3 Legal Protections to Include in Your Patient Debt Collection Agency Services Contract
Outsourcing can be an effective way to overcome patient collection challenges. But it can also backfire if the collection agency you contract with uses illegal, unethical or insensitive collection tactics. One of the keys to managing these risks is to include proper legal protections in your services contract. In this article we’ll review the three legal protections you should include in your collection agency contract. Next month, in part two of this article, we’ll concentrate on the seven business provisions you need to ensure that your agency delivers you the highest quality services and support. Why the contract is so important Of course, services contracts with your vendors are important no matter what business you are in or which function you outsource. But contract terms are even more important when the service provided is debt collection and the debts collected are medical debts: Liability Risks: Medical debt collection is subject not just to general commercial consumer lending laws like the Fair Debt Collection Practices Act (FDCPA) and Fair Credit Reporting Act (FCRA), but also healthcare-specific regulation including the Health Insurance Portability and Accountability Act (HIPAA). The Ethical Dimension: Debt collection requires not simply compliance but sensitivity and recognition that debtors […]
Outsourcing can be an effective way to overcome patient collection challenges. But it can also backfire if the collection agency you contract with uses illegal, unethical or insensitive collection tactics. One of the keys to managing these risks is to include proper legal protections in your services contract. In this article we’ll review the three legal protections you should include in your collection agency contract. Next month, in part two of this article, we’ll concentrate on the seven business provisions you need to ensure that your agency delivers you the highest quality services and support.
Why the contract is so important
Of course, services contracts with your vendors are important no matter what business you are in or which function you outsource. But contract terms are even more important when the service provided is debt collection and the debts collected are medical debts:
-
Liability Risks: Medical debt collection is subject not just to general commercial consumer lending laws like the Fair Debt Collection Practices Act (FDCPA) and Fair Credit Reporting Act (FCRA), but also healthcare-specific regulation including the Health Insurance Portability and Accountability Act (HIPAA).
- The Ethical Dimension: Debt collection requires not simply compliance but sensitivity and recognition that debtors are the client’s customers. And when the client is a medical lab and the customers are patients, conducting the collection process with dignity and respect becomes not only a business but an ethical imperative.
- The Community Dimension: Labs and their representatives must be guided by not just the provider-patient relationship but the mission to serve their community. Unsavory collection practices by your vendors can also generate negative press that harms the reputation you worked so hard to build.
3 essential legal protections
The first thing you need to do is to select a reputable collections agency, preferably one that adheres to industry guidelines like the best practices for medical debt collection created jointly by the Healthcare Financial Management Association and Association of Credit and Collection Professionals. The next step is to ensure your services agreement includes three protections.
1. HIPAA Liability Protection
Problem: To help it collect the debt, you may have to provide the agency what HIPAA defines as “protected health information” (PHI) about patients, including their name and tests performed. In so doing, the agency becomes your “business associate” under HIPAA. Result: If the agency compromises the PHI, you may be liable. Example: The Minnesota Attorney General charged a pair of local hospital systems with failing to protect the privacy of PHI they provided to their debt collection agency/revenue cycle management vendor.
Solution: You and the agency must make a separate agreement called a “HIPAA business associate contract” that:
- Specifies how the agency will use and disclose the PHI you provide;
- Bans agency uses and disclosures for any purpose not expressly allowed under the contract or required by law;
- Requires the agency to take security measures to protect the PHI;
- Requires the agency to provide notification of security breaches or unauthorized uses or disclosures as required by the Health Information Technology for Economic and Clinical Health Act (HITECH);
- Requires the agency to give patients’ access to their own PHI in accordance with HIPAA requirements, e.g., letting patients request copies and amendments to the information;
- Requires the agency to make its books and records available to HHS auditors;
- Requires the agency to destroy the PHI after the agreement ends;
- Requires the agency to hold the subcontractors to which it entrusts your PHI to privacy restrictions at least equivalent to the ones set out in your services agreement; and
- Lets you terminate the contract if the agency violates its privacy obligations.
2. Other Liability Protection
Problem: Agency violations can result in liability to your lab under other laws, including:
- The FDCPA, which bans deceptive or abusive conduct, e.g., calls at odd hours or to the debtor’s employer, to collect consumer debts;
- The FCRA, which requires agencies to investigate and verify accuracy of information about debtors they provide to credit bureaus, medical information companies and other consumer reporting agencies;
- The Gramm-Leach-Bliley Act, which requires agencies to protect the privacy of debtors’ personal information;
- The Federal Trade Commission Act, which bans debt collection activities that constitute deceptive or unfair trade practices;
- The Affordable Care Act, which requires hospitals to use fair billing and debt collection practices; and
- State laws including those banning agencies from harassing, abusing, or deceiving debtors to collect a consumer debt.
Solution: Insert a clause that:
- Requires the agency to comply with all applicable laws;
- Gives you the right to terminate if the agency commits any violations:
Model Language |
Consequences of Noncompliance: Laboratory may, at its sole discretion, treat an Agency violation of the foregoing compliance obligations as a material breach justifying termination of the Services Agreement. |
- Requires the agency to “indemnify,” or repay you for any losses you incur as a result of the violations it commits.
3. Limits on Agency Collection Procedures
Problem: The agency is your representative and its actions reflect on your lab and its reputation.
Solution: Require the agency to follow collection methods and techniques that are sensitive to and consistent with your ethical principles and commitments to patients and community. Three options:
- Specifically describe the procedures the agency will use to collect debts from your patients. Issues to address:
- The point in the patient revenue cycle when the agent will be called in;
- Procedures for pulling back files; and
- Procedures for collecting from different kinds of patients, e.g., self-pay, Medicare/ Medicaid, charitable care, etc.
- Expressly require the agency to adhere to your lab’s own internal policies, procedures and mission statements, which should be attached as Exhibits to the agreement;
- Make adherence to the required patient policies, procedures, and/or mission statements one of the criteria used for evaluating the agency’s performance under the agreement.
Takeaway: When labs outsource collection activities, a written agreement should require the collection agency comply with various laws affecting healthcare and debt collection and follows lab policies and procedures.
Subscribe to view Essential
Start a Free Trial for immediate access to this article