The Medical Collections and The TCPA Redefined: Why following HIPAA is not as easy as once thought.
The Telephone Consumer Protection Act, or “TCPA,” was first enacted in 1991. Its purpose was to stop telemarketers calling late at night trying to sell you aluminum siding as you prepared for bed. Later, Congress decided to expand its scope to apply to collection activities, leading to the TCPA and the Fair Debt Collection Practices Act, “FDCPA,” as the two main regulating bodies of law governing the collection of consumer debt in the United States.
While the main purpose of the FDCPA is to ensure consumers are not misled or lied to in the attempt to collect a debt, the TCPA’s purpose is to regulate the means or instrumentalities used to communicate. The TCPA also covers the consent a consumer may give a service provider, and subsequently a third party collection agency, to call the consumer in the attempt to collect a debt.
At this point many of you are asking, How does this apply to me as a consumer or a Medical Collections provider?
In July of this year, the FCC clarified how consent works within the TCPA. Specifically, the TCPA prohibits certain calls to wireless lines and residential (land line) numbers unless the caller has the prior expressed consent of the called party. The FCC interpreted calls to include SMS text messages. Under the TCPA consent rules, some types of calls require prior expressed written consent while other types of calls do not require that consent to be in writing.
If the service provider has gotten consent to contact you on a bill, the third service collection agency or service provider of any type may not have that expressed consent. Meaning that a call might be a violation of the TCPA. (Consent must have been given in writing).*
To complicate matters further, if engaged in medical collections, HIPAA (Health Insurance Portability Accountability Act) applies. This is the body of law that regulates medical privacy not only for service providers but subsequent servicers of that account and/or debt. Meaning service providers and collection agencies must use the minimum amount of information possible in the attempt to collect a medical debt, never disclosing medically pertinent information. EVEN to one’s spouse!
For example, a collector calls a shared family line and discloses to a family member (not the debtor) previous attempts to collect a debt by the collection agency (which is a FDCPA violiation). This collector did not gain express consent to call the debtor (a TCPA violation). During the course of the conversation with the family member, the collector also discloses the medical nature of the service leading to the debt (HIPAA violation).
The above example is a TCPA/FDCPA violation, which is generally subject to $500-$1000 in statutory damages, and can easily become a $150,000+ problem when as the implications of the HIPAA violation are applied to the call.
If you believe you have been subject to a collection or medical privacy violation or own and operate a collection agency and wish to get ahead of compliance issues contact The Prado Law Firm today for a free consultation.
*In re Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, CG Docket No. 02-278, Report and Order, FCC 12-21, Para. 28 (February 15,2012; § 64.1200(a)(3).