Taylor Gess dives into the rapidly evolving world of point-of-sale financing for medical and dental procedures with Troutman Pepper Locke Partners Jason Cover, Brent Hoard, and Erin Whaley.
In this crossover episode of Payments Pros and The Consumer Finance Podcast, guest host Taylor Gess dives into the rapidly evolving world of point-of-sale financing for medical and dental procedures with Troutman Pepper Locke Partners Jason Cover, Brent Hoard, and Erin Whaley. They unpack how HIPAA, business associate relationships, and information-sharing structures can impact financing programs in clinical settings. They explore state-level trends in California, Illinois, and New York, including new restrictions on provider involvement in financing, promotional offers, and payments. The discussion also highlights emerging risks around website tracking technologies, payment portals, and wiretapping-style lawsuits targeting digital health and payment ecosystems. Listeners will come away with a practical framework for structuring medical and dental financing arrangements, managing disputes, and anticipating the next wave of state-level regulation and enforcement.
Payments Pros x The Consumer Finance Podcast – Point-of-Sale Finance Series: Health Care Financing Compliance, Regulatory, and Privacy Pitfalls
Host: Taylor Gess
Guests: Jason Cover, Brent Hoard, and Erin Whaley
Air Date: January 15, 2026
Taylor Gess (00:05):
Welcome to the special edition of The Consumer Finance Podcast and Payments Pros. I'm Taylor Gess, an associate in Troutman Pepper Locke's Consumer Financial Services Regulatory Practice, and I'll be your guest host for today's episode. Today we're going to be giving you another installment of our special highlight series on point-of-sale finance where we will discuss issues related to financing goods and services in the medical and dental spaces. But before we jump into that topic, let me remind you to visit and subscribe to our blogs, TroutmanFinancialServices.com and ConsumerFinancialServicesLawMonitor.com. And don't forget about all of our other podcasts. We have the FCRA Focus, all about credit reporting, the Crypto Exchange, about crypto and digital assets. We have Unauthorized Access, which is our privacy and data security podcast, and of course, Moving the Metal, our auto finance podcast. All of those are available on all popular podcast platforms.
(00:54):
Speaking of those platforms, if you like this podcast, please let us know. Leave us a review on your podcast platform of choice and tell us how we're doing now. As I said, today's episode is another in our special highlight series on point-of-sale finance. Here I'm joined by my colleagues, Jason Cover, Brent Hoard, and Erin Whaley to talk about medical and dental financing, both from the consumer financial services perspective and the medical/dental perspective. Brent, do you want to kick us off by outlining some of the things we need to consider about information sharing and HIPAA that are related to the financing of medical and dental procedures?
Brent Hoard (01:27):
Yep, definitely. I think there are a couple avenues where HIPAA comes into play and really at the outset of any financing kind of transaction, you need to understand what the purpose is and what data is involved. In most cases, if you start just within, say, a dental clinic and somebody is swiping a credit card or you're processing payment through a website portal, more often than not, that is not a HIPAA regulated transaction as a one-time payment. I think that's an important distinction. So if it is simply a credit card payment to pay a balance, going to a third-party payment processor, the payment processor typically isn't going to be a business associate. There is an exception for these one-time payment transactions. What you want to be careful about with these from a HIPAA perspective is if you're working with a third party that processes payments and does other things.
(02:32):
So, if they are helping with claims, if they're helping with coding, if they're providing back some kind of analytics or other reporting, that's outside the scope of that one-time payment transaction and could very well be in scope for HIPAA. So you want to be careful about the scope of services on those one-time payment transactions. The other piece that's becoming much more prevalent today is actual financing. And if you're looking at those types of transactions, often there will be an offer within the practice that “we have financing available.” Some of these procedures are very expensive, they may not be covered, but they're necessary. So if you're looking at the financing transaction and where HIPAA could come into play with that, it really depends on data sources and the involvement of that third party providing the financing, what they're doing and how they're handling data. So from that perspective, as an example, a dental practice has a sign that says we offer financing.
(03:43):
It refers to a third party that offers the financing, but the dental practice, other than putting up that sign isn't providing additional information to that finance company. The individual maybe scans a QR code or something and then goes completes the application, does all of that and the transaction is processed and paid back to the dental practice. In that case, you're probably not within HIPAA world because the individual has provided all the data. There's not an exchange of information necessarily with the dental practice, and there could be exchanges there, so you want to be careful with it, but that initial transaction where the individual initiates the financing, you don't have to worry about that. The other way that this comes up is when the practice itself actually is either looking at upcoming procedures or possibly pre-screening services for financing. In that case, that third-party financing company is going to be receiving a list of either patients or procedures or other information from the dental practice, and that is a disclosure of PHI to the financing company.
(04:58):
So that is in all likelihood going to be a business associate relationship between the parties and you would want to make sure that you have the proper contracts and everything in place. So I mean, really a lot of these transactions are very fact specific. I kind of briefly walked through a few examples, but I think the message here is that the devil is in the details and depending on how you want to set up that relationship, you can make it happen. There are different ways to structure these arrangements. So you can either address it as a HIPAA type of transaction or take steps to stay outside of HIPAA depending on what you want to do. It's different for every practice, but I would encourage you, if you're thinking about implementing some type of financing relationship, to reach out and ask somebody for help getting this set up because there are a lot of potential nuances and pitfalls along the way.
Taylor Gess (06:03):
Thanks, Brent. That was really helpful. Erin, I know there are also some varying practical considerations depending on the type of procedure that's being financed. For example, if it's orthodontics like braces versus maybe a more elective medical spa service or a hospital or clinic service or an assisted device like hearing aids, do you think you could share some thoughts on what people should be considering there?
Erin Whaley (06:26):
I'd be happy to. So we always recommend that providers start with their applicable state law. So, looking at the Medical Practice Act, looking at the Dental Practice Act to see whether there are any statutes and regulations that are on point and talk about providers who offer third-party financing. Right now, there are a few states that do so. California and Illinois are examples. The Illinois law is specific to dentists and some disclosures that they have to give with respect to third-party financing. California is more general to all licensed types of healthcare providers and addresses both disclosures, where that third-party financing can take place, and information that has to be provided to the patient regardless of the type of service. So always start with your state law. Once you get past state law and you understand your compliance obligations there, then you want to think about other types of practical considerations, like you suggested Taylor, for the type of service that is being provided.
(07:38):
Typically, it would be considered unprofessional conduct for a provider to withhold, let's say emergency medical services pending any type of payment or agreement to participate in third-party financing. So if you're providing emergency services, of course you wouldn't want to do that. We can contrast that with completely elective services that are not required to be provided within any special period of time in order to be effective. And there it may make more sense to offer the third-party financing to give the patient the opportunity to think about it prior to receiving the service. And then there are of course gradations in between, so you want to think about that. You also want to think about requirements to provide a good faith estimate of the amount that the procedure will cost and make sure that you're complying with that in connection with offering the third-party financing.
(08:42):
And then you want to think about the difference between offering the third-party financing in connection with the payment of a patient's copay or deductible or co-insurance versus an elective service or one that's not covered by insurance. You may have different obligations with respect to that coverage. So, you want to look at all of those various aspects, and as a provider, have policies and procedures in place to address those different situations and know how you're going to address them. And as a third-party provider of financing, you also want to understand the provider's obligations so that you can help those customers comply and feel more comfortable offering the financing.
Taylor Gess (09:30):
Thanks, Erin. Those considerations are very interesting. Jason, Erin briefly mentioned some state law considerations earlier. Do you want to tell us a little bit more about the consumer finance related aspects of financing medical and dental procedures?
Jason Cover (09:43):
Yeah, thanks, Taylor. I think on some level, the focus on healthcare financing isn't new. In the early days of the CFPB, there was definitely consent orders and enforcement related to healthcare financing products, particularly focused on promotional offers and things of that nature. But I think we've observed just in the last 10 or 15 years, a real explosion in the number of companies that are offering financing products, particularly in partnership with medical providers or dental providers. So with that of course, comes some increased scrutiny, and as Erin mentioned, there's at least two statutes that deal with this at the state level, the California Healing Arts Code and the more recent Illinois Dental Practice Act. These are somewhat interesting. Most of your clients and my clients, Taylor, are not dental providers. They're folks that offer financing to medical providers. And the obligations on these statutes typically relate to the provider itself and not necessarily the financier, but many of the finance companies are integrated with the medical provider at the point of sale.
(10:50):
So on some level, the difference doesn't really matter. It's kind of a point of contention one way or another. So the California one I think is maybe the first one that popped up on our radar. And generally speaking, the main thing in that integration that I think creates difficulties, and this goes hand in hand with what Aaron and Brent were talking about, who's passing information to whom and where, but you can't complete the application on behalf of the patient. So there's some additional hurdles in sort of implementing your traditional credit waterfall in California. So if you are a medical practice that works in multiple states or you're a finance provider that works in multiple states, when you get to California, you really need to pay close attention there. And then it also broadly prohibits deferred interest promotions and doesn't allow charges 30 days in advance.
(11:39):
So getting back to some of those early concerns that the CFPB had, it's kind of codified those in California. And then more recently in Illinois, this statute became effective I think January 1st of last year mirrors California, but it's really only focused on dental. So it doesn't have other healthcare implications to it. It takes a broader stance than the California statute does. It goes so far as to say you can't arrange financing. So not just completing the application, you can't arrange. In theory, I think there's supposed to be regulations to help us understand what arrange means, but to my knowledge, they haven't been implemented. It also prohibits promoting financing during treatment. Maybe that's sort of self-explanatory on some level. It gives some fairly crazy examples like when someone is under anesthesia, you're not supposed to enter into financing with them. So maybe that's just a best practice, even if you're not a dental practice in Illinois.
(12:32):
And then there's certain required disclosures, particularly around promotional offers and things of that nature. But it is kind of interesting how both of these statutes have mirrored each other on some level, and I'm always curious if anyone else is going to implement similar ones. But in that vein, New York has also had a series of statutes that can apply broadly to consumer finance transactions in the context of healthcare. So one of those is that you're generally not allowed to pay before services are provided. No completing the application that seems to ring through on all of these, can't require a card to be on file or preauthorized for treatment. And then there's certain disclosures, again, notifying patients about the risks of using a credit card or financing obligations. So most of what we've talked about here, Taylor, is in the context of sort of application and origination, but there has been a focus on servicing and collections as well.
(13:25):
I think a lot of folks that follow this industry are aware of the CFPB’s proposed rule on no furnishing medical. That's been struck down, but that isn't to say that the states aren't picking up where the CFPB lost. So I think that's something people should continue to monitor. It's a state-by-state issue. There's obviously implications of preemption with the FCRA, so I think that's something to keep an eye on as it develops in the next year or two. And then just broadly speaking, I think states are interested in creating restrictions on collections and debt sales and servicing obligations generally in the context of medical debt. So a hot button topic there as well.
Taylor Gess (14:05):
Thanks, Jason. Seems like no matter what type of financing we're talking about, there's a lot going on on the state law front. So as we're wrapping up here, are there any thoughts you all want to leave us with regarding hot topics or key issues that you're seeing a lot of these days in the medical and dental financing space?
Brent Hoard (14:22):
Well, I think from my discussion, I talked a lot about HIPAA, but there are various state health data privacy laws and general privacy laws that are out there, so really needs to be a holistic view. One of the hot things that we've seen right now is an explosion in demands and lawsuits related to tracking technologies on websites. And this applies in a general sense, but particularly if you have payment portals or other things where your patients are logging in and providing information, whether it's payment or other things, you have two parts of your website, an unauthenticated area, which is where you just go to the landing page and look at different things. You also have authenticated parts, which would be like a payment portal. So somebody's entered credentials to get in there. There has been an explosion of these demands and lawsuits related to wiretapping type allegations that third-party pixels that I've seen are tracking people without their consent. So I did want to mention that it is just in the last three or four months, we've seen a lot of action there. On your website, your payment portal, take a look at that. If you have third parties involved, look at what they're doing as well.
Jason Cover (15:49):
I'd echo Brent. The action generally, I would expect certainly for the next three and a half years will be at the state level. There's obviously a need for medical financing as I think Brent and Erin noted. A lot of these are very expensive procedures, so the financing becomes an ever more important component to folks. And I think the state reaction to governing those types of transactions should be interesting to observe here. We keep saying this I think in all of our podcasts, Taylor, but on some level, it's a reaction to the lack of oversight at the federal level.
Erin Whaley (16:18):
And the only other thing I'd add is that as providers and the financing companies are setting up these relationships, I think Brent highlighted all the things to think about on the front end and the sharing of information with respect to prequalification and the like. I'd also think about the backend and what happens when there's a dispute. So what happens when a patient says that they didn't receive a service or they received a service that didn't meet their expectations, and so they don't think that they should have to pay for it? And how are the parties involved in that—the patient, the provider, the financing company—going to handle that from the provider's perspective? What information can they share with the financing company with respect to the dispute? And from the financing company's perspective, what information do they need from the provider to be able to adjudicate that dispute and make sure that those sharing mechanisms are set up on the front end so that you're not handling that in addition to the actual dispute.
Taylor Gess (17:22):
Thank you, Jason, Brent, Erin, for being here with us today. I think we've done a great job highlighting some of the key issues for consideration in medical and dental financing. So, let's leave this special series here for now and we'll pick back up with another interesting topic on our next special joint episode for The Consumer Finance Podcast and Payments Pros. In the meantime, thanks to our audience for listening today, and don't forget to visit and subscribe to our blogs, TroutmanFinancialServices.com and ConsumerFinancialServicesLawMonitor.com. While you're at it, why not visit us on the web at troutman.com and add yourself to our Consumer Financial Services email list? That way we can send you copies of the alerts and advisories that we send out, as well as invitations to our industry only webinars that we put on from time to time. And of course, stay tuned for a great new episode of this podcast every Thursday afternoon, and look forward to the remainder of our series on point-of-sale finance coming soon to your podcast feed. Thank you all for listening.
Copyright, Troutman Pepper Locke LLP. These recorded materials are designed for educational purposes only. This podcast is not legal advice and does not create an attorney-client relationship. The views and opinions expressed in this podcast are solely those of the individual participants. Troutman does not make any representations or warranties, express or implied, regarding the contents of this podcast. Information on previous case results does not guarantee a similar future result. Users of this podcast may save and use the podcast only for personal or other non-commercial, educational purposes. No other use, including, without limitation, reproduction, retransmission or editing of this podcast may be made without the prior written permission of Troutman Pepper Locke. If you have any questions, please contact us at troutman.com.