Paubox blog: HIPAA compliant email made easy

Is the Fair Credit Reporting Act HIPAA compliant?

Written by Kirsten Peremore | November 16, 2023

Balancing a consumer's privacy rights with accurate credit reporting is crucial in medical debt collection under the Fair Credit Reporting Act (FCRA) and HIPAA. Adhering to both regulations ensures legal compliance, and the healthcare and credit systems can maintain their integrity. 

 

The relationship between FCRA and HIPAA

Both HIPAA and the FCRA permit reporting medical debts to credit agencies. However, HIPAA limits the type of health information that can be disclosed, focusing on payment-related data. At the same time, the FCRA ensures that this information is reported accurately and in a manner that respects consumer privacy. 

 

FCRA and medical credit reporting

The FCRA ensures the accuracy and fairness of consumer credit information reported to credit reporting agencies. This includes debts arising from medical services. Additionally, the FCRA outlines the conditions under which medical debts can be reported, emphasizing the need to maintain privacy and accuracy in these reports. 

 

HIPAA and medical credit reporting

HIPAA provides specific provisions that allow for the controlled disclosure of certain types of protected health information (PHI) for payment activities, including reporting payment history and account details to credit reporting agencies. This aspect of HIPAA ensures that while healthcare providers can share the necessary information for billing and payment processes, patient health data privacy is strictly maintained. 

 

Requirements for Reporting Medical Debt

Under HIPAA

1. Disclosure of specific PHI types: Only certain types of PHI can be disclosed for payment activities, which include:
  • Name and address of the individual.
  • Date of birth.
  • Social Security number.
  • Payment history.
  • Account number.

2. Minimum Necessary Standard: Any PHI disclosed must adhere to the minimum necessary standard, meaning only the least amount of information needed for the payment process should be shared.

3. Privacy protection: Ensure health information privacy is maintained throughout the reporting process, including encrypted storage solutions and secure communication such as HIPAA compliant email

Under the FCRA

1. Accuracy in reporting: Ensure all medical debt information reported to credit reporting agencies is accurate and fair.

2. Encryption and Privacy Standards:
  • Encrypt or code specific details to protect consumer privacy.
  • Use coding systems that prevent the identification of healthcare providers and the nature of services.

3. Registration as medical information furnisher: Healthcare providers and their agents must register as medical information furnishers with each credit reporting agency to which they report.

4. Reporting time frame: Report medical debt for a duration typically up to seven years from the date of delinquency unless state law specifies a different time limit.

5. Compliance with CRA rules: Adhere to additional standards set by Consumer Reporting Agencies, such as delayed reporting of medical debts and removal of paid medical debts from credit reports.

See also: HIPAA and the credit card exemption

Consumer Reporting Agency (CRA) Rules and the National Consumer Assistance Plan (NCAP)

Consumer Reporting Agencies (CRAs) and the National Consumer Assistance Plan (NCAP) play pivotal roles in shaping the reporting of medical debt by supplementing federal regulations like the FCRA and HIPAA. CRAs, which include major credit bureaus like Experian, Equifax, and TransUnion, enforce additional standards that directly impact how medical debt is reported. Key among these is the NCAP, resulting from a collaborative agreement with state attorney generals to enhance credit report accuracy and transparency. 

The NCAP introduces significant changes to medical debt reporting:

  1. It mandates a waiting period of 180 days before medical debt can appear on a credit report, allowing time for insurance payments and disputes to be resolved.
  2. It requires the removal of medical debt from credit reports once it has been paid, acknowledging the often complex and protracted nature of medical billing and insurance coverage.
  3. It excludes reporting relatively small medical debts, typically those under a specific threshold like $500, recognizing that such minor amounts might not accurately reflect a consumer's creditworthiness. 

These measures by CRAs and the NCAP collectively aim to protect consumers from the potentially disproportionate impact of medical debt on credit reports, ensuring a fairer representation of individual credit profiles in complex healthcare billing systems.

See also: Can healthcare providers share PHI with debt collectors?
View full post