PLEASE NOTE THAT THE HIPAA LETTER PROGRAM WAS DESIGNED TO OBTAIN DELETIONS AND TO PAY VALID MEDICAL BILLS TO THE ORIGINAL HEALTH CARE PROVIDER. USING PORTIONS OF THE PROGRAM OUT OF ORDER WILL PREVENT IT FROM WORKING AS DESIGNED AND WILL PREVENT YOU FROM TAKING A TAX DEDUCTION FOR MEDICAL PAYMENTS OR OBTAINING A TOTAL DELETION FROM YOUR REPORTS

LEGAL BASIS FOR HIPAA LETTER PROGRAM

DESIST
Special Purpose Letter For SOL MEDICAL Accounts if the account is NOT on your reports and is over 4 Years old, or as a follow up to the initial dispute letter

-----------------------------------------------------------------------------------------------------------------

HIPAA LETTER

LETTER TO HEALTH CARE PROVIDER

Letter To Health Care Providers

This letter should ONLY be used AFTER the initial dispute letter has provided you with a documented current relationship between the Health Care Provider and the reporting CA.

It will ONLY work if the claim is either INACCURATE, or you remit the valid correct amount due with the letter, and ONLY if you have confirmed a CURRENT relationship between the OC and the CA.
Please make sure that your payment is in the form of a bank cashiers check or bank money order,(do not use a postal money order). THIS IS CONSIDERED THE SAME AS A CASH PAYMENT, that you make a photo copy of the front and back of the remittance, that your name and address are CLEARLY printed on the remittance, that it is made to the order of THE ORIGINAL HEALTH CARE PROVIDER, and that you print or type clearly in the endorsement section "For Deposit Only to the Account of (name of H.C. provider)(This of course allows your IRS deduction as a medical expense). MAKE SURE that you put the account # if available ( not the CA account # but from your original billing), in the "for" section on the front of the money order. If you do NOT have the original account # OR if you have several accounts with the SAME OC under ONE account #, put the name of the patient, date of service and patient's SS # in the "for" area.
Send ALL correspondence to the HIPAA COMPLIANCE OFFICE of the HC provider,CMRR. ( If the OC has changed ownership or moved or gone BK, send it certified WITHOUT the return receipt requested.) Do NOT "fax" or "e-mail" anything.

FORM LETTER TO ORIGINAL HEALTH CARE PROVIDER

(Your Name)
(address)
(City,State, zip)
s.s.# (social security #)
HIPAA Compliance Office
( health care provider creditor)
(address)
(date)
Dear Sir/Madam;
This letter is in reference to (account #) for services provided to (name of patient) on (date of service).
In regard to the bill on this account in the amount of ($___):
Insert correct insert here:( see inserts) (a) (b) or (c)
Please be advised that under Federal Statutes. the Fair Credit Reporting Act, (15 U.S.C. § 1681 et seq)and (name of your State)'s Consumer Credit Statutes,and subtitle D of the ARRA ,SEC. 13401. APPLICATION OF SECURITY PROVISIONS AND PENALTIES TO BUSINESS ASSOCIATES OF COVERED ENTITIES;and SEC. 13407(1) BREACH OF SECURITY.—The term ‘‘breach of security’’ means, with respect to unsecured PHR identifiable health information of an individual in a personal health record, acquisition of such information without the authorization of the individual. you may be held liable for the actions of (collection agency name). Please note that the these liabilities are under the penalty rules of the Omnibus Final Rule effective 09/23/2013 interpreting and implementing various provisions of the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act) as issued 11/30/2009
(a) Duty of furnishers of information to provide accurate information.: (1) Prohibition.; (A) Reporting information with actual knowledge of errors.
A person shall not furnish any information relating to a consumer to any consumer reporting agency if the person knows or consciously avoids knowing that the information is inaccurate.
In addition, the HIPAA and (name of your State)'s Medical Privacy Statutes and the penalty provisions of the ARRA section D, privacy provisions ,the penalty rules of the HITECH Act as issued 11/30/2009 and the Omnibus Final Rule effective 09/23/2013 and the FACT Act final rules effective July 1, 2010.are in effect in this situation.
The Privacy Rules prohibits a covered entity from using or disclosing an individual's protected health information ("PHI") unless specifically authorized by the individual or otherwise allowed under the Privacy Rules.
In general, PHI encompasses substantially all "individually identifiable health information" that is transmitted or maintained in any medium. "Individually identifiable health information" includes health information that is created or received by a health care provider, health plan, employer, or health care clearinghouse, and that relates to an individual's physical or mental health or condition, including information related to an individual's care or the PAYMENT for such care.
Your furnishing of my account information to (collection agency name), is not in compliance with HIPAA,or (name of your State}'s Privacy Act, and any subsequent reporting of this account on my credit reports to (credit reporting bureaus) is a clear violation of Public Law 104-191 ("HIPAA") since there can be no permissible business purpose in divulging protected health information to anyone on an account once there is no longer any payment due.In addition the new Omnibus Final Rule states:when patients pay out of pocket in full, they can instruct their provider to refrain from sharing information.This letter serves as that instruction
You are required under the FCRA and FACTA to accurately report the status of any account to the credit bureaus, and you are prohibited under the HIPAA and State privacy regulations from doing so on a PAID account, as there is no longer any permitted business purpose.
Therefore I am requesting you promptly rescind all such account information furnished to (collection agency) and require them to purge their records of all reference to this account, and that you insure that any and all reporting of this account is immediately deleted from my credit reports.
This simple procedure to request the deletion of ALL reference to this account from the records of ( collection agency name) and to require them to have this account information deleted in its entirety from my credit reports will resolve this problem completely.
insert the underlined phrase for hospitals
You are also advised that you may be in violation of the Notice of Proposed Procedures for Charitable Hospitals to Correct and Disclose Failures to Meet Section 501(r) of the Affordable Care Act.
Please respond, in writing within 10 days that you are processing this request.
I am reserving the right, to take appropriate legal and civil action including reporting to any applicable regulatory authorities any lack of cooperation or compliance with this request.
I hereby waive my rights under HIPAA and any State Privacy Act for the single purpose of your transmission of this request and accompanying documentation in any required report you must make to your E &O insurance carrier.

Sincerely,
signature
(Your Name)

------------------------------------------------------------------------------------------------------------

INSERTS

(insert a): Enclosed please find my remittance of ($___) for payment in full of this account.; (insert this if the payment is less than billed)This payment in full is for services as per the attached fee schedule from XXXX XXXX); Health Care Billing Charts
or HEALTH CARE BLUE BOOK; Please note, my remittance is payable ONLY to (hc provider) and may not be signed over or transferred to any third party collection agency, as this would constitute an additional violation of HIPAA, State Privacy Act rules and the Omnibus Final Rules. .

Copies of this correspondence and a copy of the remittance check may be used for any further actions with State or Federal agencies

(insert b): This account is a billing error.
(1): It has been paid,( proof of payment attached) .
(2): It was not properly transmitted in a timely manner to my insurance company.( Documentation from insurance attached)
(3): It was submitted to, or should have been submitted to ( name of State) for indigent care.( Statute # if available); LOOK UP YOUR STATE
It is not a valid bill and has been properly disputed, therefore I request complete deletion from all your agent (name of CA)'s records and archives.

(insert c): This is not my account,; It has been billed to me in error. and has been properly disputed, therefore I request complete deletion from all your agent ( name of CA)'s records and archives.

.......................................................................... ................................................

INSTRUCTIONS FOR FOLLOW UP TO "HIPAA" LETTER TO ORIGINAL CREDITOR HEALTH CARE PROVIDER

ALL FURTHER CORRESPONDENCE SHOULD BE SENT CMRR

1-: Make sure any money order has been deposited ,or you have received a return receipt from your letter if insert "b" or "c" were used.
2-: Send the follow up letter posted below.
3-: Send a copy of the follow up letter to the OC (legal dept) with the cover letter,(follows letter to CRA)
4-: If the CRA responds with verification from the CA or the OC, file a complaint with the HIPAA administration for the OC's , the CA's and the CRA's violation of the privacy rules of HIPAA,and with any available State's Medical Privacy Act administration.
If they do NOT respond with any verification and the account is NOT deleted, file a civil suit against the OC and the CA for their liability for violations of the FCRA and FACTA.
5-: DO NOT under any circumstances, write or correspond with the CA regarding this matter, any correspondence or communication that YOU instigate, while not a waiver of your privacy rights under HIPAA, will impede any cause of action you might have as the non permitted "communication" would have come from YOU.