A hospital bills a patient. The patient can’t pay. The account goes to collections. That’s always been the routine — until now.
The rules around medical debt collection have shifted dramatically. Federal agencies, state lawmakers, and consumer advocates are all watching closely. And hospitals that haven’t kept up are finding themselves exposed to audits, lawsuits, and public backlash they didn’t see coming.
This isn’t simply a billing department problem. It touches compliance officers, CFOs, legal teams, and anyone responsible for how a hospital treats its patients financially.
Even decisions as routine as choosing between primary and secondary collections carry compliance weight that many hospitals are only now starting to recognize.
The pressure is real, it’s growing, and understanding where the risk lives is the first step to protecting your organization.
Key Takeaways
Medical debt collection has become a serious compliance risk for hospitals because federal and state laws are changing fast, enforcement is increasing, and improper collection practices can lead to significant fines, lawsuits, and lasting reputational damage.
| Topic | Key Point |
| Core risk | Outdated collection practices now violate new federal and state rules |
| Main laws | CFPB rules, No Surprises Act, ACA charity care requirements |
| Who’s affected | Hospitals, health systems, and their collection partners |
| Common violations | Billing before charity care review, pursuing low-income patients aggressively |
| Best practice | Audit workflows, train staff, vet collection partners for compliance |
| Consequence | Fines, loss of nonprofit tax status, lawsuits, damaged patient trust |
MDS helps hospitals navigate revenue cycle compliance with expert-driven medical debt solutions built for today’s regulatory environment.
What Changed? Why Is Medical Debt Collection Under Scrutiny Now?
For decades, the process was simple. Patient doesn’t pay, account goes to a collection agency, the agency does its job. Regulators rarely stepped in.
That changed significantly between 2020 and 2024. New rules came from multiple directions at once:
- The Consumer Financial Protection Bureau (CFPB) proposed rules to remove medical debt from credit reports — which would overhaul how financial pressure is applied during collections
- The No Surprises Act added pre-collection requirements hospitals must satisfy before billing can escalate
- ACA charity care requirements became stricter, requiring nonprofit hospitals to screen patients before sending accounts to collections
- State legislatures in Colorado, New York, California, and others passed their own medical debt protection laws, creating a patchwork of requirements that vary by location
Hospitals operating the same way they did five years ago are now walking into compliance traps they don’t even see coming.
How Do Medical Debt Laws Create Compliance Exposure?
The answer is in the details. Medical debt laws today don’t simply regulate what a collector can say on a phone call. They regulate when collection can begin, who must be screened for financial assistance first, what disclosures are required, and how debt can be reported.
Here’s where hospitals most commonly get tripped up:
- Skipping financial assistance screening. Sending an account to collections before offering a charity care review violates IRS rules for nonprofit hospitals and can trigger state audits.
- Moving too fast. Several states now require a waiting period — often 180 days — before an account can be referred to a collector.
- Reporting too early. The three major credit bureaus agreed in 2022 to remove medical debts under $500 from reports. Reporting before that threshold, or too soon after a bill is issued, is now a regulatory red flag.
- Using non-compliant collection partners. If a medical collection agency violates the Fair Debt Collection Practices Act on your behalf, your hospital can share in that liability.
Understanding why hospital payment plans sometimes fail patients before accounts ever reach collections is critical — gaps in your payment plan process can push accounts into collection prematurely and create compliance exposure before a collector is ever involved.
What Is the Risk of Working With a Medical Collection Agency?
When a hospital partners with a medical collection agency, they don’t transfer liability — they share it. That’s a point many hospital administrators miss.
Under the FDCPA and state equivalents, hospitals that contract with third-party collectors can be held responsible if those collectors engage in harassing, deceptive, or unfair practices. This includes:
- Contacting patients at prohibited times
- Making false statements about the debt
- Failing to honor a debt validation request
- Attempting to collect on accounts already under financial assistance review
Choosing the right collection partner matters enormously. The cheapest agency is rarely the safest option. Vetting a collection partner’s compliance history, FDCPA training records, and audit practices should be as standard as reviewing their recovery rates.
MDS works as a compliant collection agency for medical bills, helping hospitals stay within regulatory bounds while recovering what they’re owed.
8 Compliance Risks in Medical Debt Collection Hospitals Must Address Now
These aren’t hypothetical risks. Each one has resulted in enforcement actions, settlements, or significant legal exposure for health systems in recent years.
1. Collecting Before Charity Care Is Offered
IRS rules for 501(c)(3) hospitals require that financial assistance be made available before extraordinary collection actions begin. Skipping this step — even unintentionally — risks loss of tax-exempt status, one of the costliest compliance failures a nonprofit hospital can face.
2. Violating State-Specific Waiting Periods
States like California and Colorado mandate minimum waiting periods before medical accounts can be referred to collections. Some require multiple prior contact attempts. Following only federal standards while ignoring state law is a common and dangerous gap.
3. Improper Medical Credit Reporting
The CFPB has been aggressive about medical credit reporting practices. Reporting debt that’s under dispute, below reporting thresholds, or submitted too soon after billing can trigger investigations. Hospitals need clear, documented policies on when and how accounts are reported.
4. Aggressive Collections on Medicaid-Eligible Patients
Pursuing collection on patients who qualify for Medicaid or charity care has drawn scrutiny from state attorneys general across the country. Some hospitals have faced multi-million dollar settlements for exactly this practice.
5. Undertrained Staff on Patient Financial Rights
Patients have rights under the FDCPA, the No Surprises Act, and state law. Billing and collections staff who don’t know these rights become medical compliance liabilities. A single uninformed conversation can escalate into a formal CFPB complaint.
6. Poor Documentation of the Collection Process
Every step — from initial billing to financial assistance screening to collection referral — needs a documented paper trail. Hospitals that can’t demonstrate they followed required steps during an audit are in a weak position, even if they genuinely believe they did everything right.
7. Outdated or Non-Compliant Vendor Contracts
Many hospitals signed collection vendor contracts years ago that don’t reflect current compliance requirements. If your contract with a collection agency for medical bills doesn’t include FDCPA compliance obligations, audit rights, and data security standards, it’s time to renegotiate.
8. Gaps in Patient Communication and Billing Transparency
Patients who feel blindsided by the collection process are far more likely to file complaints. Data transparency builds patient trust — and hospitals that communicate clearly about billing, financial assistance options, and the collections process reduce both conflict and compliance risk before they escalate
Contact MDS today to review your current collection practices and make sure your hospital isn’t carrying compliance risks that cost far more than the debt they’re trying to recover.
What Can Hospitals Do to Reduce Their Exposure?
The good news is that most of these risks are preventable with a few focused steps:
- Audit your collection workflow annually. Map every step from bill generation to collection referral and check it against current federal and state rules.
- Train billing and collections staff regularly. Patient financial rights change. Training should happen at minimum once a year.
- Screen every patient for financial assistance before collection. Make this a hard process checkpoint, not a soft suggestion.
- Vet your collection partners thoroughly. Ask for compliance documentation, FDCPA training records, and recent audit results.
- Update vendor contracts. Make sure agreements include compliance standards, audit rights, and data security requirements.
- Monitor state law changes. Federal rules set a floor, but states keep raising it. Know the specific rules for every state where you operate.
Explore primary and secondary collections that are built with compliance at the center — so your hospital can recover revenue without adding regulatory risk.
None of these steps require massive investment. What they do require is attention — and a willingness to treat compliance as a revenue protection strategy, not just a legal obligation.
Conclusion
Medical debt collection has moved from a back-office routine to a front-and-center compliance issue. The hospitals that recognize this — and adapt their practices — will avoid the fines, lawsuits, and reputational damage that are catching others off guard.
Patients are more informed. Regulators are more active. The cost of getting it wrong has never been higher.
If your hospital’s collection process hasn’t been reviewed recently, now is the time. MDS brings the compliance expertise and industry experience to help you recover revenue the right way — before a regulator tells you that you weren’t.
Frequently Asked Questions
Can a hospital be penalized for the actions of a third-party collection agency?
Yes. Hospitals can face liability under the FDCPA if a hired collection agency engages in prohibited conduct on their behalf. Proper vendor vetting and updated contract language are your primary protections.
How long must a hospital wait before sending an account to collections?
Federal rules require nonprofit hospitals to complete financial assistance screening and allow reasonable time for payment. Many states have added specific waiting periods — often 120 to 180 days — before extraordinary collection actions can begin.
Does the No Surprises Act affect how hospitals collect on unexpected bills?
Yes. The No Surprises Act limits what patients can be charged for certain out-of-network services. Attempting to collect on a bill that violates these protections is itself a compliance violation.
What is the CFPB’s role in medical debt collection oversight?
The Consumer Financial Protection Bureau supervises and enforces rules for debt collectors, including medical collection agencies. It handles consumer complaints and has proposed significant changes to how medical debt can be reported on credit reports.
What records should hospitals keep related to the collection process?
Hospitals should document every stage — financial assistance screening dates, patient contact attempts, collection referral dates, and all written communications. These records are critical if a compliance audit or legal challenge ever arises.