Financial Advice

Is a Debt Collector Allowed to Know My Medical History?

If you’ve received medical care anytime in the last few years, you’ve no doubt been given medical privacy forms to sign. These forms, required under the Health Insurance Portability and Accountability Act, commonly referred to as HIPAA, are designed to help protect the privacy of sensitive medical information. But what happens when you owe a medical debt and that information is shared with debt collectors? Is that illegal?

Recently two readers shared their questions with us. After what he described as a “heart procedure,” Patrick said he was in financial ruin. In an effort to get his credit back on track, he’s been trying to verify collection accounts. He asked on the blog:

I asked this collection agency to validate the debt, sent them my letter and they validated this bill with a detailed billing statement and exactly what procedures where done. IE blood work, ECG, Heart Cath, Is this protected hipaa information?

Another reader who goes by the screenname “Ronni,” had a similar question:

I live in the state of CA. I asked a collection agency to validate my debt. They shortly after sent me a letter stating that they were going to forward my request to the Hospital it was originally from. They did however provide me with a simple print out of the fee’s. A couple days after that I received (from the Collection Agency) a full print out in detail of treatment/procedures done. My question is was this a HIPAA Violation? I assumed the Hospital would have sent me that info, not the (collection) agency right? Please help!

If you have a medical debt that goes into collection, the collector will not routinely get detailed information about your medical bills or treatments, but if you ask the collector to validate the debt, it’s possible that information may be passed along. Leslie Bender, an attorney for a national collection agency, explains: 

If you specifically ask either a healthcare provider or its collection agency to provide you with verification of the specifics of a medical debt you incurred, you are in essence giving them permission under HIPAA to get you that information and supply it to you. In some instances a collection agency’s client, the Hospital or Physician, may choose to send you that information directly. 

If you don’t want the collector to see or share this information with you, you could request the information directly from the healthcare provider. “Under HIPAA you may request your Hospital or Physician directly to provide you with that information and per HIPAA’s Privacy Rule they too must respond to you,” says Bender. But based on the information our readers shared, her opinion is that “It does not appear that either the collection agency or the hospital violated HIPAA. “

Indeed, the Department of Health and Human Services states on its website that it is “not aware of any conflict between the Privacy Rule and the Fair Debt Collection Practices Act. Where a use or disclosure of protected health information is necessary for the covered entity to fulfill a legal duty, the Privacy Rule would permit such use or disclosure as required by law.” 

Bender notes there may be state laws that relate to medical privacy and so consumers may also want to check with their state attorney general’s office or a consumer law attorney for more information.

Health care bills that go unpaid can seriously affect your credit scores — there are many ways to check your credit scores for free, including through This collections crash course explains your rights and options when dealing with debt collection accounts of all types.

Related Articles

This article originally appeared on

This article by Gerri Detweiler was distributed by the Personal Finance Syndication Network.