Federal law does not conflict with state law in California when it comes to disclosing accurate credit information and protecting a patient’s medical records. As a result, a retired debt collector can be sued for allegedly violating the states’ Confidentially of Medical Information Act (CMIA) if he sent patients’ medical records to a reporting agency, the California Supreme Court ruled last month.
“Individuals, as patients, have a substantial interest in the privacy of their medical information,” Justice Kathryn Werdegar wrote for the court, which overturned a Court of Appeals ruling that said the lawsuit must be dismissed because it was preempted by the federal Fair Credit Reporting Act (FCRA).
The case, Robert A. Brown and Susana Brown, et al. vs. Stewart Mortensen, will now be sent back down to the Los Angeles Superior Court for trial. If that court finds that Mortensen violated the law, the statue allows for remedies up to $250,000 for the unlawful disclosures of medical records for the purpose of financial gain. The health care provider in the case, a dentist, already agreed to a settlement.
The lawsuit stems from a disputed $600 bill in 2000 for a dental crown Brown says he never received. The dentist referred the bill to Mortensen for collection and allegedly forwarded Brown’s medical records, as well as those of his children. Brown filed a lawsuit claiming his records contained 10 years of medical information, other personal information and that the debt collector sent that information to the major credit reporting bureaus, violating the CMIA.
InsideARM.com learned that healthcare debt collection industry practices vary on what, if any, medical information is provided to credit bureaus.
Jim Richards, president of Atlanta-based medical debt buyer Capio Partners, said most hospitals do not report unpaid medical debt to credit bureaus, although most debt collection agencies do. However, no personal medical information is reported, he said.
“Medical information can be sent to an agency for usual billing purposes, not reporting purposes,” Richards said. “In this case the dentist (allegedly) sent dental charts to help settle the dispute. He should have not sent anything on the kids if they were not related to this case.”
Karen Stein, manager of patient services at the University of Rochester Medical Center in Rochester, N.Y. sees no reason for health care providers to give debt collectors access to patients records. “There is no real business need for the agencies to know why the patients were here,” she noted.
Stein added that if a patient disputes a bill, the patient can request copies of their medical records to help verify the debt. “Most of the time we can resolve it without the use of medical records. Sometimes it’s just remembering,” she said.
Lloyd Dix, the legal advocate for the California Association of Collectors, said the case only made it to the Supreme Court because the court had to assume all facts in the case are true. He doesn’t believe that Brown’s case will hold up during trial.
“The ruling did not test the facts of the case,” said Dix. “I have some serious questions as to whether or not the collection agency could somehow attach a medical file or chart to a credit agency report.”
Dix added that he doesn’t foresee collection agencies having to make major changes to their business practices because of the Supreme Court ruling.
HIPAA requires health care providers to send debt collection agencies the least amount of information necessary to do their jobs. That usually includes the patient’s name, address, contact information and amount owed. Additionally, the Fair Debt Collection Practices Act (FDCPA) mandates that if a consumer requests debt verification from a debt collector who contacted the consumer about a debt, the validation must come from the debt collection agency. So Dix said CAC will advise members who report delinquencies to credit bureaus to only report the patient’s name, address and amount of debt.
“Don’t report the name of the medical provider as it may be interpreted as providing confidential information,” Dix said.