The debt validation process is a debt collection practices provision under the Fair Debt Collection Practices Act (FDCPA), and has no provisions that require removal of credit reporting as a result of lack of validation, or violation of privacy provisions under HIPPA.
One state, namely Texas, does include a provision within its own state debt collection practices statute that mandates removal of reporting of collections if the debt collector fails to provide validation within the 30-day period set forth in that statute, but that is not a provision of the federal FDCPA.
In the cited scenario, they appear to have provided more than is required under the FDCPA, which has no requirement that validation must include supporting documentary evidence. The fact that any documenttion may have separately violated a consumer's privacy of medical information under HIPAA does not render the validation inadequate, and is separate basis for making a HIPAA complaint, as specified in that act.
