What exactly is a HIPAA violation?
When disputing medical collections, it is common for people to attempt to get a removal using a "HIPAA violation" as grounds for the collection being removed from their credit report. But what exactly is a HIPAA violation? And why does this get deletions?
In order for a debt collector to report/collect on a debt, they must have evidence to prove that the debt they want to report/collect on is a valid debt. Per the Fair Credit Reporting Act or FCRA, you as a consumer, have the right to force them to provide you with a copy of that proof. This is called debt validation. But what "evidence" proves a debt is valid?
A debt validation is NOT:
A typed up statement saying you owe
A debt validation IS:
a copy of the contract you signed with the original creditor AND
proof the debt collector purchased the debt from the original creditor
Now when it comes to medical collections, some documentation you should look for specifically are:
Treatment consent form(s)
HIPAA release form(s)
Proof of identification
If you don't see a HIPAA release form, this is not an automatic violation, but this definitely means you should be paying closer attention to the remainder of the documents.
Now, HIPAA refers to the Health Insurance Portability and Accountability Act of 1996. This is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.
The HIPAA Privacy Rule standards address the use and disclosure of individuals’ health information (or PHI) by entities subject to the Privacy Rule. The Privacy Rule also contains standards for individuals’ rights to understand and control how their health information is used. A major goal of the Privacy Rule is to ensure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high-quality health care and to protect the public’s health and well-being. The Privacy Rule strikes a balance that permits important uses of information while protecting the privacy of people who seek care and healing.
There are HUNDREDS of common HIPAA violations, but the one that you should focus on is the impermissible disclosure of protected health information. If you request a debt validation, and you identify PHI in the documentation you receive with NO HIPAA Release Form, this is a violation of the privacy rule of HIPAA and you can use this to remove the collection from your credit report.
NOTE: removing an unpaid collection does not absolve you of the debt. You are still responsible for paying the original creditor to prevent the debt from being sold to a different debt collection company and repopulating on your credit report