Privacy/Compliance
Debt Collection Compliance
Receivable Solutions LLC works hard to maintain strict compliance with all governing laws and regulations in our industry.
Healthcare Revenue Cycle Compliance
Governing Agency and Laws
Debt Collection in the United States is regulated by the Federal Trade Commission (FTC). Major statutes are defined in The Consumer Credit Protection Act (CCPA) and the Fair Credit Reporting Act (FCRA), respectively Public Law 90-321, originally enacted on May 29, 1968, and Public Law 91-508, enacted on April 25, 1971. The CCPA was subsequently amended with The Fair Debt Collection Practices Act (FDCPA), or Public Law 95-109, which was passed on September 20, 1977 and has itself been subsequently updated. You can order a free hard copy of the FDCPA at the FTC Bureau of Consumer Protection or download a free PDF. Debt collection is also regulated by the Consumer Financial Protection Bureau. The CFPB is an independent agency of the United States government designed to protect consumers in the area of finance.
Specific regulations apply to debt collection practices depending on the type of debt under consideration. For example, medical collections must adhere to the applicable statutes within the Health Insurance Portability and Accountability Act (HIPAA), or Public Law 104-191, enacted on August 21, 1996 and its stated privacy requirements. HIPAA’s “Privacy Rule” and the U.S. Department of Health and Human Services (HHS) identifies Protected Health Information (PHI) as “‘individually identifiable health information’ held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral.” You can download a free PDF of The HIPAA here.
Communications Medium Specific Regulations
Additional regulations apply to debt collection practices depending on the methodology used for debt collection. For example, the Telephone Consumer Protection Act (TCPA), or Public Law 102-243, passed on December 20, 1991 applies to debt collection agencies using the telephone as a medium to do their work. The TCPA is governed by the Federal Communications Commission (FCC) and covers things such as permitted times of day for collections calls and the legality of automated dialing technology.
Purpose of Compliance Regulations
The stated purpose of the Fair Debt Collection Practices Act is to “eliminate abusive debt collection practices by debt collectors, to insure that those debt collectors who refrain from using abusive debt collection practices are not competitively disadvantaged, and to promote consistent State action to protect consumers against debt collection abuses.”
National Service Bureau Code of Ethics
At NSB we promote a strict “Code” of Ethics in an effort to self-regulate our collections processes above and beyond the legal requirements of the Consumer Credit Protection Act and the FDCPA. National Service Bureau adheres to ACA International’s Code of Ethics. The code applies to all owners and employees of NSB and is enforced through an internal auditing process. The intent of the NSB code is to promote a culture of personal integrity and honest business practices and to maintain the highest standards of fair behavior in the collections industry.
Fair Debt Collection Practices Act
There are nine sections (804. – 812.) in the Fair Debt Collection Practices Act that govern collection agency behavior. Note: the term “consumer” is used in place of “debtor” in the FDCPA script. An overview of the respective sections and a brief description of the consumer relevant information is as follows:
Acquisition of Location Information
This section governs what a collection agency representative can say, what he or she must say, when he or she must say it, and the various types of allowed and prohibited communication when speaking to someone other than the actual consumer (the individual who owes or allegedly owes payment) for the purpose of obtaining location information about the consumer.
Communication in Connection With Asset Receivables Collection
This section discusses communication between a collection agency representative and the actual consumer. Reasonable hours for asset receivables collection practices are defined as those between local business hours. Additionally, Section 805 discusses the conditions upon which an asset receivables collection agent must cease communication with the consumer, related third parties, and/or when he or she must consult with the consumer’s attorney.
Harassment or Abuse
This prohibits the use of violent threats, profane language, non-transparent telephone practices intended to harass or annoy, and the sale of debt as a means to coerce asset receivables payment. Additionally it defines the organizations to whom collection firms can report persons or businesses that fail to pay the amount owed.
False or Misleading Representations
This prohibits a collection agency from making false or misleading representation of themselves and/or the asset receivables collection process. Amongst its included prohibitions are the following:
- Identifying themselves as a member of or affiliated with the United States government or fabricating documentation that might lead to such a conclusion.
- Misrepresenting themselves, the nature of their involvement, relevant information, and/or legal documentation relating to the asset receivables collection process.
- Threatening legal action to include seizure, garnishment, or sale of property that is not legally planned or possible.
- False representation that asset receivables have been turned over to innocent purchasers when they have not.
Unfair Practice
This prohibits a collection agency from engaging in “unfair” or “unconscionable” asset receivables collection practices. Amongst its included prohibitions are the following:
- Collection of an amount not specified in the agreement or permitted by law.
- Solicitation or acceptance of, and/or depositing a postdated check under certain circumstances.
- Taking or threatening to take nonjudicial action to effect the dissolution or disablement of property under certain circumstances.
- Certain communication practices such as the use of post cards or extraneous symbology on asset receivables collection letters.
Validation of Asset Receivables
This mandates certain actions for asset receivables collection agencies to be completed in writing during or within five days of initial communication. Amongst the stated requirements are the following:
- The amount of receivable.
- The creditor’s name.
- A statement that the receivable will be assumed valid if the consumer does not dispute it within 30 days of written notice.
- A statement that the original creditor (if different than the current creditor) will be made known to the consumer within 30 days of written notice if so requested by the consumer in writing.
Multiple Receivables
This specifies that collection agencies in receipt of payments from a consumer with multiple outstanding assets payable may not apply the payment to a disputed payable and must apply it according to the specifications outlined by the consumer where applicable.
Legal Actions by Account Receivables Collectors
This specifies the legal jurisdiction in which a suit may be filed in relation to receivables collection.
Furnishing Certain Deceptive Forms
This prohibits asset receivables collection agencies from furnishing forms that insinuate persons and/or organizations other than the creditor are participating in the collection of or an attempt to collect the specified receivable when in fact such persons and/or organizations are not participating.
Health Insurance Portability and Accountability Act
The requirements of HIPAA are outlined in Title 45 CFR (Code of Federal Regulations), Part 160 – General Administrative Requirements, Part 162 – Administrative Requirements, and Part 164 – Security and Privacy. Part 164, Subparts C, D, and E deal more specifically with HIPAA’s privacy rule. You can find a consolidated summary of HIPAA’s privacy regulations here.
An overview of HIPAA’s most relevant sections, their requirements, and their applicability to RSi in its capacity as a medical collections agency, or a collections agency dealing with Protected Health Information (PHI) is as follows:
Part 164 Subpart C - Security Standards for the Protection of Electronic PHI
Section 164.306 discusses the covered entities, business associates, and their obligations regarding PHI. Paragraph (a) General Requirements requires National Service Bureau to ensure the confidentiality, integrity, and availability of PHI received, maintained, or transmitted by RSi and its workforce and guard against reasonably anticipated security threats to such information.
Sections 164.308 – 164.312 discuss administrative safeguards, physical safeguards, and technical safeguards for handling PHI. Administratively, business entities (such as National Service Bureau) are required to implement policies and procedures to prevent, detect, contain, and correct security violations. NSB’s procedures are overseen by a compliance officer that monitors risk management measures, imposes sanctions against workforce members that fail to comply, conducts system audits, and publicizes policy guidance. Physical safeguard requirements include facility security and physical security of electronic information systems. Technical safeguards include software security features such as unique user identification, automatic logoff, encryption and decryption, and emergency access procedures.
Sections 164.314 – 164.316 discuss policies, procedures, and documentation requirements for business entities such as Nation Service Bureau that deal with PHI. Organizational requirements include mandatory business contract and subcontract inclusions, reporting requirements, and implementation specifications. Procedural mandates include time specifications for record retention, document availability and policy review and update requirements.
Part 164 Subpart D - Notification in the Case of Breach of Unsecured PHI
Section 164.404 discusses notification requirements to the individual whose Protected Health Information was disclosed (“breached”) in an unauthorized manner. Breach includes the acquisition, access, use, or disclosure of PHI and must be reported without unreasonable delay and in no case later than 60 calendar days to the affected individual. Additional requirements include provision of a description of what happened, written notice by first-class mail, and a toll-free number where individuals can learn the details of the incident.
Sections 164.406 – 164.408 discuss publicity requirements relating to the media and the Secretary of Health and Human Services for major breaches (more than 500 residents of a State or jurisdiction) as well as log requirements for breaches of less than 500 individuals.
Part 164 Subpart E - Privacy of Individually Identifiable Health Information
Sections 164.502 – 164.504 discuss general rules and organizational requirements regarding the disclosure of PHI. Included are those times when disclosure is required, prohibited uses and disclosure of PHI, rules regarding the sale, transfer, merger, or consolidation of PHI, and implementation specifications for businesses handling PHI.
Sections 164.508 – 164.514 discuss those uses and disclosures of PHI for which an authorization from the affected individual is required, those that require an opportunity for an individual to agree or to object, and those for which an opportunity to agree or to object is not required.
Telephone Consumer Protection Act
The TCPA is published as Act 47 United States Code (USC) Section 227. It outlines restrictions on the use of automated telephone equipment (equipment that is able to store or generate and then subsequently call telephone numbers using a random or sequential number generator). An overview of the TCPA’s most relevant sections, their requirements, and their applicability to RSi in its capacity as a debt collections agency that uses telecommunications as one of several mediums to facilitate the collection of debt is as follows:
The TCPA prohibits the use of automated dialing systems or the use of a prerecorded voice to contact emergency lines (such as 911), guest or patient rooms in hospitals or similar establishments, and telephone lines where the recipient is charged for the call.
Fair Credit Reporting Act
The Fair Credit Reporting Act (FCRA) is a United States federal law that regulates the collection, dissemination, and use of consumer information, including consumer credit information. Along with the Fair Debt Collection Practices Act (FDCPA), it forms the base of consumer credit rights in the United States. It was originally passed in 1970, and is enforced by the US Federal Trade Commission and private litigants.
New Mexico Collection Regulatory Act
We comply with the New Mexico Collection Regulatory Act. For the full text of the act, click here.
Information Collection and Use
RSi, or third parties designated by RSi, collects personally identifiable and non-personally identifiable information (such as name, employer, email address, and phone number) from users who complete Information Forms in a variety of ways. RSi is the sole owner of all the information collected on the website and may use any and all of the information collected in any manner whatsoever that it deems appropriate for business purposes in its sole discretion. We do not sell or give your data to third parties without consent. SMS Consent or phone numbers are not shared for the purpose of SMS with third parties or affiliates.
Links
The website contains links to other Internet sites. Please be aware that RSi is not responsible for the privacy practices of such other Internet sites. We encourage our users to be aware when they leave the website and to read the privacy statements of each Internet site that collects personally identifiable information. This Privacy Policy applies solely to information collected by RSi’s website.
Security
When you submit information via the website forms, RSi, or third parties designated by Invicta, takes certain precautions to protect your user information both online and offline.
Notification of Changes
If we decide to change our privacy policy, we will post those changes so that our users are always informed.