To the extent that an entity is engaged in activities of a financial institution (as defined in section 3401 of title 12), or is engaged in authorizing, processing, clearing, settling, billing, transferring, reconciling, or collecting payments, for a financial institution, this part, and any standard adopted under this part, shall not apply to the entity with respect to such activities, including the following:

(1) The use or disclosure of information by the entity for authorizing, processing, clearing, settling, billing, transferring, reconciling or collecting, a payment for, or related to, health plan premiums or health care, where such payment is made by any means, including a credit, debit, or other payment card, an account, check, or electronic funds transfer.

(2) The request for, or the use or disclosure of, information by the entity with respect to a payment described in paragraph (1)—

(A) for transferring receivables;

(B) for auditing;

(C) in connection with—

(i) a customer dispute; or

(ii) an inquiry from, or to, a customer;

(D) in a communication to a customer of the entity regarding the customer's transactions, payment card, account, check, or electronic funds transfer;

(E) for reporting to consumer reporting agencies; or

(F) for complying with—

(i) a civil or criminal subpoena; or

(ii) a Federal or State law regulating the entity.


Tried the LawStack mobile app?

Join thousands and try LawStack mobile for FREE today.

  • Carry the law offline, wherever you go.
  • Download CFR, USC, rules, and state law to your mobile device.