Skip to main content
Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • FTC, HHS say tracking technology may impermissibly disclose personal health data

    Privacy, Cyber Risk & Data Security

    On July 20, the FTC and U.S. Department of Health and Human Services for Civil Rights issued a joint letter cautioning hospitals and telehealth providers of the risks related to the use of online tracking technologies within their systems that may impermissibly disclose consumers’ personal data to third parties. Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, said “when consumers visit a hospital’s website or seek telehealth services, they should not have to worry that their most private and sensitive health information may be disclosed to advertisers and other unnamed, hidden third parties.” According to the letter, recent research has highlighted concerns about the use of technology to track users’ online activities and sensitive data including, health conditions, diagnoses, medications, medical treatments, frequency of visits to health care professionals, and where an individual seeks medical treatment. The FTC warned that the impermissible disclosures of personal data can result in identity theft, financial loss, discrimination, and more. The letter included a reminder that under the FTC Act and the FTC Health Breach Notification Rule, even if they are not covered by HIPAA, hospitals and telehealth providers remain obligated to protect against impermissible disclosures of personal health information.

    Privacy, Cyber Risk & Data Security Federal Issues FTC FTC Act Consumer Protection Health Breach Notification Rule Department of Health and Human Services

  • CFPB launches medical-debt inquiry with HHS and Treasury

    Agency Rule-Making & Guidance

    On July 7, the CFPB, Department of Health and Human Services, and the Treasury Department announced they are looking into high-cost specialty financial products such as medical credit cards and installment loans used by patients to pay for health care. These products, the agencies explained, were once primarily used to pay for medical treatments not traditionally covered by health insurance but may now be more widely used even when medical care may be covered by insurance or financial assistance. The agencies released a request for information (RFI) seeking feedback on a range of topics, including costs associated with medical payment products, how prevalent the products are, health care providers’ incentives to offer these products to patients, and whether patients fully understand the risks and consequences associated with medical payment products.

    Specifically, the agencies are soliciting comments “on whether these products may allow health care providers to operate outside of a broad range of patient and consumer protections.” Feedback is also requested on whether use of these products is contributing to health care cost inflation, displacing hospitals’ provision of financial assistance, causing patients to pay inaccurate or inflated medical bills, increasing the amount patients must pay due to financing costs, or otherwise contributing to consumer harm, including through downstream credit reporting and debt collection practices. The agencies also want to know if using these products is creating disparities across different demographic groups, as well as policy options to protect consumers from harm.

    The agencies commented that the RFI will assist in their understanding of consumer harms and financial challenges caused by specialty medical payment products and will serve to guide next steps, including future Bureau actions focusing on credit origination, debt collection, and credit reporting practices of the financial companies that originate and service these products.

    Comments on the RFI are due within 60 days of publication in the Federal Register.

    Additionally, the Bureau is hosting a hearing on July 11 to address medical billing and collection concerns with a focus on medical payment products.

    Agency Rule-Making & Guidance Federal Issues CFPB Department of Health and Human Services Department of Treasury Credit Cards Consumer Finance Installment Loans

  • HHS releases health care cybersecurity guide

    Privacy, Cyber Risk & Data Security

    On March 8, the Department of Health and Human Services (HHS) released a cybersecurity implementation guide to assist public and private health care sectors prevent cybersecurity incidents. The Cybersecurity Framework Implementation Guide was developed jointly with the Administration for Strategic Preparedness and Response and the Health Sector Coordinating Council Cybersecurity Working Group. Substantial contributions to the guide were also provided by the National Institute for Standards and Technology (NIST) and other federal agencies. HHS explained that the guide is intended to help health care organizations implement the 2018 NIST Framework for Improving Critical Infrastructure Cybersecurity using their existing security measures, stating that the guide should be used to assess current cybersecurity practices and risks and identify gaps for remediation. Among other things, the guide (i) outlines risk management principles and best practices; (ii) provides common language for addressing and managing cyber risk; (iii) lays out a structure for applying cyber risk management; and (iv) identifies “effective standards, guidelines, and practices to manage cybersecurity risk cost-effectively based on business needs.”

    Privacy, Cyber Risk & Data Security Agency Rule-Making & Guidance Federal Issues Department of Health and Human Services NIST

  • Biden orders agency action on medical debt

    Federal Issues

    On April 11, the Biden administration released a Fact Sheet regarding an initiative to decrease “malicious” and “predatory” billing and collection practices related to medical debts, including holding medical providers and debt collectors “accountable for harmful practices.” According to the Fact Sheet, the administration has ordered several agencies to take actions intended to “lessen the burden of medical debt and increase consumer protection.” The Fact Sheet provides “guidance to all agencies to eliminate medical debt as a factor for underwriting in credit programs,” and states, among other things, that the: (i) FHFA is reviewing the credit models that Fannie Mae and Freddie Mac use; (ii) USDA is discontinuing “the inclusion of any recurring medical debts into borrower repayment calculations”; and (iii) VA is reviewing its underwriting guidelines to ensure it minimizes or eliminates medical debt reporting as a proxy for creditworthiness. Additionally, the Fact Sheet noted that the Department of Health and Human Services is requesting data from over 2,000 providers on medical bill collection practices, lawsuits against patients, financial assistance, financial product offerings, and third party contracting or debt buying practices. The Fact Sheet also noted that the CFPB “will investigate credit reporting companies and debt collectors” in regard to “patients’ and families’ rights,” which includes targeting “coercive credit reporting” and determining whether medical debts should be included in consumer credit reports.

    Federal Issues Biden Consumer Finance Medical Debt FHFA Freddie Mac Fannie Mae USDA Department of Veterans Affairs Department of Health and Human Services

  • CFPB looks at removing medical debt from credit reports

    Federal Issues

    On March 1, the CFPB announced plans to review whether data on unpaid medical bills should be included in consumer credit reports. The Bureau stated in its report, Medical Debt Burden in the United States, that research found $88 billion in medical debt on consumer credit reports, accounting for 58 percent of all uncollected debt tradelines reported to credit reporting agencies (CRAs). “Our credit reporting system is too often used as a tool to coerce and extort patients into paying medical bills they may not even owe,” CFPB Director Rohit Chopra said in a statement.

    The Bureau noted that medical debt is often less transparent than other types of debt, due to opaque pricing, complicated insurance, charity care coverage, and pricing rules, reporting that in many instances, consumers may not even sign a billing agreement until after receiving treatment. Medical debts often end up in collections, the Bureau added, which can cause far-ranging repercussions even if the bill itself is inaccurate or erroneous. The report noted additional challenges for uninsured consumers, as well as for Black and Latino families, consumers with low incomes, veterans, older adults, and young adults of all races and ethnicities. The report further stated that the Covid-19 pandemic has exacerbated the situation, with costs and medical debt expected to increase post-pandemic, and found that medical debt weakens underwriting accuracy, as it is less predictive of future repayment than reporting on traditional credit obligations. The Bureau pointed out that it has seen dramatic effects when newer credit scoring models weigh medical collections tradelines less heavily, but noted that there has been very little adoption of this approach so far.

    The Bureau stated it intends to examine CRAs to ensure they are collecting accurate information from medical debt collectors and expects CRAs to take action against furnishers who routinely report inaccurate information, including cutting off their access to the system. The Bureau also plans to work with the Department of Health and Human Services to make sure consumers are not forced to pay more than the amount due for medical debt. A January compliance bulletin reminded debt collectors and CRAs of their legal obligations under the FDCPA and the FCRA when collecting, furnishing information about, and reporting medical debts covered by the No Surprises Act. The Bureau also recently supported changes by the Department of Veterans Affairs to amend its regulations related to the conditions by which VA benefit debts or medical debts are reported to CRAs. (Covered by InfoBytes here and here.)

    Federal Issues CFPB Consumer Finance Medical Debt Credit Reporting Agency Covid-19 FDCPA FCRA Department of Veterans Affairs Department of Health and Human Services Debt Collection

  • Supreme Court blocks OSHA mandate


    On January 13, a divided U.S. Supreme Court issued an order blocking a Department of Labor’s Occupational Safety and Health Administration (OSHA) rule mandating that employers with 100 or more employees require employees to be fully vaccinated or be subject to a weekly Covid-19 test at their own expense. However, in a separate order the Court allowed a separate rule issued by the Department of Health and Human Services requiring Covid-19 vaccinations for health care workers (unless exempt for medical or religious reasons) at Medicare- and Medicaid-certified providers and suppliers to take effect.

    In November, the U.S. Court of Appeals for the Fifth Circuit issued a nationwide stay on the emergency temporary standard (ETS) that included the mandate to employers, describing enforcement of the ETS illegitimate and calling the OSHA rule “unlawful” and “likely unconstitutional.” (Covered by InfoBytes here.) However, last month, the 6th Circuit lifted the stay in a 2-1 ruling, stating that “[b]ased on [OSHA’s] language, structure and Congressional approval, OSHA has long asserted its authority to protect workers against infectious diseases.” (Covered by InfoBytes here.) The applicants, seeking emergency relief from the Court to reinstate the stay, argued that the rule exceeded OSHA’s statutory authority and is otherwise unlawful.

    In agreeing that the applicants are likely to prevail, the Court majority granted the application for relief and stayed the OSHA rule pending disposition of the applicants’ petitions for review in the 6th Circuit, as well as disposition of any timely petitions for writs of certiorari. “Although Congress has indisputably given OSHA the power to regulate occupational dangers, it has not given that agency the power to regulate public health more broadly,” the majority wrote. Adding that the ETS is a “blunt instrument” that “draws no distinctions based on industry or risk of exposure to COVID-19,” the majority stated that the Occupational Safety and Health Act does not plainly authorize the rule.

    The dissenting judges argued that the majority’s decision “stymies the Federal Government’s ability to counter the unparalleled threat that COVID–19 poses to our Nation’s workers. Acting outside of its competence and without legal basis, the Court displaces the judgments of the Government officials given the responsibility to respond to workplace health emergencies.”

    With respect to the Department of Health and Human Services rule, the Government applied to stay injunctions issued by two district courts preventing the rule from taking effect. In granting the application and staying the injunctions, the majority of the Court found that one of the Department’s basic functions authorized by Congress “is to ensure that the healthcare providers who care for Medicare and Medicaid patients protect their patients’ health and safety,” concluding that “[h]ealthcare workers around the country are ordinarily required to be vaccinated for diseases” and that “addressing infection problems in Medicare and Medicaid facilities is what [the Secretary] does.” 

    In dissent, four justices argued that the efficacy or importance of Covid-19 vaccines was not at issue in assessing the injunctions, stating that the district court cases were about “whether [the Centers for Medicare and Medicaid Services] has the statutory authority to force healthcare workers, by coercing their employers, to undergo a medical procedure they do not want and cannot undo,” and arguing that “the Government has not made a strong showing that Congress gave CMS that broad authority.”

    Courts U.S. Supreme Court Appellate Sixth Circuit OSHA Covid-19 Department of Labor Department of Health and Human Services Fifth Circuit

Upcoming Events