Key Takeaways
- State laws in Oregon, Maryland, and other states now prohibit medical debt from appearing on credit reports, requiring providers to shift away from credit-based collection tactics.
- The federal CFPB proposed a medical debt rule in September 2023 that remains under review, while ongoing regulatory scrutiny continues to influence collection practices.
- Healthcare providers must comply with complex No Surprises Act requirements for out-of-network collections, including qualified payment amount verification.
- HIPAA and FDCPA compliance remains critical, with specialized training needed for “minimum necessary” standards and patient communication preferences.
- Effective collection strategies now emphasize patient education, flexible payment plans, and omnichannel outreach while maintaining strict regulatory compliance.
Healthcare providers face a challenging new landscape for medical debt collection in 2026. Rising patient financial responsibility, combined with evolving state and federal regulations, requires a fundamental shift in collection strategies. The average single coverage deductible reached $1,886 in 2025, representing a 17% increase over five years, while 71% of providers report that patient collections are now their primary revenue concern. Success requires balancing effective revenue recovery with strict regulatory compliance.
State Medical Debt Laws Create New Credit Reporting Bans in 2026
While federal regulations remain in flux, several states have implemented wide-ranging bans on medical debt credit reporting that fundamentally change collection approaches. These laws represent the most significant shift in medical debt collection practices in decades.
Oregon’s Senate Bill 605 took effect January 1, 2026, and establishes one of the nation’s strictest medical debt protection frameworks. The law broadly defines medical debt to include all monetary obligations related to medical services, even those not yet past due. Healthcare providers and their collection agents are completely prohibited from reporting any medical debt information to consumer credit bureaus. Violations can result in courts declaring the underlying debt void and uncollectible, creating substantial financial risk for non-compliant providers.
Maryland’s Fair Medical Debt Reporting Act became effective October 1, 2025, and requires near-total exclusion of medical debt from credit reports. The law mandates that any collection agreement entered after the effective date must include provisions prohibiting credit reporting, or the contract becomes void. Hospitals were required to instruct credit bureaus to delete previously reported adverse medical debt information by November 1, 2025.
Additional states, including Colorado, New York, and Washington, are considering similar legislation. Medical debt collection compliance requires specialized knowledge of these evolving state-by-state requirements to avoid significant legal and financial penalties.
Federal CFPB Rule Status and Regulatory Landscape Changes
The regulatory environment for medical debt collection continues evolving at the federal level, creating uncertainty for healthcare providers nationwide.
CFPB Medical Debt Rule Remains Under Review
The Consumer Financial Protection Bureau proposed a medical debt rule in September 2023, designed to remove approximately $49 billion in medical bills from 15 million Americans’ credit reports. This federal rule would prevent lenders from using medical information in credit determinations across all states.
The proposed rule remains under regulatory review as of 2026, with the CFPB continuing to evaluate public comments and industry feedback. The anticipated impact would provide federal protection for medical debt reporting, but the timeline for final implementation remains uncertain.
Ongoing CFPB Authority and Oversight
The CFPB continues monitoring medical debt collection practices through existing consumer protection frameworks. The agency has indicated it will scrutinize aggressive collection tactics that may violate current consumer protection laws, regardless of the proposed rule’s status.
This ongoing federal oversight means healthcare providers must maintain compliance with traditional debt collection regulations while adapting to new state-level restrictions. The regulatory uncertainty requires providers to implement flexible compliance frameworks capable of adapting to future changes.
No Surprises Act Qualified Payment Amount Requirements for Out-of-Network Collections
The No Surprises Act remains a critical federal compliance requirement for healthcare providers pursuing out-of-network debt collection. The law establishes specific verification and documentation requirements that providers must follow before initiating collection activities.
1. Qualified Payment Amount (QPA) Compliance
Healthcare providers must verify that billed charges for out-of-network services reflect “reasonable” market rates as defined by federal guidelines. This process involves comparing charges against regional benchmarks and documenting the verification methodology to withstand potential federal audits.
The QPA represents the median contracted rate for comparable services in the same geographic area. Providers must maintain detailed documentation showing how their charges relate to these benchmarks, particularly for services where significant price variation exists.
2. Good Faith Estimate Requirements
Before pursuing collection for out-of-network services, providers must confirm that patients received a Good Faith Estimate (GFE) before treatment. The GFE must include expected charges, potential additional costs, and clear explanations of the patient’s financial responsibility.
Documentation requirements include proof of GFE delivery, patient acknowledgment, and records of any subsequent cost discussions. Missing or inadequate GFE documentation can invalidate collection efforts and expose providers to federal penalties.
3. Independent Dispute Resolution Process
The Independent Dispute Resolution (IDR) process provides a mechanism for resolving payment disputes between providers, patients, and insurers. Healthcare providers must understand when IDR applies and maintain detailed records supporting their billing decisions.
Effective IDR participation requires detailed documentation of market rate comparisons, clinical complexity factors, and any unique circumstances affecting the service delivery. Providers should prepare for potential IDR proceedings by maintaining organized case files for all out-of-network services.
HIPAA and FDCPA Compliance Requirements for Medical Collections
Medical debt collection operates under dual regulatory frameworks requiring specialized compliance knowledge. Healthcare providers and their collection partners must handle both healthcare privacy requirements and consumer debt collection protections.
Minimum Necessary Standards for Health Information Access
HIPAA’s “minimum necessary” standard requires that collection agents access only the specific health information required to resolve a debt. This principle creates unique training requirements for medical collection staff that differ significantly from traditional debt collection practices.
Collection agents must be trained to identify what information is necessary for debt resolution versus general medical records. For example, agents typically need payment history, insurance information, and service dates, but rarely require detailed diagnostic information or treatment notes. Violating minimum necessary standards can result in significant HIPAA penalties and compromise collection effectiveness.
Patient Communication Preferences and Validation Notices
The Fair Debt Collection Practices Act requires clear validation notices within five days of initial patient contact. Medical collection validation notices must include specific elements while respecting patient communication preferences and state-specific restrictions.
Effective validation notices in the medical context must clearly explain the debt’s origin, the healthcare provider involved, and the services rendered. In states with credit reporting bans, validation notices must explicitly state that the debt will not be reported to credit bureaus, helping maintain patient trust while ensuring legal compliance.
Best Practices for Staff Training on Regulatory Compliance
Staff training programs must address both HIPAA and FDCPA requirements while incorporating state-specific medical debt regulations. Training should include role-playing exercises, regular updates on changing regulations, and clear escalation procedures for complex situations.
Effective training programs emphasize empathetic communication while maintaining firm boundaries around payment expectations. Staff must understand how to explain complex medical bills, offer payment plan options, and handle patient objections without violating regulatory requirements or damaging patient relationships.
Effective Collection Strategies Under New Regulatory Framework
The 2026 regulatory environment requires healthcare providers to completely rethink traditional collection approaches. Successful strategies emphasize patient education, transparency, and convenience while maintaining strict compliance with evolving regulations.
1. Patient Education and Transparency Initiatives
Patient education represents the foundation of effective medical debt collection under new regulatory constraints. Many patients are willing to pay but feel overwhelmed by complex billing statements and insurance processes. Clear communication about financial responsibility can significantly improve collection rates while maintaining positive patient relationships.
Effective patient education includes explaining Explanation of Benefits (EOB) documents, clarifying insurance coverage limitations, and providing detailed breakdowns of service charges. Providers should offer educational resources through multiple channels, including online portals, printed materials, and one-on-one consultations with trained financial counselors.
2. Flexible Payment Plan Implementation
High-deductible health plans have shifted substantial financial responsibility to patients, making flexible payment options necessary for successful collection. Approximately 34% of covered workers now face deductibles of $2,000 or more, creating affordability challenges that require creative solutions.
Successful payment plan programs offer multiple term options, automated payment processing, and clear communication about plan benefits. Interest-free payment plans demonstrate provider commitment to patient accessibility while improving collection rates compared to traditional lump-sum payment demands.
3. Omnichannel Outreach While Maintaining Compliance
Modern collection strategies use multiple communication channels to engage patients effectively while respecting communication preferences and regulatory requirements. Successful omnichannel approaches combine phone, email, text messaging, and online portal communications in coordinated sequences.
Digital communication preferences continue growing, with 62% of consumers preferring to pay medical bills online. Providers should offer secure text messaging, email reminders, and mobile-optimized payment portals while maintaining HIPAA compliance and respecting patient opt-out preferences.
Specialized Medical Collection Services Offer Compliance Solutions
The complexity of 2026 medical debt regulations makes specialized collection partnerships increasingly valuable for healthcare providers. Professional medical collection agencies offer expertise in handling state-specific requirements, federal regulations, and industry best practices that many internal teams cannot replicate.
Specialized medical collection services typically operate on contingency-only models, meaning providers only pay a percentage of successfully collected amounts. This approach reduces financial risk while providing access to compliance expertise, specialized technology platforms, and trained staff familiar with healthcare-specific regulations.
Leading collection agencies focus on maintaining patient relationships while maximizing recovery rates through compliant practices. They offer training programs, regular regulatory updates, and sophisticated tracking systems that monitor collection effectiveness while ensuring ongoing compliance with evolving state and federal requirements.
Effective partnerships include transparent reporting, regular communication about regulatory changes, and collaborative approaches to handling complex cases. Providers should evaluate potential collection partners based on their healthcare industry experience, compliance track record, and ability to adapt to changing regulatory environments.
Southwest Recovery Services
16200 Addison Road Suite 260
Addison
Texas
75001
United States
