top of page
Search

Unpaid Patient Bills? A Psychiatrist’s Guide to HIPAA-Compliant Debt Collection In Private Practice

  • Writer: Beverly Johnson
    Beverly Johnson
  • Oct 9
  • 7 min read

Updated: Oct 29


ree

As providers in outpatient private practice, we know that delivering care is deeply fulfilling. But unpaid patient bills, missed patient co-pays, and no-shows can chip away at the financial foundation that allows us to keep the doors open. And let’s face it- you didn’t pursue a job in healthcare to be a finance wizard. You went into medicine to help people. You need quick, easy, cash management solutions that don’t require a lot of time, thought, or management. To that end, here are my updated, concrete, field-tested tips to reduce financial losses in private practice while maintaining solid patient relationships and staying on strong legal footing.


Key Financial Info to Include in Your Intake Paperwork Packet

Prospective new patient intake packets are about much more than just obtaining relevant clinical information. When properly set up, this paperwork also establishes clear patient payment expectations, setting you up for financial stability. It’s a good idea to require prospective patients to complete and submit the intake paperwork at least 48 hours prior to the first appointment. This gives you time to review, contact patient if needed, and ensures patients aren’t surprised by your policies. Your intake packet should include the following five financial components:

  • Credit card on file + recurring automatic authorization form for automatic payment of co-pays and no-show fees (e.g. “$100 if not cancelled at least 24 hours before appointment”). This website offers sample templates you can integrate in your paperwork for recurring credit card authorization forms as well as recurring ACH authorization forms. You should offer both options to new patients and require that they complete one of the two options prior to the first appointment. That way, you are able to automatically charge their credit card or bank for appointment payments, instead of waiting on them to initiate payment.

  • For times when the patient credit card or ACH bank info on file declines, spell out your late-payment policy structure, which should look something like this:

    • 14 days overdue: First reminder

    • >30 days overdue: 15% late fee added and second reminder

    • 60 days overdue: Practice discharge letter is sent giving patient 30 days to transfer care. You are responsible for refills and any emergency care needs during this 30-day care transition period.

    • 90 days overdue: Outstanding bill(s) are turned over to collection agency and provider-patient relationship is formally terminated

  • Explain your no-show policy and fee structure, which should look something like this: $100 no-show fee charged for any booked appointment that patient does not attend if patient does not cancel it at least 24 hours prior. *Of note, if you accept Medicaid patients, you are not allowed to charge a no-show fee for these patients. Medicare and commercial insurances do allow for no-show fee charges.

  • Notice of Privacy Practices (NPP) section (HIPAA compliant) inserted into intake paperwork, which essentially informs patients up front that their protected health information may be shared with business associates (billing companies, collection agencies) for payment collection, in accordance with HIPAA. Contrary to popular belief, HIPAA does allow for providers to share patient health information for the purposes of billing and collection as long as only the minimum necessary information is conveyed-more on this below.

  • Signature/consent section so patient attests in writing that they understand and agree to the policies.


ree

Use a HIPAA-Compliant Collection Agency

Even with strong policies in place, some patient balances will inevitably go unpaid. It happens to all of us. For these circumstances, collection agencies can help with outstanding balances that are greater than 90 days overdue. Collection agencies typically charge a certain percentage of the recovered money (if recovered), but some money back to you is better than no money back. In my experience, the vast majority of patients pay their unpaid bill once they hear from a collections agency. Not doing so typically results in the collection agency reporting this to the credit bureaus, which will negatively affect credit for years, impacting your ability to obtain credit cards, buy a house, buy a car, etc. These are pretty powerful motivators to pay. So, here’s how to partner with collection agencies ethically and legally:

Identify HIPAA-compliant medical collection agencies that specialize in healthcare collections. Some examples include:

  • Southwest Recovery Services — they advertise many employees trained in health care regulation (HIPAA + FDCPA) and work in medical/healthcare collections. Southwest Recovery Services

  • Integral Recoveries, Inc. — offers “100% HIPAA compliant practices,” healthcare revenue cycle management, early-out / aged accounts, etc. Integral Recoveries Inc.

  • Summit A•R — they provide a HIPAA-compliant portal, let you see real-time status of collections, reports, etc. Summit A•R

  • Revco Solutions — a medical debt collection agency that emphasizes compliance with HIPAA, FTC, etc. Revco Solutions

  • Cedar Financial — licensed third-party medical bill collection agency. Cedar Financial


    Typically, once a balance is 90 days overdue you should send it to collections. This threshold gives enough time for your patient billing reminders, follow-ups, perhaps payment plans, but avoids letting bad debt drag indefinitely. When you send outstanding billing info to your collections agency, only send the minimum necessary information to allow the agency to do its job, while preserving patient privacy. For example, you should send:

  • Patient name

  • Address/contact info

  • Date(s) of service

  • Amount owed

  • Billing/payment history for that specific debt (if needed for validation)

To stay above board with HIPAA, do not send diagnoses, CPT codes, detailed medical narrative, or reasons for visit, since those are sensitive PHI beyond what’s required for payment collection.


ree

Use A Business Associate Agreement (BAA) With Your Collection Agency

Because collection agencies are business associates under HIPAA (they perform “collection activities,” which count toward “Payment” under HIPAA) you need a Business Associate Agreement (BAA) before you share PHI with them. The HIPAA Journal+1. Many of the experienced collection agencies listed below already work in healthcare and have their own BAA you can use, which is the easiest way and my own preferred method. If the collection agency you choose does not have a BAA, don’t worry. Here’s how to get or easily draft one:

  • Use model/sample BAAsHHS provides sample business associate agreement documents. HHS.gov+1There are also free or template versions offered by organizations that specialize in HIPAA compliance. Compliancy Group+1

  • Include required HIPAA provisions in the BAA. Among those:

    • Definitions of “covered entity,” “business associate,” “protected health information (PHI),” etc. HHS.gov+2MedStack+2

    • Permissible uses and disclosures by the business associate. What they can and cannot do with PHI. HHS.gov+1

    • Safeguards: administrative, physical, technical protections to secure ePHI and PHI. HHS.gov+1

    • Requirements to report breaches or unauthorized disclosures. Helpful to include timelines. HHS.gov+1

    • Subcontractor obligations: if the collection agency uses subcontractors who will access the PHI, those subcontractors must also have BAAs and be bound to the same safeguards. HHS.gov+1

    • Return or destruction of PHI when the agreement ends or when the agency no longer needs it. HHS.gov+1

    • Termination clause if the business associate fails materially to comply. HHS.gov+1

  • Negotiate vs accept: As mentioned above, many collection agencies already have BAAs drafted—ask them for it. Review carefully, perhaps with a good healthcare attorney (if you have or can afford one) to make sure their safeguards meet your expectations.

  • Document everything: Keep signed BAAs on file. When you do send unpaid patient bills to collections, keep detailed records of which patients, when, and what information you sent. This can be done within your EMR, or separately. I like to keep a separate list of outstanding patient bills that I can easily review all in one spot, along with current status of each (first reminder sent when 14 days overdue, second reminder with late fee applied with 30 days overdue, discharge letter sent when 60 days overdue and sent to collections status when 90 days overdue).


ree

How It All Fits Together

Here’s a sample outline of how these practices might function in your own private practice, from patient intake to resolution:

>48 h before first visit

Patient signs intake forms with credit card/ACH recurring auth form, co-pay/no-show policy, late fees, discharge terms, HIPAA NPP that includes business associate disclosures. This helps patients understand expectations up front; fewer surprises, better compliance.

Day of service

Charge co-pay; collect any additional owed amounts if possible; remind patients of cancellation/no-show policies. This helps minimize the build-up of small overdue balances.

Follow‐up billing

If payment declines via credit card/ACH that is on file from the intake paperwork, send initial reminder at 14 days past due and then second reminder at 30 days past due with 15% late fee included. Send final late notice at 60 days past due with a patient discharge letter giving the patient 30 days to transition services to another provider. This escalation ensures that your internal payment recapture process is followed before turning things over to collections, and sets a formal, written, 30 day timeline for care transition (which most states require).

90 days overdue

After final attempts, send the outstanding patient bills(s) to your HIPAA-compliant collection agency under a BAA; include only necessary PHI. This hopefully reduces your unpaid receivables.

After collections

If payment is still not recovered, consider writing it off as bad debt; if discharged, ensure patient transitions care. This cleans your books; limits financial risk; maintains professional ethics.

A Word on Legal/HIPAA Notes & Best Practices

As a final reminder, disclosure of patient information to collections is allowed under HIPAA under “Payment” section, as long as it is the minimum necessary PHI and is under a BAA. The HIPAA Journal Just be mindful of state/local laws and payor specific requirements. Some states and payors may have rules around medical debt, no-shows, or what collection agencies can charge or do. Remember that you cannot charge no-show fees for Medicaid patients. Always check your state’s licensing and debt collection laws.


Summary & Encouragement

Outpatient private practice can absolutely be both deeply rewarding and sustainable, but only if you also approach it like the business it is—while retaining compassion and professionalism. Clear policies, early agreements, and legal safeguards aren’t just “nice to have”—they’re what let you keep doing the work you love without financial stress.

Implementing these guidelines (intake policy with signed consent, credit card on file, no-show policy with fees, late fees, clear discharge policy, HIPAA notices, using a compliant collection agency + BAA) gives you the structure to reduce lost revenue, protect your practice, and still put patients first. You got this!


-Lauren




 
 
 

Comments

bottom of page