Collection Service gave out information.

[djh602]

I checked my Credit Report recently and saw where two different collection agencies had placed two different Medical Accounts (which had been placed for collection) on my credit file. On both of these files I was not the patient only the guarantor of the debt (because it was my insurance that was used). I contacted one of the companies who stated that they could not discuss the file with me due to the fact that the patient (who is my wife) was considered an adult at the time of services. I was advised that it would be a HIPPA violation for them to discuss any Information about the doctor(s), and other health care providers, the billing information about either the doctor or clinic that preformed such services, or the dates said services were provided. I was told in order for them to be able to discuss this account with me that I would need written authorization from my wife giving the Collection Agency permission to discuss the account with me.I contacted the second creditor who mailed me a statement of account which had the Clinic's name on it, the Doctors name as well as the dates the services were provided, my insurance company information, as well as my wife's account number from the clinic.So my question is since the first agency would not give me the information I requested because of HIPPA following the law and did the second Agency Violate the HIPPA Law?Or was the first Agency misinformed about the HIPPA Laws and the second Agency give me the information that I was legally entitled to?

 

[Michael Wechsler]

I don't specialize in HIPPA law. I wonder whether there is an issue if they mailed a statement to the account holder at the address listed - which you happen to share with your wife. Hence, since they did send the statement to the listed address and addressed properly, there is a question whether there is any HIPPA law that was violated and not clear cut.

 

[Betty3]

Just for clarification, it's HIPAA & not HIPPA.

 

[DAWW]

Also not expert in HIPAA law, but I have several thoughts.
- To violate the HIPAA law, the party handing out the information has to give out too much information, not too little. HIPAA is fine with giving out no information even if HIPAA is not an impediment.
- The privacy provisions in HIPAA are almost entirely directed at medical providers. I am not saying that it is completely impossible for an employer or credit reporting agency to violate HIPAA, but they would have to work at it. These folks are not the target of the HIPAA rules.
- HIPAA has sharp teeth. Looking at HIPAA only, I would err on the side of handling out as little information as possible. If I was unsure (and it would be really easy to be unsure), I would want a formal release from the patient.
- Unrelated to HIPAA, on the employer side of things (which I do know something about), it is hard to go wrong giving out as little employee related information to non-governmental third parties as possible. I suspect that the credit reporting agencies are equally adverse to handling out any information that they are not legally required to. No up side.
- However HIPAA is pulling at one end of the rope and there are other laws (maybe CCPA) pulling on the other side of the rope, the side that says credit reporting agencies must report certain information to affected consumers. I have no idea how HIPAA and something like CCPA would balance off possibly conflicting rules. I would not want to be the test case that decides the issue in court..

Having said all of that, rather then getting into a [bleeping} contest with one of the very large credit reporting agencies, who doubtlessly have hot and cold running lawyers on tap, I would just have your wife sign a HIPAA release form. The point that people sometimes miss with the David v. Goliath story is that Goliath was undefeated going into that fight and it took Devine Intervention for David to win. Not something a reasonable person can count on.