CFR > Title 12 - Banks and Banking > CHAPTER VII—NATIONAL CREDIT UNION ADMINISTRATION > SUBCHAPTER A—REGULATIONS AFFECTING CREDIT UNIONS (parts 700 to 761) > PART 717—FAIR CREDIT REPORTING > SUBPART D—Medical Information (§717.30 to §717.32) > 717.32—Sharing medical information with affiliates.

717.32—Sharing medical information with affiliates.

(a) Scope. This section applies to Federal credit unions.
(b) In general. The exclusions from the term “consumer report” in section 603(d)(2) of the Act that allow the sharing of information with affiliates do not apply if a Federal credit union communicates to an affiliate:
(1) Medical information;
(2) An individualized list or description based on the payment transactions of the consumer for medical products or services; or
(3) An aggregate list of identified consumers based on payment transactions for medical products or services.
(c) Exceptions. A Federal credit union may rely on the exclusions from the term “consumer report” in section 603(d)(2) of the Act to communicate the information in paragraph (b) to an affiliate:
(1) In connection with the business of insurance or annuities (including the activities described in section 18B of the model Privacy of Consumer Financial and Health Information Regulation issued by the National Association of Insurance Commissioners, as in effect on January 1, 2003);
(2) For any purpose permitted without authorization under the regulations promulgated by the Department of Health and Human Services pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA);
(3) For any purpose referred to in section 1179 of HIPAA;
(4) For any purpose described in section 502(e) of the Gramm-Leach-Bliley Act;
(5) In connection with a determination of the consumer's eligibility, or continued eligibility, for credit consistent with § 717.30; or
(6) As otherwise permitted by order of the NCUA.