Does the HIPAA Privacy Rule prevent health plans and providers from using debt collection agencies? Does the Privacy Rule conflict with the Fair Debt Collection Practices Act?
The Privacy Rule permits covered entities to continue to use the services of debt collection agencies. Debt collection is recognized as a payment activity within the “payment” definition. See the definition of “payment” at 45 CFR 164.501. Through a business associate arrangement, the covered entity may engage a debt collection agency to perform this function on its behalf. Disclosures to collection agencies are governed by other provisions of the Privacy Rule, such as the business associate and minimum necessary requirements. The Department is not aware of any conflict between the Privacy Rule and the Fair Debt Collection Practices Act. Where a use or disclosure of protected health information is necessary for the covered entity to fulfill a legal duty, the Privacy Rule would permit such use or disclosure as required by law.
Related Questions
- Does the HIPAA Privacy Rule prevent health plans and providers from using debt collection agencies? Does the Privacy Rule conflict with the Fair Debt Collection Practices Act?
- Does the HIPAA Privacy Rule prevent reporting to consumer credit reporting agencies or otherwise create any conflict with the Fair Credit Reporting Act (FCRA)?
- Does the HIPAA Privacy Rule permit a covered entity or its collection agency to communicate with parties other than the patient regarding payment of a bill?
