LETTER TO COLLECTION AGENCY ON MEDICAL

ACCOUNT REPORTING WITH A BALANCE DUE

LETTER TO COLLECTION AGENCY ON MEDICAL
ACCOUNT REPORTING AS PAID
PLUS FOLLOW UP DISPUTE LETTER FOR BOTH TO
CRA
THIS IS ONLY TO BE USED WHEN THE HIPAA LETTER TO THE OC CAN NOT BE
IMMEDIATELY USED
COLLECTION AGENCY VALIDATION/DISPUTE/CEASE AND DESIST
Use this IN IT'S ENTIRETY. DO NOT call them .
Use this letter to notify the agency that the debt is beyond SOL, or is invalid for other reasons, and
subject to the HIPAA privacy laws. Keep a copy for your files and send the letter certified mail.EVEN
IF YOU HAVE A STREET ADDRESS DO NOT USE THE RETURN RECEIPT AS THE CAs
ARE USING UPS DROP BOXES, SEND IT CERTIFIED ONLY AND PRINT OUT THE ON
LINE PROOF OF DELIVERY FOR THE FOLLOW UP LETTERDo a separate letter for EACH
CRA that the CA is reporting to, make sure the account #'s match the report. You can MAIL them all to
each CA in ONE envelope with one certified mail #
Your Name
123 Your Street Address
Your City, ST 01234
ABC Collections
123 NotOnYourLife Ave
Chicago, IL
Date: _________ CM#____________
Re: Acct # XXXX-XXXX-XXXX-XXXX
To Whom It May Concern:
This letter is being sent to you in response to your attached letter.
If you have nothing in writing use the phrase "recent communication, if you have had NO
communication other than the entry on your report, use this:
"This letter is being sent to you in response to your recent fraudulent verification of an
unknown medical account on my (name of CRA) report"
This is not a refusal to pay, but a notice that your claim is disputed.
Under the Fair Debt Collections Practices Act (FDCPA), I have the right to request validation of the
debt you say I owe you. I am requesting proof that I am indeed the party you are asking to pay this
debt,the date of the alleged medical service, the name of the patient and that there is some contractual
obligation which is binding on me to pay this debt.

Please attach copies of:

Agreement with your client that grants you the authority to collect on this alleged debt,or proof of
acquisition by purchase or assignment. and authorization under subtitle D of the ARRA ,SEC. 13401.
APPLICATION OF SECURITY PROVISIONS AND PENALTIES TO BUSINESS ASSOCIATES OF
COVERED ENTITIES;and SEC. 13407(1) BREACH OF SECURITY.The term breach of
security means, with respect to unsecured PHR identifiable health information of an individual in a
personal health record, acquisition of such information without the authorization of the individual.
Please note that enforcement of penalties against you is covered under the penalty rules of the Omnibus
Final Rule effective 09/23/2013 interpreting and implementing various provisions of the Health
Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act) as issued
11/30/2009 and the penalty rules of the FCRA and FACTA including FACT Act changes final rules
effective July 1, 2010. .
Agreement that bears the signature of the alleged debtor wherein he or she agreed to pay the creditor
and as this is a medical account a copy of any HIPAA authorization.
Please also be advised that this letter is not only a formal dispute, but a request that you cease and
desist any and all collection activities, including reporting of; or verifying of this account on my credit
reports.
Your receipt of this letter will be considered as having granted consent to the taping of any and all
telephone calls to me at my home or business by you or your agents or assigns
I require compliance with the terms and conditions of this letter within 30 days. or a complete
withdrawal, in writing, of any claim.
In the event of noncompliance, I reserve the right to file charges and/or complaints with the OCR on
your HIPAA violations and appropriate County, State & Federal authorities ,the BBB and State Bar
associations for violations of the FDCPA, FCRA, and Federal and State statutes on fraudulent extortion
and illegal collection activities on any account that may be time-barred as well as in violation of (name
of your State) medical privacy rules.
I also hereby reserve my right to take private civil action against you to recover damages.
Sincerely,
Your Name(PRINT OR TYPE DO NOT SIGN)
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Alternate Medical DV for accounts that have been PAIDTO THE REPORTING CA AND
ARE BEING REPORTED AS "PAID COLLECTIONS"
( You MUST send the "medical dispute letter" FIRST and have had the account verified) Keep a copy
for your files and send the letter certified mail ., DO NOT USE THE RETURN RECEIPT, EVEN IF
YOU HAVE A STREET ADDRESS DO NOT USE THE RETURN RECEIPT AS THE CAs ARE
USING UPS DROP BOXES, SEND IT CERTIFIED ONLY AND PRINT OUT THE ON LINE
PROOF OF DELIVERY FOR THE FOLLOW UP LETTER
Do a separate letter for EACH CRA that the CA is reporting to, make sure the account #'s match
the report. You can MAIL them all to each CA in ONE envelope with one certified mail #Do
a separate letter for EACH CRA that the CA is reporting to, make sure the account #'s match the report.

You can MAIL them all to each CA in ONE envelope with one certified mail#
Your Name
123 Your Street Address
Your City, ST 01234
ABC Collections
123 NotOnYourLife Ave
Chicago, IL
Date: _________ CM#____________
Re: Acct # XXXX-XXXX-XXXX-XXXX
To Whom It May Concern:
This letter is being sent to you in response to your recent fraudulent verification of an unknown
medical account on my (name of CRA) report"
This is a notice that your reported claim is disputed.
Under the Fair Debt Collections Practices Act (FDCPA), I have the right to request validation of the
debt . I am requesting proof that I am indeed the party you are reporting on this debt, and there was
some contractual obligation which was binding on me to pay this debt.
Please attach copies of:
Agreement with your client that granted you the authority to collect on this alleged debt,or proof of
acquisition by purchase or assignment. and authorization under subtitle D of the ARRA ,SEC. 13401.
APPLICATION OF SECURITY PROVISIONS AND PENALTIES TO BUSINESS ASSOCIATES OF
COVERED ENTITIES; and SEC. 13407(1) BREACH OF SECURITY.The term breach of
security means, with respect to unsecured PHR identifiable health information of an individual in a
personal health record, acquisition of such information without the authorization of the individual.
Please note that the effective enforcement of penalties against you is under the penalty rules of the
Omnibus Final Rule effective 09/23/2013 interpreting and implementing various provisions of the
Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act) as issued
11/30/2009
Agreement that bears the signature of the alleged debtor wherein he or she agreed to pay the creditor
and as this is a medical account a copy of any HIPAA authorization.
Please also be advised that this letter is not only a formal dispute, but a request that you cease and
desist any and all reporting activities.
Your receipt of this letter will be considered as having granted consent to the taping of any and all
telephone calls to me at my home or business by you or your agents or assigns
I require compliance with the terms and conditions of this letter within 30 days. and a complete
withdrawal, in writing, of any report to any credit reporting agency. In the event of noncompliance, I
reserve the right to file charges and/or complaints with the OCR on HIPAA violations and appropriate
County, State & Federal authorities ,the BBB and State Bar associations for violations of the FDCPA,
FCRA, and Federal and State statutes for fraudulent slander of credit and illegal reporting activities on
an account that is time-barred as well as (name of your State) medical privacy rules.
I also hereby reserve my right to take private civil action against you to recover damages.
Sincerely,
Your Name(PRINT OR TYPE DO NOT SIGN)
-------------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

FOLLOW UP LETTER TO CRA SEND CM DO NOT USE THE RETURN RECEIPT

Dear CRA,
My name is xxxxx xxxxxx , my SS # is xxx xx xxxx.
I am sending this dispute certified mail receipt # xxxx to make sure you receive it.
I have no knowledge or records of account # xxxxx on my report # xxxxx.
I have disputed this unknown medical account with the reporting Collection Agent,( copy enclosed
with proof of their receipt),as per your instructions in your response of xx/xx/xxxx to my dispute of
xx/xx/xxxx and have had no valid response.
Please advise me as to the name and address of the health care provider, the name of the patient, and
the reported date of service,as any account I might have had at one time would be obsolete.
If you can obtain this information, I also would need the name of the person providing this data, and
the manner in which it was provided in order that I may pursue additional legal remedies.
If you are unable to verify and refuse to delete, I will be filing appropriate complaints against you with
the FTC for FCRA and FACTA violations,the OCR for HIPAA violations and appropriate State
authorities.
Please note that as a recipient of private medical data you are also subject to the provisions of subtitle
D of the ARRA ,SEC. 13407(1) BREACH OF SECURITY.The term breach of security means,
with respect to unsecured PHR identifiable health information of an individual in a personal health
record, acquisition of such information without the authorization of the individual. Please note that the
effective enforcement of penalties against you for this breach is under the penalty rules of the Omnibus
Final Rule effective 09/23/2013 interpreting and implementing various provisions of the Health
Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act) as issued
11/30/2009 .
Additionally your Credit Reporting Agency is now subject to Federal consumer financial laws,
including, among others, the FCRA and Title X of the Dodd-Frank Act, and related regulations
including a ban on Abusive Acts or Practices. ( Section 1031 of the Dodd-Frank Act )
.
I also reserve the right to include your Bureau in any legal remedies I pursue.
Very truly yours,
xxxxxx

PLEASE NOTE THAT THE HIPAA LETTER PROGRAM WAS

DESIGNED TO OBTAIN DELETIONS AND TO PAY VALID
MEDICAL BILLS TO THE ORIGINAL HEALTH CARE
PROVIDER. USING PORTIONS OF THE PROGRAM OUT OF
ORDER WILL PREVENT IT FROM WORKING AS DESIGNED
AND WILL PREVENT YOU FROM TAKING A TAX DEDUCTION
FOR MEDICAL PAYMENTS OR OBTAINING A TOTAL
DELETION FROM YOUR REPORTS
LEGAL BASIS FOR HIPAA LETTER PROGRAM

DISPUTE ANY CA ACCOUNT FIRST WITH THE

SPECIAL "MEDICAL"
DISPUTE LETTER
AS THERE MAY BE NO VALID BALANCE DUE
Click on "DISPUTE LETTER" link.
LETTER TO COLLECTION AGENCY MEDICAL
ACCOUNT DV/SOL/CEASE/DESIST
Special Purpose Letter For SOL MEDICAL
Accounts if the account is NOT on your reports
and is over 4 Years old, or as a follow up to the
initial dispute letter
----------------------------------------------------------------------------------------------------------------

HIPAA LETTER
LETTER TO HEALTH CARE PROVIDER
Letter To Health Care Providers

This letter should ONLY be used AFTER the initial dispute letter has provided you
with a documented current relationship between the Health Care Provider and the
reporting CA.
It will ONLY work if the claim is either INACCURATE, or you remit the valid correct amount
due with the letter, and ONLY if you have confirmed a CURRENT relationship between the OC
and the CA.
Please make sure that your payment is in the form of a bank cashiers check or bank money
order,(do not use a postal money order). THIS IS CONSIDERED THE SAME AS A CASH
PAYMENT, that you make a photo copy of the front and back of the remittance, that your
name and address are CLEARLY printed on the remittance, that it is made to the order of THE
ORIGINAL HEALTH CARE PROVIDER, and that you print or type clearly in the
endorsement section "For Deposit Only to the Account of (name of H.C. provider)
(This of course allows your IRS deduction as a medical expense). MAKE SURE that you put
the account # if available ( not the CA account # but from your original billing), in the "for"
section on the front of the money order. If you do NOT have the original account # OR if you
have several accounts with the SAME OC under ONE account #, put the name of the patient,
date of service and patient's SS # in the "for" area.
Send ALL correspondence to the HIPAA COMPLIANCE OFFICE of the HC provider,CMRR. ( If
the OC has changed ownership or moved or gone BK, send it certified WITHOUT the return
receipt requested.) Do NOT "fax" or "e-mail" anything.

FORM LETTER TO ORIGINAL HEALTH CARE PROVIDER

(Your Name)
(address)
(City,State, zip)
s.s.# (social security #)
HIPAA Compliance Office
( health care provider creditor)
(address)
(date)
Dear Sir/Madam;
This letter is in reference to (account #) for services provided to (name of patient) on (date
of service).
In regard to the bill on this account in the amount of ($___):
Insert correct insert here:( see inserts) (a) (b) or (c)
Please be advised that under Federal Statutes. the Fair Credit Reporting Act, (15 U.S.C.
1681 et seq)and (name of your State)'s Consumer Credit Statutes,and subtitle D of the ARRA
,SEC. 13401. APPLICATION OF SECURITY PROVISIONS AND PENALTIES TO BUSINESS
ASSOCIATES OF COVERED ENTITIES;and SEC. 13407(1) BREACH OF SECURITY.The term
breach of security means, with respect to unsecured PHR identifiable health information of
an individual in a personal health record, acquisition of such information without the
authorization of the individual. you may be held liable for the actions of (collection agency
name). Please note that the these liabilities are under the penalty rules of the Omnibus Final
Rule effective 09/23/2013 interpreting and implementing various provisions of the Health
Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act) as issued
11/30/2009
(a) Duty of furnishers of information to provide accurate information.

(1) Prohibition.
(A) Reporting information with actual knowledge of errors.
A person shall not furnish any information relating to a consumer to any consumer reporting
agency if the person knows or consciously avoids knowing that the information is inaccurate.
In addition, the HIPAA and (name of your State)'s Medical Privacy Statutes and the penalty
provisions of the ARRA section D, privacy provisions ,the penalty rules of the HITECH Act as
issued 11/30/2009 and the Omnibus Final Rule effective 09/23/2013 and the FACT Act final
rules effective July 1, 2010.are in effect in this situation.
The Privacy Rules prohibits a covered entity from using or disclosing an individual's protected
health information ("PHI") unless specifically authorized by the individual or otherwise
allowed under the Privacy Rules.
In general, PHI encompasses substantially all "individually identifiable health information"
that is transmitted or maintained in any medium. "Individually identifiable health information"
includes health information that is created or received by a health care provider, health plan,
employer, or health care clearinghouse, and that relates to an individual's physical or mental
health or condition, including information related to an individual's care or the PAYMENT for
such care.
Your furnishing of my account information to (collection agency name), is not in compliance
with HIPAA,or (name of your State}'s Privacy Act, and any subsequent reporting of this
account on my credit reports to (credit reporting bureaus) is a clear violation of Public Law
104-191 ("HIPAA") since there can be no permissible business purpose in divulging protected
health information to anyone on an account once there is no longer any payment due.In
addition the new Omnibus Final Rule states:when patients pay out of pocket in full, they can
instruct their provider to refrain from sharing information.This letter serves as that instruction
You are required under the FCRA and FACTA to accurately report the status of any account to
the credit bureaus, and you are prohibited under the HIPAA and State privacy regulations
from doing so on a PAID account, as there is no longer any permitted business purpose.
Therefore I am requesting you promptly rescind all such account information furnished to
(collection agency) and require them to purge their records of all reference to this account,
and that you insure that any and all reporting of this account is immediately deleted from my
credit reports.
This simple procedure to request the deletion of ALL reference to this account from the
records of ( collection agency name) and to require them to have this account information
deleted in its entirety from my credit reports will resolve this problem completely.
insert the underlined phrase for hospitals
You are also advised that you may be in violation of the Notice of Proposed Procedures for
Charitable Hospitals to Correct and Disclose Failures to Meet Section 501(r) of the Affordable
Care Act.
Please respond, in writing within 10 days that you are processing this request.
I am reserving the right, to take appropriate legal and civil action including reporting to any
applicable regulatory authorities any lack of cooperation or compliance with this request.
I hereby waive my rights under HIPAA and any State Privacy Act for the single purpose of
your transmission of this request and accompanying documentation in any required report
you must make to your E &O insurance carrier.
Sincerely,

signature
(Your Name)
-----------------------------------------------------------------------------------------------------------

INSERTS
.............................................................................. .............................................
(insert a)
Enclosed please find my remittance of ($___) for payment in full of this account.
(insert this if the payment is less than billed)This payment in full is for services as per
the attached fee schedule from XXXX XXXX)
Health Care Billing Charts
or HEALTH CARE BLUE BOOK
Please note, my remittance is payable ONLY to (hc provider) and may not be signed
over or transferred to any third party collection agency, as this would constitute an
additional violation of HIPAA, State Privacy Act rules and the Omnibus Final Rules. .
Copies of this correspondence and a copy of the remittance check may be used for any
further actions with State or Federal agencies
.......................................................................... ..............................................
(insert b)
This account is a billing error.
(1)
It has been paid,( proof of payment attached) .
(2)
It was not properly transmitted in a timely manner to my insurance company.
( Documentation from insurance attached)
(3)
It was submitted to, or should have been submitted to ( name of State) for indigent
care.( Statute # if available)
LOOK UP YOUR STATE
It is not a valid bill and has been properly disputed, therefore I request complete deletion
from all your agent (name of CA)'s records and archives.
.......................................................................... ...............................................
(insert c)
This is not my account,
It has been billed to me in error. and has been properly disputed, therefore I request
complete deletion from all your agent ( name of CA)'s records and archives.
.......................................................................... ................................................

INSTRUCTIONS FOR FOLLOW UP TO "HIPAA" LETTER TO ORIGINAL

CREDITOR HEALTH CARE PROVIDER
ALL FURTHER CORRESPONDENCE SHOULD BE SENT CMRR
123-

Make sure any money order has been deposited ,or you have received a return receipt
from your letter if insert "b" or "c" were used.
Send the follow up letter posted below.
Send a copy of the follow up letter to the OC (legal dept) with the cover letter,(follows
letter to CRA)

4-

If the CRA responds with verification from the CA or the OC, file a complaint with the
HIPAA administration for the OC's , the CA's and the CRA's violation of the privacy rules
of HIPAA,and with any available State's Medical Privacy Act administration.
If they do NOT respond with any verification and the account is NOT deleted, file a civil suit
against the OC and the CA for their liability for violations of the FCRA and FACTA.
5DO NOT under any circumstances, write or correspond with the CA regarding this
matter, any correspondence or communication that YOU instigate, while not a waiver of
your privacy rights under HIPAA, will impede any cause of action you might have as the
non permitted "communication" would have come from YOU.
Please understand, that any CA or CRA now has FULL liability under HIPAA, even if they are
NOT the health provider and/or have no business relationship with them. They are NOW
covered under the provisions of the act for all medical accounts", they are now also subject to
the the penalty rules of the HITECH Act as issued 11/30/2009. if THEY violate, they can also
be named in ALL your filed complaints.
Letter To Cra After HIPAA Letter, send CMRR
Use this AFTER you have received the green card back and received verification that any
money order has been deposited (if using insert "a")
To Equiexptu
Sirs;
This is a dispute of account information on my credit report, (report #)
Please re-investigate (or investigate if you have not previously disputed) the following
disputed account on my credit report.
(give CA name and acct. #)
Please furnish me with verification that (CA name) is reporting this account from (OC
name) for ($ amount) in my name.
I require the identification of the reporting party and the date of their verification.
I require documentation of the authorized HIPAA business relationship between (CA
name)and (OC name) and documentation of your authorized HIPAA business
relationship between yourself and either ( name of CA) or (name of OC).
Please be advised that this request is being made in accordance with the requirements
of the FCRA and FACTA and the privacy rules of the HIPAA and (your State)'s Medical
Privacy Act. Please be advised that you are subject to the penalty rules of the HITECH
Act as issued 11/30/2009 and Omnibus Final Rules effective 09/23/2013.
Please note that your Credit Reporting Agency is now subject to Federal consumer

financial laws, including, among others, the FCRA and Title X of the Dodd-Frank Act, and
related regulations including a ban on Abusive Acts or Practices.( Section 1031 of the
Dodd-Frank Act )
Sincerely,
Ido N Tnow

(Send a copy to the HIPAA Compliance Dept. of the OC health

provider(CMRR) with the following cover letter)
Cover Letter
Your Name
Address
HIPAA Compliance Office
OC Name
Address
Re: Letter of (date of original letter)
Account #(original account #)
Dear Sir or Madam;
Enclosed please find a copy of my letter(s) of dispute to (CRA (s)).
Please note, I am providing you with an additional opportunity to have this account
removed from (CA) and deleted from my credit reports if you have not already done so.
I have no desire to cause you unnecessary difficulty,however,this entry of my private
health care information,on my credit report, for an account that no longer has ANY
permitted business purpose waiver since there is NO payment due, has caused injury to
my credit reputation,and has left me no choice but to proceed with the following:
Upon my receipt of the FCRA and FACTA mandated reply from (CRA),if the account has
NOT been deleted in its entirety,I will take appropriate action to enforce my rights under
the HIPAA, FCRA and FACTA rules and ARRA , including the penalty rules of the HITECH
Act as issued 11/30/2009 and Omnibus Final Rules effective 09/23/2013. and (your
State)'s Consumer Protection and Medical Privacy statutes.
Sincerely,
HIPAA COMPLAINT PROCESS
FILING A HIPAA COMPLAINT
FTC and CFPB COMPLAINT AGAINST CRA
HIPAA AND THE NEW ARRA
Medical Debt Laws -Selected States

PRE HIPAA MEDICAL DISPUTE LETTER TO CRA

PRE HIPAA MEDICAL DISPUTE LETTER TO CRA
You dispute medical accounts this way:
Dear CRA,
My name is xxxxx xxxxxx , my SS # is xxx xx xxxx.
I am sending this dispute certified mail # xxxx to make sure you receive it.
I have no knowledge or records of the following account(s) on my report # xxxxx.
# xxxxx from xxxxxx
Please advise me as to the name(s) and address (es) of the medical provider(s), the date(s) and type(s) of service and to
whom the service(s) was (were) provided, as any account(s) I might have had may be obsolete.
If you can obtain this information, I also would need the name of the person providing this data, and the manner in which it
was provided in order that I may pursue additional legal remedies which may include a complaint against your agency to the
OCR on HIPAA violations.
Please take notice that your Credit Reporting Agency falls within the purview of subtitle D of the ARRA , SEC. 13407(1)
BREACH OF SECURITY.The term breach of security means, with respect to unsecured PHR identifiable health
information of an individual in a personal health record, acquisition of such information without the authorization of the
individual.
You are therefore now subject to the jurisdiction of the OCR for HIPAA violation and the penalty rules of the HITECH Act as
issued 11/30/2009.
Please note that your Credit Reporting Agency is now subject to Federal consumer financial laws, including, among others,
the FCRA and Title X of the Dodd-Frank Act, and related regulations including a ban on Abusive Acts or Practices. ( Section
1031 of the Dodd-Frank Act)
Very truly yours,
xxxxxx