CreditBoards > OC calls BS on HIPAA- they insinst they're not violating HIPAA by reporting as paid

Full Version: OC calls BS on HIPAA- they insinst they're not violating HIPAA by reporting as paid

CreditBoards > Creditboards Main Forums > Medical Billing & Medical Collections

gator00

Oct 16 2008, 06:28 PM

First of all, I owe a huge thanks to all those who've helped me with my previous medical collections problems (especially Whychat, who's been a great help). I started this process with probably 20 collection marks on my credit reports from about 5 different OCs. I have recovered financially and managed to pay off all of my medical bills using the Whychat process and eventually, all of the OCs have completely removed all references from my credit report except for one stubborn OC that refuses to budge.

They are making me furious for several reasons. First of all, their CA poisoned my credit by placing separate collection accounts for all the various account numbers I had with the OC, thus leaving 6 different collection accounts on my credit reports (to a single OC for a single hospital visit). Now that I've paid all accounts in full, they are still marked as "paid collection accounts" on my credit reports and they refuse to remove them.

I have followed the Whychat HIPAA process in it's entirety. All accounts were paid with money orders (payable only to the OC) included with the Whychat HIPAA letter and insert A. After sending them payments, my accounts were changed from unpaid to paid status on my credit reports, so I sent the letters to the CRAs requesting validation, and the follow-up letter to the OC. The OC failed to respond, and the accounts were verified by the CRAs, so I proceeded to send the courtesy letter. I was infuriated when I opened my mail and found the following response to my courtesy letter:

Dear [name deleted],

This is in response to your letter dated 9/26/08 regarding your concerns about HIPAA violations in connection with the use by University Medical Service Association of a collection agency to collect payments for services provided to you, and subsequent reporting by the collection agency to credit bureaus.

The University Medical Service Association is part of the University of South Florida HIPAA Covered Entity. The HIPAA Privacy Rule allows covered entities to use and disclose protected health information for its own treatment, payment, and health care operations activities without authorization from the individual (patient). Payment encompasses the various activities of health care providers to obtain or be reimbursed for their services. The Privacy Rule provides examples of common payment activities, including billing and collection activities. Health care providers may disclose protected health information to collection agencies under a Business Associate Agreement under which the collection agency agrees to comply with the HIPAA Privacy Rule in maintaining the security of such information and in further disclosing such - for example, disclosing the minimum necessary information to credit bureaus.

The collection process followed by the University Medical Service Association is in accordance with the HIPAA Privacy Rule and does not result in a privacy violation. As I understand, you have fully paid the invoices that were forwarded to the collection agency, and should no longer be reflected as unpaid amounts.

I trust that this answers your concerns. If you still have concerns or questions in this regard, please feel free to contact me at [phone # removed].

Sincerely,

[name removed]
Compliance and Privacy Officer
Director, Professional Integrity Program

Basically, the OC just called BS on the whole Whychat HIPAA process. How should I respond to this? Where can I find a specific section of the HIPAA privacy rule that states that there is no permissible business purpose in divulging protected health information to anyone on an account once there is no longer any payment due?

It has taken me more than a year to pay about $4,000 in old (3+ year old) medical bills in a quest to clean up my credit so I can buy a house, and these stubborn jacka$$es are the only thing preventing me from having flawless credit. Thanks for any advice you can give to help me remedy this situation.

edit: BTW, I will of course proceed to file a HIPAA complaint with the OCR, but they are extremely slow an inefficient and I doubt they will be able to help in a timely manner. Please see this post for my previous experience with the slow response of the OCR. I am hoping that I can convince the OC that they are in fact violating HIPAA rules by reporting this as paid, so that they will voluntarily delete it, and I won't have to wait forever for the OCR to get around to investigating it.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.