HIPAA & FDCPA Compliance: What Process Servers Need to Know
- November 13, 2014
- by Stephanie Irvine
- Business Tips
- Legislation
Editor's Note: While process servers are not directly required to be HIPAA and FDCPA compliant, they can still be held accountable if the service was completed in a way that does not comply with HIPAA and FDCPA standards, resulting in legal action from the attorney handling the case. For more information on these standards, or if you have specific questions, please contact PSACO President and 1st Vice President of NAPPS Steve Glenn for more information.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Fair Debt Collections Privacy Act (FDCPA) have both made a significant impact on the legal community, and we’re examining how these acts have affected civil process servers. While each of these acts were made initially 1996, amendments (the most recent for HIPAA in 2002, and the FDCPA’s most recent amendment was in 2010) and regulation changes in recent years have made these acts very relevant to process servers.
Slideshow from PSACO President (and NAPPS 1st Vice President) Steve Glenn
HIPAA: Isn’t that Just For Health Forms?
In a way, yes. It’s the form you sign at the doctor’s office; you’re given notice of the HIPAA privacy act making you aware of the act and what it means. And typically, that doesn’t involve process servers. However, process servers are absolutely not exempt from HIPAA violations and must be diligent in making sure they are simply enacting due diligence and not violating any terms of HIPAA.
We spoke with Steve Glenn of Magnum-Diego Priority who recently presented on this subject, and he explained that “process servers are far less likely to trigger a HIPAA violation than an FDCPA violation.”
Process servers are far less likely to trigger a HIPAA violation than an FDCPA violation.
Steve Glenn, PSACO President, NAPPS First Vice President
HIPAA does not directly affect process servers in that process servers are not responsible for procuring, managing, or being privy to health information documents. Personally identifiable information (PII) or personal health information (PHI), such as social security numbers and other identifiable information, should not be on documents that civil process servers deliver. PII/PHI should be redacted in any/all legal documents that process servers have access to.
However, process servers could still be found in violation of this act if they are given documents that have not been properly redacted. If PII/PHI is accessible and passed on to the process server, the process server is still liable for any potential repercussions from this violation. For example, if a process server is serving documents from a medical collections case, these documents should be properly redacted, and if they are not, the process server could be held liable and face any legal ramifications brought forth.
Furthermore, process servers must be diligent in properly serving documents of this nature. Proper service would need to be to the correct defendant at the right address within the time frame allotted by the courts. If sensitive documents are delivered to the wrong defendant or to an incorrect address, process servers could still be held liable— even if they were provided the information and documents by their clients.
Further Reading on HIPAA
FDCPA: Not My Circus, Not My Monkeys
In a nutshell, the FDCPA prohibits deceptive, abusive, or unfair debt collections practices. Since process servers are a messenger giving an individual due diligence to notify them of court proceedings, they shouldn’t be in a position where they would harass or stalk the defendant. So, generally speaking, process servers would be, in a general sense, not really in a position to be affected by the FDCPA.
Not so fast… process servers still could be in a position to be in violation of the FDCPA. While this is not the norm, it is still a possibility, and process servers need to be aware of it.
New process servers who are just getting into the debt collections arena are vulnerable to these violations, especially if they aren’t fully aware of the FDCPA and its implications. Inexperience does not excuse process servers from FDCPA violations. By engaging in behavior that would put them in violation of the FDCPA (stalking, harassing, or providing bad service), process servers risk the legal ramifications of such behaviors.
It would also be smart for process servers to consider that they could be sued by law firms for extended liability by law firms if the law firms have been cited with an FDCPA violation. If the law firm is sued or is found in violation, they absolutely could and would pass that on to the process server
For example, another instance where process servers can see repercussions of FDCPA violations are in instances in which a Motion to Quash has been filed. Motions to Quash have increased in recent years as defendants attempt to have the process service thrown out (“quashed”). Since there are many law firms that handle high volumes of collections cases, some don’t waste the time taking these cases to court and just end up settling. This affects the process server when the service is deemed bad/improper and thrown out as a result of the MTQ. The fines resulting from a violation of the FDCPA would trickle down to the process server. Process servers need to stay educated and make sure that they are aware of regulation changes and amendments to acts and laws that affect their business.
In fact, due to the increased regulations and strict processes associated with the collections industry, many are anticipating increased regulations, standards, or requirements for process servers. Steve Glenn speculated that in the future “all services in the debt arena will be personal service” due to these reasons.
The bottom line is that although the FDCPA is typically the bane of the debt collectors, banks, and law firms, the act absolutely still extends to process servers.
All Services in the debt arena will be personal service due to these reasons
Speculation on the future of debt related serves by Steve Glenn, PSACO President, NAPPS First Vice President
Further Reading on FDCPA
The Bottom Line
Stay on top of updates in the legal world. Make sure you’re performing the best service you can and service that is 100% by the book. Check your work and your clients’ work so that you aren’t held liable for something your firm didn’t do. Keep your records up to date. And make sure that your service is effectuated in the most professional way possible.
For more updates and discussions on topics, events, and happenings in the civil process serving world, please join us on LinkedIn.