*****
"The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers.60"
|
