HIPAA or the Health Insurance Portability and Accountability Act was passed in 1996 to protect consumer medical information. By now, healthcare providers of all types have figured out how to be compliant with the law. However, medical and dental providers need to make sure that their collection agency is also HIPAA compliant.
Speak to your collection agency and ask them about their experience with medical/dental debt collection. If you decide to hire them, you must have them sign a HIPAA Business Associate Agreement. The agreement asks your collection agency to comply with the law to keep information secure and not to disclose Protected Health Information (PHI).
While your debt collector does have a permissible service to get certain information, I recommend only sharing information that is needed to discuss the debt. Your agency will need a statement showing dates of services, charges with any payments and adjustments. When you share patient information with them, they need contact information on your patient, not their medical history. If you do not think the information is important in collecting the debt, do not send it to your agency.
Does your collection agency know what Protected Health Information is? Do they train their employees on how to comply with HIPAA?
Make certain your collection agency has the appropriate security to protect information. Are they keeping records, either paper or electronic of patient statements? If so, make sure they are secured.
Your patient financial agreement should state that past due balances may be referred for outside collection, and that they understand and agree that information necessary to collect the past due balance will be forwarded to the debt collector.
When you communicate to your agency regarding patients use secure email or fax only. Regular unsecured email is not HIPAA-compliant.
In addition to HIPAA, your agency should have a policy to comply with laws that govern overall debt collection tactics, the Fair Debt Collection Practices Act (FDCPA) and the Telephone Consumer Protection Act (TCPA).
Most importantly, clearly communicate with your agency about your goals and about the approach you wish them to take with your patients. Work with them to give the information they need to help you, while protecting the privacy of your patients.