HFA has NEVER been cited for a compliance violation!

We do NOT cut corners!


A truly superior approach maintains the strictest compliance with all applicable laws and regulations.

HFA stresses compliance, data security and your reputation as much as results.

You can rest easy knowing our commitment to compliance is second to NONE! 

We got you covered!


  • Federal and State Fair Debt Collection Practices Act (FDCPA)
  • Fair Credit Reporting Act
  • Personal Privacy Act
  • Gramm-Leach-Bliley Act


HFA understands the need for robust security protocols and contingency plans to protect your data.

All of our procedures are subject to strict security audits.

Indepedent organizations have confirmed that our security standards are in full compliance with all applicable rules and regulations.

You can trust HFA will continue to meet or exceed the highest standards required.

Synopsis of our compliance regimen for two major regulations.

Health Insurance Portability & Accountability Act - HIPAA

As a provider of services to healthcare providers, HFA is extremely dedicated to the proper handling of Protected Health Information (PHI).

We are well versed in how to protect against any violations that would put you or our staff at risk for non-compliance.

HFA proactively analyzes the ever-changing HIPAA requirements/interpretations to determine how it affects our healthcare clients.  We continually evaluate requirements and ensure we meet compliance well ahead of schedule. 

HFA's Training Department provides HIPAA training to all employees.  HIPAA rules and regulations have been incorporated into our employee orientation program, and the information is included in semi-annual privacy training delivered to all staff.

Our HIPAA training covers the following topics:                    

  • What are the applicable laws?
  • What is our responsibility to uphold the laws?
  • What qualifies as PHI?
  • How do we comply with all laws and regulations?
  • Use fax or encrypted e-mail for correspondence with PHI
  • Use a confidentiality warning on all outgoing e-mails
  • Properly identify recipients of all communication
  • Frequently change system passwords
  • Shred sensitive documents
  • Ensure confidentiality agreements are in place
  • Provide privacy training
  • Institute and enforce a strict privacy policy      
  • Ensure building security

All employees are required to sign an agreement signifying that they understand the HIPAA patient privacy requirements and agree to comply. 

We require the same business associate compliance from our vendor partners too.

Fair Debt Collection Practices Act - FDCPA

The FDCPA applies to all delinquent receivables performed in a third party’s name.

HFA goes above and beyond what is required by FDCPA and has always maintained a flawless compliance record. 

Our Director of Compliance performs random audits almost daily on accounts to ensure adherence with all applicable rules..

Audits are also performed on financial operations, data integrity, information security, and disaster preparedness/recovery. 

Our CUBS Collections System records all activities performed, which allows for efficient review by our audit teams.

To ensure that professional standards are maintained, recovery specialists’ calls are also randomly monitored through live, recorded, or screen capture technology. 

Regular observation of recovery specialist activity is performed on 100% of the collection staff.  This often includes daily review by a manager to observe real-time performance of staff. 

Both positive and negatives aspects of all audits are documented and evaluated by upper management. 

Corrective action is taken on any items requiring follow-up and additional follow-up audits are performed to ensure compliance.

HFA also leverages several sources of outside legal counsel to keep us abreast of the latest FDCPA rulings.

© Copyright 2000- Receivable Recovery Service, LLC. All rights reserved.