Is sending medical bills to collections a HIPAA violation?

Asked by: Jonas McGlynn II  |  Last update: January 27, 2025
Score: 4.2/5 (47 votes)

Although it is not a HIPAA violation to send to collections, there are circumstances in which sending an unpaid medical bill to collections could violate a state or local law.

Does HIPAA apply to medical bills?

Title II of HIPAA applies directly to medical billing companies, as it dictates the proper uses and disclosures of protected health information (PHI), as well as simplifying processing of claims and billing.

Does medical billing fall under HIPAA?

Although many people know that HIPAA protections apply to medical records and details about health care services, they may not realize that HIPAA also applies to payment-related information. The short answer to the question, “Is billing information protected under HIPAA?” is yes, it is.

Is sending a medical bill to the wrong person a HIPAA violation?

In other words, sending medical bills to the wrong address is a direct violation of the Health Insurance Portability and Accountability Act (HIPAA).

Is mailing medical records a HIPAA violation?

It's permissible to ship protected health information via the United States Postal Service, as well as some commercial services. These services include but are not limited to UPS, FedEx, and DHL.

Is it a HIPAA violation for the collection agency to send an itemized list without a release form?

37 related questions found

What qualifies as a HIPAA violation?

A HIPAA violation refers to the failure to comply with HIPAA rules, which can include unauthorized access, use, or disclosure of Protected Health Information (PHI), failure to provide patients with access to their PHI, lack of safeguards to protect PHI, failure to conduct regular risk assessments, or insufficient ...

Does HIPAA apply to medical records?

With limited exceptions, the HIPAA Privacy Rule (the Privacy Rule) provides individuals with a legal, enforceable right to see and receive copies upon request of the information in their medical and other health records maintained by their health care providers and health plans.

Is sending medical bills to collections against HIPAA?

The inclusion of “collection activities” confirms that sending an unpaid medical bill to collections is not a HIPAA violation.

What is the most common violation of HIPAA?

What are the 10 Most Common HIPAA Violations?
  • Insufficient ePHI Access Controls. ...
  • Failure to Use Encryption or an Equivalent Measure to Safeguard ePHI on Portable Devices. ...
  • Exceeding the 60-Day Deadline for Issuing Breach Notifications. ...
  • Impermissible Disclosures of Protected Health Information. ...
  • Improper Disposal of PHI.

What information can be shared without violating HIPAA?

HIPAA permits health care providers to disclose to other health providers any protected health information (PHI) contained in the medical record about an individual for treatment, case management, and coordination of care and, with few exceptions, treats mental health information the same as other health information.

What does HIPAA not apply to?

Generally, public schools, colleges, and other educational institutions that provide medical services for students and staff (as a work benefit) are not considered to be covered entities under HIPAA.

Can I sue someone for looking at my medical records?

Patients can sue healthcare providers or specific healthcare professionals for violating state laws involving HIPAA. Patients can sue for a "harmful" violation of their medical history or medical privacy. These claims are typically negligence claims or breach of contract claims.

Does medical billing and coding need strict adherence to HIPAA laws and patient?

HIPAA Compliance: Medical coders must protect sensitive patient information while working with data. Strict adherence to privacy and security rules is non-negotiable. Billing Rules and Accuracy: Coders ensure claims comply with payer-specific guidelines, minimizing errors that lead to rejections or penalties.

Does HIPAA apply to medical billing?

Medical billing is a series of transactions that can span several months. Healthcare organizations and their business associates need to comply with the requirements of HIPAA during all these stages of the medical billing process.

What is not a HIPAA violation?

The information that can be shared without violating HIPAA includes any Protected Health Information (PHI) that is used or disclosed for a permitted purpose and any individually identifiable information that does not qualify as PHI because it is not maintained in the same designated record set as PHI.

What are the three rules of HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) lays out three rules for protecting patient health information, namely:
  • The Privacy Rule.
  • The Security Rule.
  • The Breach Notification Rule.

What qualifies as a HIPAA breach?

A breach of HIPAA is considered to be any acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of the protected health information.

What can I say without breaking Hippa?

If a patient has exercised their right to request privacy protections, the only time it is possible to talk about the patient without violating HIPAA is when the nature of the discussion is an exempted use such as when PHI is required for emergency treatment or a disclosure is required by law.

How much trouble can you get in for violating HIPAA?

Criminal penalties

Covered entities and specified individuals, as explained below, who "knowingly" obtain or disclose individually identifiable health information, in violation of the Administrative Simplification Regulations, face a fine of up to $50,000, as well as imprisonment up to 1 year.

Do medical bills get reported to collections?

Medical debt is the most common collection type reported on consumer credit records, and consumers report being contacted by debt collectors about medical debt more than any other type of debt. Once medical bills enter collections, they are often reported to consumer credit reporting companies.

Can a hospital take your house for unpaid medical bills?

The short answer is yes, it is possible to lose your home over unpaid medical bills though the doctor or hospital would have to be willing to go to a lot of effort to make that happen. Medical debt is classified as unsecured debt. This means that your debt isn't tied to any collateral.

How to not pay medical bills in collections?

Tips to Avoid Your Medical Bills from Hitting Collections
  1. Tip 1: Take a deep breath and open your bills. ...
  2. Tip 2: Read the details. ...
  3. Tip 3: Talk to your healthcare providers. ...
  4. Tip 4: Negotiate. ...
  5. Tip 5: Be proactive. ...
  6. Tip 6: Ask for a Lump Sum Discount. ...
  7. Tip 7: Get familiar with Charity Care. ...
  8. Tip 8: Stay organized.

What is not allowed under HIPAA?

Your health information cannot be used or shared without your written permission unless this law allows it. For example, without your authorization, your provider generally cannot: Give your information to your employer. Use or share your information for marketing or advertising purposes or sell your information.

How long does a HIPAA violation stay on your record?

How long a violation stays on a person's record depends on the nature and severity of the infraction. The HIPAA violation will likely remain if it's relatively severe and intentional. Such violations can include deliberately leaking or sharing protected health information (PHI) or stealing a patient's identity.

Do medical records ever lose HIPAA protection?

A covered entity has to retain patient authorization for the disclosure of PHI for six years. However, if the document is part of the patient´s medical record, it is subject to the state's medical record retention requirements – which could be longer.