So what this means is a CA can report an unpaid collection because they still have a BP (business purpose) to your PHI, but once it's paid the CA has to delete the paid collection. HIPAA says since the covered entity's business associate, the CA, has completed it's task, to collect the debt, the CA no longer has a purpose to have access to one's PHI. So if the CA doesn't remove the paid collection, the OC would be in violation of HIPAA for continiung to disclose PHI to the CA.
Have you had any communication with the CA? If yes, STOP doing so. The HIPAA letter process leaves the CA out of everything. Is this a doctor's bill or hospital bill? Have you tried to do a PFD with the OC?