The Consumer Financial Protection Bureau ("CFPB"), Department of Health and Human Services ("HHS"), and United States Treasury have issued an interagency Request for Information ("RFI") focused on the offering and provision of financing to consumers for health care procedures and services. The RFI signals a renewed focus on, and potential scrutiny of, the practices of health care providers, lenders, and credit card issuers, as well as those who own or control such health care providers, including private equity investors and other asset managers. This White Paper discusses the RFI and its potential implications for health care providers and those involved in financing health care services. In addition, the White Paper identifies steps to consider taking in anticipation of the CFPB conducting inquiries into the use of medical payment products and collecting related debt. And it highlights the real possibility that the CFPB may attempt to stretch the scope of its regulatory authority by using the RFI and any follow-on investigations as a basis to broadly scrutinize the underlying pricing practices used by health care providers.

THE JULY 2023 INTERAGENCY REQUEST FOR INFORMATION

On July 12, 2023, the CFPB, HHS, and Treasury published a Request for Information in the Federal Register.1 According to the RFI, it is intended to build upon prior work done by the CFPB, HHS, Treasury, and other federal agencies, including the CFPB's May 2023 analysis entitled Medical Credit Cards and Financing Plans, which summarized findings related to medical credit cards and loans used for medical services and procedures, including emergency care.2

The RFI begins with a summary of the agencies' view of the medical payment product market, and the risks and potential harms to consumers that could flow from the financing of health care procedures and services using certain products. The summary sheds light on what the CFPB and HHS view as the "problems," as well as the potential harm to consumers. Of note, the RFI indicates that the agencies may not fully appreciate certain industry-specific operational, regulatory, policy, and patient-driven factors impacting how health care providers conduct business and structure relationships both with customers and third parties.

The RFI also sets out almost 50 "General Questions" that fall into one of five categories: (i) Market-level inquiries; (ii) Individual inquiries; (iii) CFPB-specific inquiries; (iv) HHSspecific questions; and (v) Treasury-specific questions. The questions generally focus on eliciting factual information from the public about the nature of various financial products, the pros and cons of using various products, harms suffered by consumers who used medical payment products, the incentives offered to health care providers by financial institutions with whom they partner, and the practices and "tactics" used to avoid adverse financial and health outcomes. The RFI also zeroes in on the role that "Private Equity" may play in the medical payment market, and in influencing whether portfolio companies offer or provide medical payment products to consumers. The Treasury-specific questions are focused on tax policy and the interaction between requirements applicable to tax-exempt hospitals and medical payment products.

The RFI seeks comments regarding how federal agencies can help consumers. The comment period is scheduled to end on September 11, 2023.

WHAT THE RFI MAY MEAN FOR HEALTH CARE PROVIDERS AND THOSE INVOLVED IN PROVIDING MEDICAL PAYMENT PRODUCTS TO PATIENTS

At bottom, the RFI is best read as an open invitation for consumers, market participants, and would-be whistleblowers to come forward with complaints and grievances that the CFPB seems likely to address through enforcement actions or new regulations. Health care providers who offer or provide financing to their customers, as well as lenders, credit card issuers, Fintech companies, and others involved in the provision of financing to consumers seeking health care should prepare accordingly. The comments submitted in response to the RFI also could be used by state attorneys general and other state regulators to pursue their own inquiries into medical payment products provided by health care providers. Civil actions based on state law theories also may follow.

While most health care providers are likely to have in place policies and procedures to mitigate legal, regulatory, and reputational risk arising from how they bill and collect for health care services, the CFPB's active involvement suggests it may add a new regulatory dimension that could pose new and novel challenges.3 In particular, the Consumer Financial Protection Act of 2010 ("CFPA") empowered the CFPB to pursue enforcement actions for unfair, deceptive and abusive conduct in connection with any transaction with a consumer, for a consumer financial product or service, or the offering of a consumer financial product or service.4

In recent years, the CFPB has taken a broad view of its mandate to conduct investigations and pursue enforcement actions in accordance with the CFPA.5 For example, the CFPB interprets an abusive act or practice as one that: (i) materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service; or (ii) takes unreasonable advantage of:

  • A lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or service;
  • The inability of the consumer to protect the interests of the consumer in selecting or using a consumer financial product or service; or
  • The reasonable reliance by the consumer on a covered person to act in the interests of the consumer.6

Despite some attempts to rein in the CFPB,7 the agency has continued to march forward with what some would consider overly aggressive actions that target both financial institutions and nonfinancial institutions alike. In the context of medical payment products, this could mean that the CFPB will conduct holistic evaluations of health care providers' "front-end" practices, including the offering of medical payment products, as well as their "back-end" practices, including billing and collection practices, to identify conduct that the CFPB believes violates the CFPA and related regulations.

Even if a health care provider is otherwise comfortable with its medical payment product offerings, it nevertheless should be aware that any CFPB-led review could open the door to broader questions about its pricing practices. In particular, the RFI and any follow-on investigations could lead the CFPB to conclude that the need for medical payment products is the result of a broader market failure reflected by health care pricing practices,8 which the CFPB could then say justifies enforcement actions related to such practices to address any perceived unfairness to consumers by relying on what the agency has called its "dormant authority"9 under the CFPA.

NEXT STEPS THAT HEALTH CARE PROVIDERS AND THOSE INVOLVED IN PROVIDING MEDICAL PAYMENT PRODUCTS TO PATIENTS MAY WANT TO CONSIDER

Health care providers who offer or provide financing to consumers may consider taking the following actions to identify and evaluate potential risks should the CFPB use the public comments it receives to launch an industry-wide investigation or initiate enforcement actions:

  1. Identify the financial products (e.g., loans or credit cards) that they offer or provide to patients, and evaluate whether and to what extent their terms could be scrutinized by the CFPB under the CFPA.
  2. Analyze written materials, communications and websites used to offer financial products to patients to ensure that they accurately reflect their terms, disclose risks when appropriate, do not omit any information that the CFPB may consider material, and otherwise allow the health care provider to minimize legal and regulatory risks (e.g., bolster disclaimers).
  3. Evaluate the process by which information is provided to patients, especially during face-to-face interactions concerning the relevant product, and consider appropriate updates when training those tasked with disseminating financingrelated information to patients to mitigate or eliminate risks.
  4. Evaluate the process by which patient information is shared with those who provide financial products, taking into consideration data protection and privacy concerns.
  5. Conduct appropriate diligence on those whose medical payment products the health care provider currently offers to its patients to better understand their offerings, practices and relationships with other service providers (e.g., Fintech companies), and to identify potential risks arising from practices that could be perceived as predatory or deceptive, as well as reviewing any potential privacy issues that may exist.
  6. Review and analyze the terms of agreements governing existing relationships to ensure that any financial incentives are not aligned in a way that could raise regulatory scrutiny or reputational risk.
  7. Proactively scrutinize any new potential relationships with lenders, credit card issuers, and others who wish to market their financial products to your patients.
  8. Enhance, as necessary, existing audit and compliance policies related to the offering or provision of financing to patients.
  9. Evaluate and, as necessary, enhance the process by which patients using medical payment products are billed, and the debts associated with such products are collected.
  10. Evaluate their existing pricing practices to understand whether and to what extent they may be vulnerable to challenges should the CFPB take aim at them, and consider modifying them if warranted.

Similarly, lenders, credit card issuers and Fintech companies who provide financial products to the patients could consider doing the following:

  1. Review the terms of the financial products that are offered, compare the terms to products offered in other contexts, and otherwise evaluate whether and to what extent their terms could be scrutinized by the CFPB under the CFPA.
  2. Verify that marketing materials provided directly or indirectly to the customers of health care providers accurately reflect the terms of the products being offered, and do not otherwise give regulators a basis to claim that they are misleading.
  3. . Take steps to verify that the staff of any health care provider offering your medical payment products to patients have accurate information to be able to adequately train their staff who may be working directly with patients, and collaborate with the health care providers, as requested or otherwise warranted.
  4. Enhance, as necessary, audit functions, including evaluating third-party marketing of your financial products and those providing services to you (e.g., Fintech companies, influencers, or debt collection firms) in connection with communicating with patients, onboarding customers, and opening new accounts, servicing accounts, and collecting debt to ensure that they have in place requisite compliances programs and reasonable safeguards.
  5. Evaluate the process by which patient information is shared with those who provide services in connection with medical payment products, taking into consideration data protection and privacy concerns.

Preparing now for potentially intrusive and burdensome CFPB inquiries could reduce risks, particularly given the CFPB's self-proclaimed interest in testing the limits of its authority by bringing enforcement actions against non-banks using what some would suggest are aggressive legal theories. In addition, health care providers and those involved in providing medical payment products to patients also may find it helpful to submit comments to the agencies in response to the RFI to illustrate the patient and health industry benefits of certain products and practices. Finally, depending on how aggressive the CFPB acts, the industry may see challenges to the scope of the CFPB's authority, particularly if it uses the RFI and any follow-on investigations targeted at medical payment products as an excuse to launch an existential attack on how health care providers do business, including their pricing practices.

Footnotes

1. "Request for Information Regarding Medical Payment Products."

2. CFPB: "Medical Credit Cards and Financing Plans."

3. To be sure, the CFPB's involvement in the health care industry is not entirely new. For example, on June 8, 2023, the CFPB issued a consent order against an Indiana-based medical debt collector for violations of the FCRA and the FDCPA. see also, "CFPB Orders GE CareCredit to Refund $34.1 Million for Deceptive Health-Care Credit Card Enrollment."

4. CFPA section 1031(a-d), 12 U.S.C. 5531(a-d).

5. The CFPB recently published a "Policy Statement on Abusive Acts or Practices" summarizing its perspective of the CFPA.

6. Id.

7. See, e.g., United States Court of Appeals for the Fifth Circuit.

8. The CFPB's guidance to debt collectors in connection with the No Surprises Act is illustrative of the agency's view that it can scrutinize the appropriateness of an underlying cost incurred by a consumer in connection with evaluating whether the collection of a debt arising from that cost was done in accordance with the law. ("The prohibition on misrepresentations includes misrepresenting that a consumer must pay a debt stemming from a charge that exceeds the amount permitted by the No Surprises Act. Thus, for example, a debt collector who represents that a consumer owes a debt arising from out-ofnetwork charges for emergency services may violate the prohibition on misrepresentations if those charges exceed the amount permitted by the No Surprises Act."); cf. CFPB v. Sprint, 2014 WL 7176456, 14 CV 9913 (Dec. 14, 2014) (alleging telecommunications service provider created a platform by which third parties could bill consumers for purportedly unauthorized third-party services).

9. Cf. "CFPB Invokes Dormant Authority to Examine Nonbank Companies Posing Risks to Consumers." (CFPB Director Chopra: "Given the rapid growth of consumer offerings by nonbanks, the CFPB is now utilizing a dormant authority to hold nonbanks to the same standards that banks are held to.") (April 25, 2022)

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.