In response to the surge in high deductible plans and rising out-of-pocket expenses, many providers are looking for innovative ways to help patients manage medical expenses.
As a result, hospitals and medical groups are creating extended payment options internally and working with outside financing and collections companies. Too often, though, healthcare organizations and their vendors unintentionally fail to comply with increasingly complex regulations and laws, thus exposing providers to increased risk, reputational damage, and potential penalties.
Any provider offering a payment plan may be subject to violations of federal and/or state laws and regulations stemming from compliance failures. That's true even for plans that don't charge interest. And it's true whether the payment programs are interest-bearing credit accounts supplied by banks or other financing companies, installment plans offered by the provider or 0.0 percent interest payment plans provided by early-out vendors.
Cash discounts that hospitals and medical groups offer also may be governed by state and federal laws and regulations.
Changing compliance landscape for healthcare consumer credit
Compliance is increasingly important as regulations grow more exacting and enforcement activities become commonplace. Consumer credit in healthcare, in particular, is receiving greater scrutiny from Congress, state attorneys general, plaintiffs' lawyers, and federal regulators such as the Consumer Financial Protection Bureau and the Internal Revenue Service. Recent high-profile investigations targeting patient data security practices, financing and collection methods include:
- In 2014, the Federal Trade Commission approved a final consent order settling charges against Chicago-based Accretive Health for alleged inadequate data security measures after an employee's laptop containing personal information on 23,000 patients was stolen from a rental car. In force for 20 years, the settlement requires Accretive to establish a comprehensive information security program to protect personal health information and have the program evaluated initially and every two years thereafter by a certified third party.
- In 2013, the CFBP entered into a consent order with GE Capital Retail Bank and its subsidiary, CareCredit, LLC, in which they agreed to refund up to $34.1 million to borrowers who were allegedly subject to deceptive credit card enrollment practices. The New York Attorney General also settled charges against GE Capital Retail Bank and CareCredit, LLC for allegedly engaging in high‑pressure sales tactics and failing to inform consumers of basic credit card terms.
- In 2009, the Minnesota attorney general sued Minneapolis-based Allina Health System for establishing patient payment plans with more than double the rate of interest allowed by state law. Allina agreed to reimburse patients who were overcharged and make other concessions.
New consumer protections set stiff regulatory requirements
These actions and others like them are the result of new, robust consumer protection efforts emanating from local, state and federal regulators initiated in response to the financial crisis of 2008. Stringent enforcement combined with challenging new consumer compliance obligations are adding layers of requirements to any business offering and collecting consumer credit.
Congress held hearings in 2012 and 2013 on debt collection, credit reporting and related consumer financial issues and, importantly, created CFPB as a new, well-staffed federal agency focused on these very issues. The CFPB has broad authority including rule writing, supervision and examination, assessment of civil money penalties and restitution, imposition of compliance and record retention obligations and reporting burdens, and even issuing cease-and-desist orders against businesses involved in consumer financial products.
It also is contemplating extending the scope of the Fair Debt Collection Practices Act to originating creditors collecting their own accounts. This potential change in scope has far-reaching compliance implications for healthcare providers. Also of great significance is the CFPB's expectation that banks and nonbanks are responsible for ensuring their service providers are in compliance with federal consumer protection laws.
5 common compliance traps
Complying with all applicable federal and state laws and regulations requires considerable resources dedicated to tracking new requirements, updating policies and procedures, training, implementation, testing and monitoring. Given the additional difficulty of keeping up-to-date on changing requirements, it's all too easy to fall out of compliance. Some of the most common mistakes are:
1. Unintended discrimination against some patients. While segmenting or screening patients before offering them a payment plan may seem like good business, it may be illegal if it is not done properly. The Equal Credit Opportunity Act and state laws promote access to credit for all creditworthy applicants regardless of such factors as race, national origin, sex, marital status, age and receipt of public assistance. These laws typically cover all dealings between an applicant and creditor, including pre-application procedures, marketing, applications, underwriting criteria used to evaluate creditworthiness, administration of accounts and treatment of delinquent accounts. The Act also requires creditors to provide applicants with an adverse-action notice when an application is denied, an account closed and under some other circumstances.
Noncompliance can result in various penalties, including punitive damages of up to $500,000, or 1 percent of net worth in a class action.
2. Assuming 0.0 percent interest payment plans are exempt. Even when payment plans have no specific finance charge, the federal government and many states may view them as an extension of credit to the extent that the debt owed under the plans is repayable in installments or involves other fees such as late fees or returned check fees or service charges. So providers must not only comply with a variety of federal laws, but they must also track a range of state requirements, including licensing, substantive disclosures in account agreements, and rate and fee limits.
3. Not providing adequate disclosures. The Truth in Lending Act, Regulation Z and similar state laws promote the informed use of credit by requiring meaningful disclosure of credit terms so consumers can readily compare available credit. Hospitals and medical groups that offer payment plans with a finance charge or a written agreement to pay in more than four installments may be considered creditors who are subject to these laws. Providers that offer cash discounts also fall under TILA.
To fulfill legal requirements, providers must provide certain upfront disclosures to patients and for open-end credit as well as ensure compliant billing statements. If a healthcare provider fails to meet the requirements, consumers can bring legal claims against the institution, and they are not required to prove actual harm to obtain an award of damages.
4. Violating collection regulations. In many states, the collection regulations are broad enough to cover all creditors, including providers collecting their own debt. State and local laws restrict when and where a creditor may contact a patient regarding payments, impose written and telephone disclosure requirements, restrict the nature of the conversation a customer representative can have with the debtor and even limit the ability to leave messages. Both federal and state laws also restrict the use of auto-dialers and prerecorded messages to contact consumers.
State laws may impose response requirements for certain situations, such as when patients say they cannot receive calls at work, when patients ask the creditor to stop calling about the debt and when they say they have retained a lawyer to represent them about the debt. Massachusetts regulations even require creditors to notify consumers of their right to have a debt validated by the creditor and require the creditor to suspend collection efforts until the requested validation is provided. Other states prohibit all forms of collection when an account's delinquency period is beyond the statute of limitations for filing suit.
Special rules apply to patients who file for bankruptcy. An automatic stay applies as soon as a creditor receives notice that a patient has filed a petition under the Bankruptcy Code. Bankruptcy courts can impose sanctions against hospitals and medical groups that attempt to collect debts that are subject to the automatic stay or have been discharged — and patients, or their bankruptcy trustees, may sue for violation of the bankruptcy stay.
5. Offering financing to out-of-state patients without complying with their states' laws. Providers' financing programs may be subject not only to the credit and collection laws of their own state but also to the credit laws of other states in which patients reside, depending upon the structure of the program. For example, other states' credit laws might be triggered by advertising in a patient's state even if services are performed in a different state.
Avoiding the compliance traps
As new local, state and federal laws proliferate, the potential for violations is also growing. Government is taking a bold new stance on consumer credit protections while opening up more recourse for patients, including lawsuits. Consumer finance lawsuits against healthcare providers are less common than those against credit card companies and banks, but they do occur. And unlike medical malpractice claims, plaintiffs' lawyers may not need to demonstrate actual harm to the consumer in these cases; a simple, even technical, violation of certain federal and state laws is sufficient to trigger significant statutory fines and other penalties.
Providers, therefore, need to maintain current and thorough knowledge of consumer finance laws, carefully review and regularly update their policies and procedures, analyze their vendors with an eye toward compliance with applicable consumer protection laws and adopt patient-friendly financing programs. Medical institutions also should watch for additional guidance from the CFPB and other federal and state agencies. Although complying with the myriad federal, state and local laws places a heavy burden on providers, failure to do so poses greater risk.
Warren Brasch is CarePayment’s general counsel. In this role, he is responsible for ensuring CarePayment’s patient financing programs comply with federal, state and local consumer credit laws and regulations and promoting appropriate legislative and regulatory reform. Before joining CarePayment in 2012, Brasch served as director, compliance counsel at consumer financial services firm Asset Acceptance. He previously served as chief legal officer for Hometowne Mortgage Services. Brasch earned his J.D. from the University of California, Hastings College of the Law and holds a bachelor of science from the University of Michigan.
More Articles on Healthcare Finance:
21 Hospitals and Health Systems With Strong Finances
What if Medicare Were the Only Payer?
CMS' 2015 IPPS Proposed Rule: 10 Points to Know