states this: "Your furnishing of my account information to (collection agency name), is not in compliance with HIPAA,or (name of your State}'s Privacy Act, and any subsequent reporting of this account on my credit reports to (credit reporting bureaus) is a clear violation of Public Law 104-191 ("HIPAA") since there can be no permissible business purpose in divulging protected health information to anyone on an account once there is no longer any payment due."

The OC sent me a letter that states they can report it.

What have you sent to the CRA's, OC, OCR or FTC at this point prior to receiving the OC letter?

http://creditboards.com/forums/index.php?showtopic=141352

the OC is correct...

the law does NOT say that a doctor can't share information...it says that they CAN share information with CAs or other business partners for collection purposes

I have done everything there. I just need the law that says about the paid account and reporting on

"there can be no permissible business purpose in divulging protected health information to anyone on an account once there is no longer any payment due"

I have followed WhyChats process exactly. The paid account came off of 2 of the CRA's, they will not budge on TU.

Same here, except that they have now reported to EX. Previously it was only reported on EQ. Sounds like I have opened a can of worms. Actually, I have read "HIPAA" & can't seem to find any legally enforceable provisions. Is this process just a bluff or is it actually in the law?

The way I understand HIPPA is there is no civil remedies for the consumer, but there are remedies for the Feds.

Me also. I just need the exact law that shows the wording where they can't place it on your credit report if it is already paid. I have searched and searched and can't find it. I just need some ammo (law) to fire back at them on their letter they sent to me.

You alluded to having done everything.What exactly does that include? Everything means you send the courtesy letter and then you filed the complaint with the OCR. Did you do all that including the complaint, what were the responses besides they can report it?

Have you read the WHOLE program, including the link to the legal basis for the program.Since Whychat designed the HIPAA Letter Process and you have a question pertaining to the EXACT Law, you should wait till until he gets back from vacation somewhere around 3/15 or so(according to his post) and bump the thread.

Yes, I sent the courtesy letter and also filed the complaint with the OCR back in November of last year. The OCR sent me a letter back in asking if they could use my name on the complaint when they contacted the hospital. I sent the form that they sent me back the next day saying it was ok to use my name. I have yet to hear back from them. The first response I received from the hospital was that they would change the account as paid on my credit report. I sent them the courtesy letter prior to sending the complaint to the OCR and they took it off of Equifax and Experian but it remains on TU. Since I never heard back from the OCR after the complaint and since it was still showing on TU, I wrote the hospital another letter to take it off of TU. Thats when they stated that they could report it. Thats why I need the exact law that states about reporting a paid account so I can write them another letter back stating it. Whychat's method works, but I don't know why they took it off of Experian and Equifax but it remains on TU. Any help would be greatly appreciated.

So WhyChats method is bogus? Not based on any laws? So if we use his method, we're just bluffing our way through?
Can you clarify, please?

WhyChats method is not bogus. It works. In my case, my account was deleted 2 out of the 3 CRA's. I just needed the law to send back to the hospital on the CRA that is reporting. The letter they sent me is accurate, they can report an account that is delinquent. It is just the paid accounts I think is what they aren't getting.

I thought the purpose to the dispute is that HIPPA doesn't allow them to share your medical info with a 3rd party and by sending your bill to a CA then gives you the right to ask for validation. If the CA validates in earnest, they would have to show you why you owe the medical bill and therefore they would have medical info about you that the OC wasn't allowed to give them.
So if Pryan is saying the OC can give away that info, whats the purpose of HIPPA?

Maybe I've got the whole thing wrong?

What IS your problem??
It is simple to read my "legal" description linked in the HIPAA letter program.

Of COURSE an OP has PP to communicate to a CA and a CA to report on an account where there is a "business" purpose. However, once the account is PAID, there is NO LONGER any "collection" and therefore no longer any PP business purpose.

Try READING the WHOLE legal explanations in the HIPAA program before you mouth off about a system being "bogus".

I can attest that your system is not bogus. I have read it and re-read it more than once. I just need the Federal Law or the opinion that states "once the account is PAID, there is NO LONGER any "collection" and therefore no longer any PP business purpose."

I didn't say that, I asked for clarity.
I said "I thought" and "Maybe I've got the whole thing wrong"?
That meant I'm asking, not claiming.

Your answer is way too harsh to someone who just admitted she doeasn't get it and needs clarification.

There is NOTHING to be found in any "Federal Law" and there is no "opinion" that will satisfy your requirement.

If you do not understand that the BASIS of the HIPAA letter system as designed is because of the dichotomy between the requirements of the FCRA and FACTA and the CLEAR logical meaning of the term "business purpose" then I can not help you.

Your question is like asking "where in the Federal Law does it say you don't have to pay an account that is already paid".

If I seem "harsh" it is because I expect readers to understand more than they apparently do about the meaning of the words "business purpose" and "collection".

I never said the process was bogus...never even implied it to my knowledge...if anyone took it that way, sorry...


I just don't know of any case where the OCR said "Sorry OC...we're going to fine you because you notified the CA that the debt was paid". All the complaints that I know of to the OCR (only a few, granted) have resulted in the consumer being told that collection IS a business purpose, and notifying the CA that the debt has been paid is also legitimate...there is no new PHI being transmitted to the CA....

now if the OC were to say "ok CA..this debt has been paid...oh yeah...also, here are the test results from the consumer's latest visit" then there would be a valid complaint...

I too was confused by the WC's HIPAA process but it was because I was looking at it in back and white.

The foundation is not some specific statute that validates it...the foundation is built into the methodology of the entire process. There are a lot of players in these scenarios..the OC, CA, JDB's, CRAs. WhyChat provides a solution to almost every conceivable scenario. If something new comes along, you can get adaptive advise here.

The process may not be statutory perfection..but it works if followed precisely. That is a proven fact.

The way I see it, the OP's dillemma is the OC is not complying with the letter(HIPAA process does address this)...not that statutes need to be chased down.

I'm no expert, but did want to share my opinion.

I need to start all over and try to see where I got lost.
I thought we were talking about an OC, say a hospital sending a bill to a CA. Perfectly legit if it says "Consumer owes us for services during this date to this date".
However a CA would need to get more info to seriously validate and sometimes a medical OC will send info that includes services renedered which then becomes the sharing of medical information to a 3rd party, which they're not allowed to do. A Catch 22 situation?

My real confusion came when several people in the CF's stated they got medical collections removed and not one of them used the HIPPA method. When I asked why, no one had a real answer just that they decided not to

We are talking about PHI disclosure specifically when "no payment is due".

With Whychat Hipaa process it never deals directly with a CA. Just CRA and OC.

Hope this helps and I didn't come off wrong.

Ok, maybe I should start again. I followed the method to a "T". It worked on 2 of the 3 CRA's. I have never heard back from the OCR. I wrote the letter back to the hospital requesting they remove it from TU. They responded back as saying that they are within the law of reporting it. What should I do next?

Whychat is currently on vacation popping in and out.

What PHI is being disclosed after you pay the OC though? The fact that the payment was made?

Yes, information about payment is considered as PHI just as it is considered PHI when it is UNPAID.

As to the lack of cooperation of ONE CRA, you need to redispute with the medical dispute letter and file an FTC complaint if you get no FULL answer.

And yes the OCR is a toothless wonder on HIPAA violations just as the FTC is on reporting FCRA and FDCPA violations, however they BOTH do "keep track" of complaints and health care providers do NOT want to have a bad "score" of complaints recorded.

I am back, but have a WICKED cold and my Dr. has limited my "up" time.

Grim Reaper wrote:



Bumping for the OP's original question.
Sorry for highjack Grim.


WhyChat, I hope you're feeling better soon!

When you say you followed the method to a "T", what do you mean by "I wrote the letter back to the hospital requesting they remove it from TU."??

Do you mean you sent TU the follow up dispute letter and a copy to the OC with the cover letter??

They can CLAIM they are within the law all they want to, however the HIPAA privacy rules clearly STATE that they can only communicate for a legitimate business reason, including COLLECTION. The cover letter spells out the reason they would be in violation if they communicated to a reporting CA AFTER the account was paid.

And yes, I am feeling better and my family has allowed me to have my laptop back so I can stay in bed and stay on line.