HIPAA violation??

Anonymous · ‎08-07-2008

Just found this reporting on TU. In late 2006 my daughter went to the local ER for an allergic reaction to some prescription meds. Insurance paid their part and left $75 apparently. Never saw anything from hospital or CA about balance due.

I DV'd the CA (full media validation as I found a sample letter on this site) and got back a copy of the agreement I signed when she was admitted to the ER, a copy of the bill showing what insurance paid, a copy of the doctor's diagnosis including the medicine she had a reaction to, the injection medicine she was given at the ER, the doctor's diagnosis and treatment that day, as well as the prescription drugs given to her when we left.

So- my question is...is the above a HIPPA violation? Apparently the OC divulged everything to the CA regarding my daughter's ER visit.

Anonymous · ‎08-07-2008

Hopefully, if I'm wrong, someone else will chime in (Fused? HappyDays?), but I think that DVing the CA instead of using the HIPAA process has killed your hopes of claiming a violation of the HIPAA.

I think (am not SURE) that you gave the CA permission to get your records from the OC when you requested that the debt be fully validated.

Conversely, I've also HEARD that when you DO DV a CA for a medical bill that they are supposed to pass the request onto the OC, who can, without violating the HIPAA laws, validate the debt by sending you the requested items.

Again, I hope someone else more fluent in what constitutes a HIPAA violation and the effects DVing a CA has on those rights chimes in!!

mborgens · ‎08-07-2008

Here's what I found, http://www.privacyrights.org/fs/fs8a-hipaa.htm#9

Can my information be disclosed to a collection agency?

Yes. When you put on that faded cotton gown and sit on the examining table, you are the patient. But, your role could change to many other things, including that of debtor. You visit your doctor and pay for health insurance premiums so that you are assured of care in an emergency or in case of an illness. But, your relationship is also a business arrangement.

You are obligated to pay for any costs not covered by your health insurance. Remember : Your consent is not required to disclose information from your medical files if it is made in connection with payment.

An unpaid bill, like any other debt claimed to be owed, may be reported to a collection agency. What's more, an unpaid medical bill can appear as a negative entry on your credit report. Information that can be disclosed to a collection agency about you includes:

Your name and address
Date of birth
Social Security number
Payment history
Account number
Name and address of the health care provider or health plan that says you owe the money.
A recent study by the Federal Reserve found that over half of all collections noted on credit reports were for unpaid medical bills, www.federalreserve.gov/pubs/bulletin/2003/0203lead.pdf.

Anonymous · ‎08-07-2008

But that doesn't address as to whether she lost her HIPAA rights when she DVed the CA.

Just because the OC CAN assign the debt to a CA and provide them with name, acct #, addy, etc, doesn't mean they can provide information pertaining to personal details such as procedure, diagnosis, etc.

That's the debate that's currently on the table. Not whether or not the OC can give the CA basic info needed to locate the consumer.

Anonymous · ‎08-07-2008

Correct Wonderin. The information the CA sent was definitely more than basic info (name, address, SSN, etc.) Personal details (diagnosis, meds prescribed, procedures performed) were included as well.

Anonymous · ‎08-07-2008

Dr's offices usually use ca that specialize in collecting medical bills. These agencies are given your basic info along with the charge the collecting on. This info may inclued date of service, diagnosis, procedures done etc. This is because they are trying to collect a debt. Many times it turns out the ca must submit this info to the insurance company. The Dr. did not violate any HIPAA rules by sending this info to the ca. When doctors use a billing service to do their billing the same info is sent to the billing company. The billing company must follow HIPAA rules just as the ca has to and the Dr.s office.

Anonymous · ‎08-08-2008

So, does this mean I can't use WhyChat's method to remove it? (Paying it's not a problem). Should I go the PFD route instead?

fused · ‎08-08-2008

Wonderin wrote:
Just because the OC CAN assign the debt to a CA and provide them with name, acct #, addy, etc, doesn't mean they can provide information pertaining to personal details such as procedure, diagnosis, etc.

That's the debate that's currently on the table. Not whether or not the OC can give the CA basic info needed to locate the consumer.

Yes, you are correct! Diagnosis codes and descriptions and procedure codes and descriptions, by HIPAA laws, cannot be shared with CAs. HIPAA's minimum necessary clause explains this.

HIPAA minimum necessary.

http://www.hhs.gov/ocr/hipaa/guidelines/minimumnecessary.pdf

fused · ‎08-08-2008

Wonderin wrote:

Hopefully, if I'm wrong, someone else will chime in (Fused? HappyDays?), but I think that DVing the CA instead of using the HIPAA process has killed your hopes of claiming a violation of the HIPAA.

This is still a bit of an unknown and I haven't dug-up anything that sates you lose your protection if you DV a CA. I will talking about this agin with Happy when she logs back in.

HIPAA violation??

Re: HIPAA violation??

Re: HIPAA violation??

Re: HIPAA violation??

Re: HIPAA violation??

Re: HIPAA violation??

Re: HIPAA violation??

Re: HIPAA violation??

Re: HIPAA violation??

HIPAA violation??

Get your FICO® Score for free

HIPAA violation??

Re: HIPAA violation??

Re: HIPAA violation??

Re: HIPAA violation??

Re: HIPAA violation??

Re: HIPAA violation??

Re: HIPAA violation??

Re: HIPAA violation??

Re: HIPAA violation??

Get your FICO Score for free