Hippa Letters
Hippa Letters
Hippa Letters
Alternate Medical DV for accounts that have been PAIDTO THE REPORTING CA AND
ARE BEING REPORTED AS "PAID COLLECTIONS"
( You MUST send the "medical dispute letter" FIRST and have had the account verified) Keep a copy
for your files and send the letter certified mail ., DO NOT USE THE RETURN RECEIPT, EVEN IF
YOU HAVE A STREET ADDRESS DO NOT USE THE RETURN RECEIPT AS THE CAs ARE
USING UPS DROP BOXES, SEND IT CERTIFIED ONLY AND PRINT OUT THE ON LINE
PROOF OF DELIVERY FOR THE FOLLOW UP LETTER
Do a separate letter for EACH CRA that the CA is reporting to, make sure the account #'s match
the report. You can MAIL them all to each CA in ONE envelope with one certified mail #Do
a separate letter for EACH CRA that the CA is reporting to, make sure the account #'s match the report.
You can MAIL them all to each CA in ONE envelope with one certified mail#
Your Name
123 Your Street Address
Your City, ST 01234
ABC Collections
123 NotOnYourLife Ave
Chicago, IL
Date: _________ CM#____________
Re: Acct # XXXX-XXXX-XXXX-XXXX
To Whom It May Concern:
This letter is being sent to you in response to your recent fraudulent verification of an unknown
medical account on my (name of CRA) report"
This is a notice that your reported claim is disputed.
Under the Fair Debt Collections Practices Act (FDCPA), I have the right to request validation of the
debt . I am requesting proof that I am indeed the party you are reporting on this debt, and there was
some contractual obligation which was binding on me to pay this debt.
Please attach copies of:
Agreement with your client that granted you the authority to collect on this alleged debt,or proof of
acquisition by purchase or assignment. and authorization under subtitle D of the ARRA ,SEC. 13401.
APPLICATION OF SECURITY PROVISIONS AND PENALTIES TO BUSINESS ASSOCIATES OF
COVERED ENTITIES; and SEC. 13407(1) BREACH OF SECURITY.The term breach of
security means, with respect to unsecured PHR identifiable health information of an individual in a
personal health record, acquisition of such information without the authorization of the individual.
Please note that the effective enforcement of penalties against you is under the penalty rules of the
Omnibus Final Rule effective 09/23/2013 interpreting and implementing various provisions of the
Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act) as issued
11/30/2009
Agreement that bears the signature of the alleged debtor wherein he or she agreed to pay the creditor
and as this is a medical account a copy of any HIPAA authorization.
Please also be advised that this letter is not only a formal dispute, but a request that you cease and
desist any and all reporting activities.
Your receipt of this letter will be considered as having granted consent to the taping of any and all
telephone calls to me at my home or business by you or your agents or assigns
I require compliance with the terms and conditions of this letter within 30 days. and a complete
withdrawal, in writing, of any report to any credit reporting agency. In the event of noncompliance, I
reserve the right to file charges and/or complaints with the OCR on HIPAA violations and appropriate
County, State & Federal authorities ,the BBB and State Bar associations for violations of the FDCPA,
FCRA, and Federal and State statutes for fraudulent slander of credit and illegal reporting activities on
an account that is time-barred as well as (name of your State) medical privacy rules.
I also hereby reserve my right to take private civil action against you to recover damages.
Sincerely,
Your Name(PRINT OR TYPE DO NOT SIGN)
-------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
HIPAA LETTER
LETTER TO HEALTH CARE PROVIDER
Letter To Health Care Providers
This letter should ONLY be used AFTER the initial dispute letter has provided you
with a documented current relationship between the Health Care Provider and the
reporting CA.
It will ONLY work if the claim is either INACCURATE, or you remit the valid correct amount
due with the letter, and ONLY if you have confirmed a CURRENT relationship between the OC
and the CA.
Please make sure that your payment is in the form of a bank cashiers check or bank money
order,(do not use a postal money order). THIS IS CONSIDERED THE SAME AS A CASH
PAYMENT, that you make a photo copy of the front and back of the remittance, that your
name and address are CLEARLY printed on the remittance, that it is made to the order of THE
ORIGINAL HEALTH CARE PROVIDER, and that you print or type clearly in the
endorsement section "For Deposit Only to the Account of (name of H.C. provider)
(This of course allows your IRS deduction as a medical expense). MAKE SURE that you put
the account # if available ( not the CA account # but from your original billing), in the "for"
section on the front of the money order. If you do NOT have the original account # OR if you
have several accounts with the SAME OC under ONE account #, put the name of the patient,
date of service and patient's SS # in the "for" area.
Send ALL correspondence to the HIPAA COMPLIANCE OFFICE of the HC provider,CMRR. ( If
the OC has changed ownership or moved or gone BK, send it certified WITHOUT the return
receipt requested.) Do NOT "fax" or "e-mail" anything.
(1) Prohibition.
(A) Reporting information with actual knowledge of errors.
A person shall not furnish any information relating to a consumer to any consumer reporting
agency if the person knows or consciously avoids knowing that the information is inaccurate.
In addition, the HIPAA and (name of your State)'s Medical Privacy Statutes and the penalty
provisions of the ARRA section D, privacy provisions ,the penalty rules of the HITECH Act as
issued 11/30/2009 and the Omnibus Final Rule effective 09/23/2013 and the FACT Act final
rules effective July 1, 2010.are in effect in this situation.
The Privacy Rules prohibits a covered entity from using or disclosing an individual's protected
health information ("PHI") unless specifically authorized by the individual or otherwise
allowed under the Privacy Rules.
In general, PHI encompasses substantially all "individually identifiable health information"
that is transmitted or maintained in any medium. "Individually identifiable health information"
includes health information that is created or received by a health care provider, health plan,
employer, or health care clearinghouse, and that relates to an individual's physical or mental
health or condition, including information related to an individual's care or the PAYMENT for
such care.
Your furnishing of my account information to (collection agency name), is not in compliance
with HIPAA,or (name of your State}'s Privacy Act, and any subsequent reporting of this
account on my credit reports to (credit reporting bureaus) is a clear violation of Public Law
104-191 ("HIPAA") since there can be no permissible business purpose in divulging protected
health information to anyone on an account once there is no longer any payment due.In
addition the new Omnibus Final Rule states:when patients pay out of pocket in full, they can
instruct their provider to refrain from sharing information.This letter serves as that instruction
You are required under the FCRA and FACTA to accurately report the status of any account to
the credit bureaus, and you are prohibited under the HIPAA and State privacy regulations
from doing so on a PAID account, as there is no longer any permitted business purpose.
Therefore I am requesting you promptly rescind all such account information furnished to
(collection agency) and require them to purge their records of all reference to this account,
and that you insure that any and all reporting of this account is immediately deleted from my
credit reports.
This simple procedure to request the deletion of ALL reference to this account from the
records of ( collection agency name) and to require them to have this account information
deleted in its entirety from my credit reports will resolve this problem completely.
insert the underlined phrase for hospitals
You are also advised that you may be in violation of the Notice of Proposed Procedures for
Charitable Hospitals to Correct and Disclose Failures to Meet Section 501(r) of the Affordable
Care Act.
Please respond, in writing within 10 days that you are processing this request.
I am reserving the right, to take appropriate legal and civil action including reporting to any
applicable regulatory authorities any lack of cooperation or compliance with this request.
I hereby waive my rights under HIPAA and any State Privacy Act for the single purpose of
your transmission of this request and accompanying documentation in any required report
you must make to your E &O insurance carrier.
Sincerely,
signature
(Your Name)
-----------------------------------------------------------------------------------------------------------
INSERTS
.............................................................................. .............................................
(insert a)
Enclosed please find my remittance of ($___) for payment in full of this account.
(insert this if the payment is less than billed)This payment in full is for services as per
the attached fee schedule from XXXX XXXX)
Health Care Billing Charts
or HEALTH CARE BLUE BOOK
Please note, my remittance is payable ONLY to (hc provider) and may not be signed
over or transferred to any third party collection agency, as this would constitute an
additional violation of HIPAA, State Privacy Act rules and the Omnibus Final Rules. .
Copies of this correspondence and a copy of the remittance check may be used for any
further actions with State or Federal agencies
.......................................................................... ..............................................
(insert b)
This account is a billing error.
(1)
It has been paid,( proof of payment attached) .
(2)
It was not properly transmitted in a timely manner to my insurance company.
( Documentation from insurance attached)
(3)
It was submitted to, or should have been submitted to ( name of State) for indigent
care.( Statute # if available)
LOOK UP YOUR STATE
It is not a valid bill and has been properly disputed, therefore I request complete deletion
from all your agent (name of CA)'s records and archives.
.......................................................................... ...............................................
(insert c)
This is not my account,
It has been billed to me in error. and has been properly disputed, therefore I request
complete deletion from all your agent ( name of CA)'s records and archives.
.......................................................................... ................................................
Make sure any money order has been deposited ,or you have received a return receipt
from your letter if insert "b" or "c" were used.
Send the follow up letter posted below.
Send a copy of the follow up letter to the OC (legal dept) with the cover letter,(follows
letter to CRA)
4-
If the CRA responds with verification from the CA or the OC, file a complaint with the
HIPAA administration for the OC's , the CA's and the CRA's violation of the privacy rules
of HIPAA,and with any available State's Medical Privacy Act administration.
If they do NOT respond with any verification and the account is NOT deleted, file a civil suit
against the OC and the CA for their liability for violations of the FCRA and FACTA.
5DO NOT under any circumstances, write or correspond with the CA regarding this
matter, any correspondence or communication that YOU instigate, while not a waiver of
your privacy rights under HIPAA, will impede any cause of action you might have as the
non permitted "communication" would have come from YOU.
Please understand, that any CA or CRA now has FULL liability under HIPAA, even if they are
NOT the health provider and/or have no business relationship with them. They are NOW
covered under the provisions of the act for all medical accounts", they are now also subject to
the the penalty rules of the HITECH Act as issued 11/30/2009. if THEY violate, they can also
be named in ALL your filed complaints.
Letter To Cra After HIPAA Letter, send CMRR
Use this AFTER you have received the green card back and received verification that any
money order has been deposited (if using insert "a")
To Equiexptu
Sirs;
This is a dispute of account information on my credit report, (report #)
Please re-investigate (or investigate if you have not previously disputed) the following
disputed account on my credit report.
(give CA name and acct. #)
Please furnish me with verification that (CA name) is reporting this account from (OC
name) for ($ amount) in my name.
I require the identification of the reporting party and the date of their verification.
I require documentation of the authorized HIPAA business relationship between (CA
name)and (OC name) and documentation of your authorized HIPAA business
relationship between yourself and either ( name of CA) or (name of OC).
Please be advised that this request is being made in accordance with the requirements
of the FCRA and FACTA and the privacy rules of the HIPAA and (your State)'s Medical
Privacy Act. Please be advised that you are subject to the penalty rules of the HITECH
Act as issued 11/30/2009 and Omnibus Final Rules effective 09/23/2013.
Please note that your Credit Reporting Agency is now subject to Federal consumer
financial laws, including, among others, the FCRA and Title X of the Dodd-Frank Act, and
related regulations including a ban on Abusive Acts or Practices.( Section 1031 of the
Dodd-Frank Act )
Sincerely,
Ido N Tnow