e-CFR Navigation Aids


Simple Search

Advanced Search

 — Boolean

 — Proximity


Search History

Search Tips


Latest Updates

User Info


Agency List

Incorporation By Reference

eCFR logo

Related Resources

Electronic Code of Federal Regulations

We invite you to try out our new beta eCFR site at https://ecfr.federalregister.gov. We have made big changes to make the eCFR easier to use. Be sure to leave feedback using the Help button on the bottom right of each page!

e-CFR data is current as of October 22, 2020

Title 12Chapter XPart 1022Subpart D → §1022.32

Title 12: Banks and Banking
Subpart D—Medical Information

§1022.32   Sharing medical information with affiliates.

(a) Scope. This section applies to any person, except for a person excluded from coverage of this part by section 1029 of the Consumer Financial Protection Act of 2010, title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act, Public Law 111-203, 124 Stat. 137.

(b) In general. The exclusions from the term “consumer report” in section 603(d)(2) of the Act that allow the sharing of information with affiliates do not apply to a person described in paragraph (a) of this section if that person communicates to an affiliate:

(1) Medical information;

(2) An individualized list or description based on the payment transactions of the consumer for medical products or services; or

(3) An aggregate list of identified consumers based on payment transactions for medical products or services.

(c) Exceptions. A person described in paragraph (a) of this section may rely on the exclusions from the term “consumer report” in section 603(d)(2) of the Act to communicate the information in paragraph (b) of this section to an affiliate:

(1) In connection with the business of insurance or annuities (including the activities described in section 18B of the model Privacy of Consumer Financial and Health Information Regulation issued by the National Association of Insurance Commissioners, as in effect on January 1, 2003);

(2) For any purpose permitted without authorization under the regulations promulgated by the Department of Health and Human Services pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA);

(3) For any purpose referred to in section 1179 of HIPAA;

(4) For any purpose described in section 502(e) of the Gramm-Leach-Bliley Act;

(5) In connection with a determination of the consumer's eligibility, or continued eligibility, for credit consistent with §1022.30 of this part; or

(6) As otherwise permitted by order of the Bureau.

Need assistance?