FORM LETTER TO ORIGINAL HEALTH CAREPROVIDER

(Your Name)(address)(City,State, zip)s.s.# (social security #)HIPAA Compliance Office( health care provider creditor)(address)(date)Dear Sir/Madam;This letter is in reference to (account #) for services provided to (name of patient) on(date of service).In regard to the bill on this account in the amount of ($___):Insert correct insert here:( see inserts) (a) (b) or (c)Please be advised that under Federal Statutes. the Fair Credit Reporting Act, (15 U.S.C. §1681 et seq)and (name of your State)'s Consumer Credit Statutes,and subtitle D of theARRA ,SEC. 13401. APPLICATION OF SECURITY PROVISIONS AND PENALTIESTO BUSINESS ASSOCIATES OF COVERED ENTITIES;and SEC. 13407(1)BREACH OF SECURITY.—The term ‘‘breach of security’’ means, with respect tounsecured PHR identifiable health information of an individual in a personal healthrecord, acquisition of such information without the authorization of the individual. youmay be held liable for the actions of (collection agency name). Please note that theeffective date for commencing enforcement of penalties against you for any vicariousliability is February 17, 2009.(a) Duty of furnishers of information to provide accurate information.(1) Prohibition.(A) Reporting information with actual knowledge of errors.A person shall not furnish any information relating to a consumer to any consumer reporting agency if the person knows or consciously avoids knowing that the informationis inaccurate.

In addition, the HIPAA and (name of your State)'s Medical Privacy Statutes and the penalty provisions of the ARRA section D, privacy provisions are in effect in thissituation even though the health care services you provided may have been prior toenactment of HIPAA or ARRA .The Privacy Rules prohibits a covered entity from using or disclosing an individual's protected health information ("PHI") unless specifically authorized by the individual or otherwise allowed under the Privacy Rules.In general, PHI encompasses substantially all "individually identifiable healthinformation" that is transmitted or maintained in any medium. "Individually identifiablehealth information" includes health information that is created or received by a healthcare provider, health plan, employer, or health care clearinghouse, and that relates to anindividual's physical or mental health or condition, including information related to anindividual's care or the PAYMENT for such care.Your furnishing of my account information to (collection agency name), is not incompliance with HIPAA,or (name of your State}'s Privacy Act, and any subsequentreporting of this account on my credit reports to (credit reporting bureaus) is a clear violation of Public Law 104-191 ("HIPAA") since there can be no permissible business purpose in divulging protected health information to anyone on an account once there isno longer any payment due.You are required under the FCRA and FACTA to accurately report the status of anyaccount to the credit bureaus, and you are prohibited under the HIPAA and State privacyregulations from doing so on a PAID account, as there is no longer any permitted business purpose.Therefore I am requesting you promptly rescind all such account information furnished to(collection agency) and require them to purge their records of all reference to thisaccount, and that you insure that any and all reporting of this account is immediatelydeleted from my credit reports.This simple procedure to request the deletion of ALL reference to this account from therecords of ( collection agency name) and to require them to have this account informationdeleted in its entirety from my credit reports will resolve this problem completely.Please respond, in writing within 10 days that you are processing this request.I am reserving the right, to take appropriate legal and civil action including reporting toany applicable regulatory authorities any lack of cooperation or compliance with thisrequest.I hereby waive my rights under HIPAA and any State Privacy Act for the single purposeof your transmission of this request and accompanying documentation in any requiredreport you must make to your E &O insurance carrier.Sincerely,

signature(Your Name)------------------------------------------------------------------------------------------------------------

INSERTS

.............................................................................. .............................................(insert a)Enclosed please find my remittance of ($___) for payment in full of this account.(insert this if the payment is less than billed)This payment in full is for services as per the attached fee schedule from XXXX XXXX)Health Care Billing Charts Please note, my remittance is payable ONLY to (hc provider) and may not be signedover or transferred to any third party collection agency, as this would constitute anadditional violation of HIPAA and State Privacy Act rules .Copies of this correspondence and a copy of the remittance check may be used for anyfurther actions with State or Federal agencies.......................................................................... ..............................................(insert b)This account is in error.It has either been paid, is a billing error,or was not transmitted in a timely manner tomy insurance company.It is not a valid bill and has been properly disputed, therefore I request completedeletion from all your agent (name of CA)'s records and archives........................................................................... ...............................................(insert c)This is not my account,It has been billed to me in error. and has been properly disputed, therefore I requestcomplete deletion from all your agent ( name of CA)'s records and archives........................................................................... ................................................