Back in the 1980s, as personal computers started to proliferate in everyday society, the problem of unauthorized access to medical information started to become a very real threat.  By the mid-1990s, when it became impossible to run a medical office without digitizing each patient’s health record, the problem came to a head.  Those who worked in the industry could expect to encounter a different system in which personal information was stored as well as different protocols for handling this sensitive information at each office that he/she worked at or with.  Compounded with laws such as the mid-1970s Privacy Act and the emerging prevalence of HIV/AIDS and substance abuse, the federal government had the insight to understand that if they did not pass a law that regulated how private, sensitive health information was stored, transmitted, and shared, a disaster would be looming on the horizon.

Thus, the Health Insurance Portability and Accountability Act of 1996 was passed, after much debate and a failed (but commendable) attempt at complete health care reform by then-First Lady Hillary Clinton.  This law is known in the industry by its acronym, HIPAA, and penalties for violations can be very, very stiff.  HIPAA is a huge and complex law, but for the sake of our discussion here, we are going to be focusing on one of its major functions – limiting the type, amount, and method in which protected health information, or PHI, is shared.


How does HIPAA Affect my Credit?

So, you’re probably thinking, “Okay, well that’s all good and well, but what does this law help remove negative medical bills from my credit?”  Since that is the topic of this post, we’ll dive right into it.

First, HIPAA limits the information that can be shared to information that is vital to the course of the patient’s treatment.  For instance, if your primary/family physician refers you to a gastroenterologist for a colonoscopy, the GI doctor can access the family doctor’s records that resulted in the referral, while any other health history of the patient not required for treatment would require that you sign a “release form,” that consents to the sharing and explains your privacy right under HIPAA.  So, under the same provisions of the law, the only thing that is shared with a medical collection agency is the amount owed.  Because of this, some crafty letter writing can greatly improve your chances of getting these accounts removed.

So, when you start on your credit repair journey, and you notice medical debt on your report, get out the pen and paper and get ready to draft some correspondence.  In drafting these letters, remember the following:


  1. A note about Section 609: Under Section 609 of the Fair Credit Reporting Act, a creditor or collector must provide you with a copy of the original, signed consumer contract, sales agreement, or other initiating documentation (financial responsibility agreement for medical bills) once it is demanded by a consumer.  Initiating this process is known in the industry as a “609 dispute.”  However, many consumers believe that this is a magic bullet to remove all negative items from their credit reports.    It is not, and before you start down this road, make sure you understand what you are asking for in a 609 letter.  For more information on the 609 process, our blog is being continually updated with tons of information, including a plethora of information on the dispute process.  Additionally, you can find the full text of Section 609 by clicking here.


  1. How HIPAA affects 609 disputes: Because of the restrictions on the shared of protected health information, HIPAA can make validating a debt next to impossible for a collection agency.  Because the only information that can be shared is the amount owed, once a customer disputes the validity of a medical collections account and demands copies of original records, the collection agency may have no choice but to go ahead and remove the item from your credit report.  HIPAA allows for fines in the amount of $10,000 per violation, which can easily amount to hundreds of thousands of dollars in the event of a patient’s entire medical record being shared.  What’s even worse for them is that these funds for violations are paid directly to you, which makes the entire idea of collecting the medical debt a catch-22. Because of this – and because these potential fines can sometimes be far greater than the amount of the debt itself – many agencies are unwilling to pursue these debts any further.  Then, in the event that they do not validate the debt, a simple demand for removal will result in the credit bureau removing the negative item.  As mentioned above, though, the 609 provision is not a magic bullet, and it does not apply to all circumstances.  However, either way, initiating the dispute by questioning the validity of the debt is always the method you will want to use to initiate the dispute process itself.



  1. Find and read your “HIPAA Statement” from your doctor carefully: Many offices have become wise in their paperwork that you signed before initiating treatment.  Since HIPAA has been around for 20+ years at the time of this posting, it no longer holds the “new law” status that it did many years ago, and the allowed and disallowed uses of PHI to all players involved, including collection agencies.  If you signed a release for your information to be shared with collection agencies at the time of your treatment, or if the medical office does their billing and collections services in-house, your ability to use the HIPAA/609 strategy will not be as effective. However, if you do not see anything related to the collection of any remaining balance and your consent to share PHI with collectors of such balances, you have a very good chance at having your items deleted by the collection agency’s failure to validate the debt.


  1. What happens if the medical collections agency does transmit and release the originals? This is where it gets fun.  Besides the original restrictions on sharing the information of patients with medical collections agencies, the law also restricts how the information can be shared.  For instance, in order to send PHI via fax, it must be a secure fax line, email transmission must be encrypted, etc.  While this is required by the law, such specialized communication is not something that all collection agencies possess.  Thus, in the event that you are furnished with original treatment records by a collection agency, you can not only challenge them for HIPAA violations for the sharing of the information but for the method in which it was shared also.  This raises the potential for multiple violations of HIPAA that are related to a single account, which is something a collection agency will want to avoid.

Besides these tips, it is a good idea that, when you start this process, you keep immaculate records.  Some tips for doing so include:

  • Make sure to make hard copies of all correspondence and documentation. The rule of thumb is to make triplicate copies of everything and put it in a clearly-marked office folder.
  • Make sure that the letters you send to medical letters come across as informative and firm, not accusatory, aggressive, or threatening.
  • Don’t call or email collection agencies – break out the paper and pen and send a handwritten letter, preferably in blue ink.
  • Always send correspondence via Certified Mail and require a signature for delivery.

For more information understanding HIPAA as a whole, there is no better resource than this HIPAA Compliance Guide.



While HIPAA and Section 609 are not cure-all devices by which to remove negative medical balances from your credit report, they can certainly be used as leverage.  So, once you have drafted your initial letter disputing the validity of the debt and requesting original copies of your treatment records and consent for treatment, wait until the collection agency replies to you.  If they do respond instead of simply killing the collection of the bill by not responding (in which case you demand for the credit bureau to delete it), then you will want to create a cordial, yet stern, letter in reply.  In this letter, hold fast to your position and let them know that you plan to initiate proceedings against them for violations of HIPAA.  Instead of simply quoting the name of a law, explain in the letter that you completely comprehend the violation and that you fully intend to pursue all available monetary damages for their violations of HIPAA.  Make sure to send the reply as a hard copy using Certified Mail with signature required.  In sum, it is very important to realize that, while these avenues may not work in every single situation involving negative medical balances, it is a very good tool to put in your credit repair toolkit.


Source Material

  1. The 760Credit Blog. Retrieved from
  1. Federal Trade Commission. Text of Section 609 of the Fair Credit Reporting Act.  Retrieved from:
  1. HIPAA Journal. HIPAA Compliance Guide (downloadable).  Retrieved from