As an increasing number of health care providers move to electronic health record systems, patient privacy is becoming a serious concern. On January 25, 2013, new regulations under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) were issued to strengthen protections for the privacy of health information and increase the penalties for violating those protections. ( 78 Fed. Reg 5,565).

Many of the services lenders provide to customers are exempt from HIPAA, including payment processing, auditing, transferring receivables for payment, resolving customer inquiries or disputes, reporting to consumer reporting agencies, responding to subpoenas, or complying with the law. When a lender’s services extend beyond statutorily approved activities, however, the lender must comply with HIPAA. Therefore, lenders must understand how new HIPAA compliance requirements affect them and their borrowers.