[Federal Register: June 10, 2005 (Volume 70, Number 111)]
[Rules and Regulations]
[Page 33957-33996]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr10jn05-17]
[[Page 33957]]
-----------------------------------------------------------------------
Part IIDepartment of the Treasury
Office of the Comptroller of the Currency
12 CFR Part 41
Office of Thrift Supervision
12 CFR Part 571
Federal Reserve System-------------------------------------------------
12 CFR Parts 222 and 232
Federal Deposit Insurance Corporation----------------------------------
12 CFR Part 334
National Credit Union Administration-----------------------------------
12 CFR Part 717
-----------------------------------------------------------------------
Fair Credit Reporting Medical Information Regulations; Interim Final
Rule
[[Page 33958]]
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the Currency
12 CFR Part 41
[Docket No. 05-10]
RIN 1557-AC85
FEDERAL RESERVE SYSTEM
12 CFR Parts 222 and 232
[Regulation V and FF; Docket No. R-1188]
FEDERAL DEPOSIT INSURANCE CORPORATION
12 CFR Part 334
RIN 3064-AC81
DEPARTMENT OF THE TREASURY
Office of Thrift Supervision
12 CFR Part 571
[No. 2005-16]
RIN 1550-AB88
NATIONAL CREDIT UNION ADMINISTRATION
12 CFR Part 717
Fair Credit Reporting Medical Information Regulations
AGENCIES: Office of the Comptroller of the Currency, Treasury (OCC);
Board of Governors of the Federal Reserve System (Board); Federal
Deposit Insurance Corporation (FDIC); Office of Thrift Supervision,
Treasury (OTS); National Credit Union Administration (NCUA).
ACTION: Interim final rules; request for public comments.
-----------------------------------------------------------------------
SUMMARY: The OCC, Board, FDIC, OTS, and NCUA (Agencies) are publishing
interim final rules to implement section 411 of the Fair and Accurate
Credit Transactions Act of 2003 (FACT Act). The interim final rules
create exceptions to the statute's general prohibition on creditors
obtaining or using medical information pertaining to a consumer in
connection with any determination of the consumer's eligibility, or
continued eligibility, for credit for all creditors. The exceptions
permit creditors to obtain or use medical information in connection
with credit eligibility determinations where necessary and appropriate
for legitimate purposes, consistent with the Congressional intent to
restrict the use of medical information for inappropriate purposes. The
interim final rules also create limited exceptions to permit affiliates
to share medical information with each other without becoming consumer
reporting agencies.
DATES: This interim final rule is effective March 7, 2006. Comments
must be received by July 11, 2005.
ADDRESSES: Comments should be directed to:
OCC: You should include OCC and Docket Number 05-10 in your
comment. You may submit comments by any of the following methods:
Federal eRulemaking Portal: http://www.regulations.gov.
Follow the instructions for submitting comments.
OCC Web Site: http://www.occ.treas.gov. Click on ``Contact
the OCC,'' scroll down and click on ``Comments on proposed
regulations.''
E-mail Address: regs.comments@occ.treas.gov.
Fax: (202) 874-4448.
Mail: Office of the Comptroller of the Currency, 250 E
Street, SW., Mail Stop 1-5, Washington, DC 20219.
Hand Delivery/Courier: 250 E Street, SW., Attn: Public
Information Room, Mail Stop 1-5, Washington, DC 20219.
Instructions: All submissions received must include the agency name
(OCC) and docket number or Regulatory Information Number (RIN) for this
rulemaking. In general, OCC will enter all comments received into the
docket without change, including any business or personal information
that you provide. You may review comments and other related materials
by any of the following methods:
Viewing Comments Personally: You may personally inspect
and photocopy comments at the OCC's Public Information Room, 250 E
Street, SW., Washington, DC. You can make an appointment to inspect
comments by calling (202) 874-5043.
Viewing Comments Electronically: You may request e-mail or
CD-ROM copies of comments that the OCC has received by contacting the
OCC's Public Information Room at regs.comments@occ.treas.gov.
Docket: You may also request available background
documents and project summaries using the methods described above.
Board: You may submit comments, identified by Docket No. R-1188, by
any of the following methods:
Agency Web Site: http://www.federalreserve.gov Follow the instructions for submitting comments at http://www.federalreserve.gov/generalinfo/foia/ProposedRegs.cfm.
Federal eRulemaking Portal: http://www.regulations.gov.
Follow the instructions for submitting comments.
E-mail: regs.comments@federalreserve.gov. Include docket
number in the subject line of the message.
Fax: 202/452-3819 or 202/452-3102.
Mail: Jennifer J. Johnson, Secretary, Board of Governors
of the Federal Reserve System, 20th Street and Constitution Avenue,
NW., Washington, DC 20551.
All public comments are available from the Board's Web site at
http://www.federalreserve.gov/generalinfo/foia/ProposedRegs.cfm as
submitted, except as necessary for technical reasons. Accordingly, your
comments will not be edited to remove any identifying or contact
information. Public comments may also be viewed electronically or in
paper in Room MP-500 of the Board's Martin Building (20th and C
Streets, NW.) between 9 a.m. and 5 p.m. on weekdays.
FDIC: You may submit comments, identified by RIN number by any of
the following methods:
Agency Web Site: http://www.fdic.gov/regulations/laws/federal/propose.html.
Follow instructions for submitting comments on
the Agency Web Site.
E-Mail: Comments@FDIC.gov. Include the RIN number in the
subject line of the message.
Mail: Robert E. Feldman, Executive Secretary, Attention:
Comments, Federal Deposit Insurance Corporation, 550 17th Street, NW.,
Washington, DC 20429.
Hand Delivery/Courier: Guard station at the rear of the
550 17th Street Building (located on F Street) on business days between
7 a.m. and 5 p.m.
Instructions: All submissions received must include the
agency name and RIN for this rulemaking. All comments received will be
posted without change to http://www.fdic.gov/regulations/laws/federal/propose.html
including any personal information provided.
OTS: You may submit comments, identified by number 2005-16, by any
of the following methods:
Federal eRulemaking Portal: http://www.regulations.gov.
Follow the instructions for submitting comments.
E-mail Address: regs.comments@ots.treas.gov. Please
include number 2005-16 in the subject line of the message and include
your name and telephone number in the message.
Fax: (202) 906-6518.
Mail: Regulation Comments, Chief Counsel's Office, Office
of Thrift
[[Page 33959]]
Supervision, 1700 G Street, NW., Washington, DC 20552, Attention: No.
2005-16.
Hand Delivery/Courier: Guard's Desk, East Lobby Entrance,
1700 G Street, NW., from 9 a.m. to 4 p.m. on business days, Attention:
Regulation Comments, Chief Counsel's Office, Attention: No. 2005-16.
Instructions: All submissions received must include the agency name
and docket number or Regulatory Information Number (RIN) for this
rulemaking. All comments received will be posted without change to the
OTS Internet Site at http://www.ots.treas.gov/pagehtml.cfm?catNumber=67&an=1
, including any personal information
provided.
Docket: For access to the docket to read background documents or
comments received, go to http://www.ots.treas.gov/pagehtml.cfm?catNumber=67&an=1.
In addition, you may inspect comments
at the Public Reading Room, 1700 G Street, NW., by appointment. To make
an appointment for access, call (202) 906-5922, send an e-mail to
public.info@ots.treas.gov, or send a facsimile transmission to (202)
906-7755. (Prior notice identifying the materials you will be
requesting will assist us in serving you.) We schedule appointments on
business days between 10 a.m. and 4 p.m. In most cases, appointments
will be available the next business day following the date we receive a
request.
NCUA: You may submit comments by any of the following methods
(Please send comments by one method only):
Federal eRulemaking Portal: http://www.regulations.gov.
Follow the instructions for submitting comments.
NCUA Web Site: http://www.ncua.gov/RegulationsOpinionsLaws/proposed_regs/proposed_regs.html.
Follow the
instructions for submitting comments.
E-mail: Address to regcomments@ncua.gov. Include ``[Your
name] Comments on Interim Final Rule Part 717, Fair Credit Reporting--
Medical Information'' in the e-mail subject line.
Fax: (703) 518-6319. Use the subject line described above
for e-mail.
Mail: Address to Mary Rupp, Secretary of the Board,
National Credit Union Administration, 1775 Duke Street, Alexandria,
Virginia 22314-3428.
Hand Delivery/Courier: Address to Mary Rupp, Secretary of
the Board, National Credit Union Administration. Deliver to guard
station in the lobby of 1775 Duke Street, Alexandria, Virginia 22314-
3428, on business days between 8 a.m. and 5 p.m.
All public comments are available on the agency's Web site at
http://www.ncua.gov/RegulationsOpinionsLaws/comments as submitted,
except as may not be possible for technical reasons. Public comments
will not be edited to remove any identifying or contact information.
Paper copies of comments may be inspected in NCUA's law library, at
1775 Duke Street, Alexandria, Virginia 22314, by appointment weekdays
between 9 a.m. and 3 p.m. To make an appointment, call (703) 518-6546
or send an e-mail to OGCMail@ncua.gov.
FOR FURTHER INFORMATION CONTACT: OCC: Amy Friend, Assistant Chief
Counsel, (202) 874-5200; Michael Bylsma, Director, or Stephen Van
Meter, Assistant Director, Community and Consumer Law, (202) 874-5750;
Patrick T. Tierney, Senior Attorney, Legislative and Regulatory
Activities Division, (202) 874-5090; or Carol Turner, Compliance
Specialist, Compliance Department, (202) 874-4858, Office of the
Comptroller of the Currency, 250 E Street, SW., Washington, DC 20219.
Board: David A. Stein, Counsel; Minh-Duc T. Le, Ky Tran-Trong, or
Krista P. DeLargy, Senior Attorneys, Division of Consumer and Community
Affairs, (202) 452-3667 or (202) 452-2412; or Andrew Miller, Counsel,
Legal Division, (202) 452-3428, Board of Governors of the Federal
Reserve System, 20th and C Streets, NW., Washington, DC 20551.
FDIC: Richard M. Schwartz, Counsel, Legal Division, (202) 898-7424;
David Lafleur, Policy Analyst, (202) 898-6569, or Patricia Cashman,
Senior Policy Analyst, Division of Supervision and Consumer Protection,
(202) 898-6534, Federal Deposit Insurance Corporation, 550 17th Street,
NW., Washington, DC 20429.
OTS: Elizabeth Baltierra, Program Analyst (Compliance), Compliance
Policy, (202) 906-6540; Richard Bennett, Counsel, (202) 906-7409;
Judith A. McCormick, Director, Consumer Protection and Specialty
Programs, (202) 906-5636, Office of Thrift Supervision, 1700 G Street,
NW., Washington, DC 20552.
NCUA: Regina M. Metz, Staff Attorney, Office of General Counsel,
(703) 518-6540, National Credit Union Administration, 1775 Duke Street,
Alexandria, VA 22314-3428.
SUPPLEMENTARY INFORMATION:
I. Background
The FACT Act became law on December 4, 2003. Pub. L. 108-159, 117
Stat. 1952. In general, the FACT Act amends the Fair Credit Reporting
Act (FCRA or Act) to enhance the ability of consumers to combat
identity theft, increase the accuracy of consumer reports, and allow
consumers to exercise greater control regarding the type and amount of
marketing solicitations they receive. Section 411 of the FACT Act
generally limits the ability of creditors to obtain or use medical
information in connection with credit eligibility determinations,
consumer reporting agencies to disclose medical information, and all
persons to share medical information and other medical-related
information with affiliates.
Section 411(a) of the FACT Act adds a new section 604(g)(1) to the
FCRA to restrict the circumstances under which consumer reporting
agencies may furnish consumer reports that contain medical information
about consumers. Under section 604(g)(1), a consumer reporting agency
may not furnish a consumer report that contains medical information
about a consumer unless:
(1) The report is furnished in connection with an insurance
transaction, and the consumer affirmatively consents to the furnishing
of the report;
(2) The report is furnished for employment purposes or in
connection with a credit transaction, the information to be furnished
is relevant to process or effect the employment or credit transaction,
and the consumer provides specific written consent for the furnishing
of the report that describes in clear and conspicuous language the use
for which the information will be furnished; or
(3) The information to be furnished pertains solely to
transactions, accounts, or balances relating to debts arising from the
receipt of medical services, products, or devices, where such
information, other than account status or amounts, is restricted or
reported using codes that do not identify, or do not provide
information sufficient to infer, the specific provider or the nature of
such services, products, or devices.
Section 411(c) of the FACT Act revises the definition of ``medical
information'' in section 603(i) to mean information or data, whether
oral or recorded, in any form or medium, created by or derived from a
health care provider or the consumer, that relates to the past,
present, or future physical, mental, or behavioral health or condition
of an individual, the provision of health care to an individual, or the
payment for the provision of health care to an individual. The term
``medical
[[Page 33960]]
information'' does not include the age or gender of a consumer,
demographic information about the consumer, including a consumer's
residence address or e-mail address, or any other information about a
consumer that does not relate to the physical, mental, or behavioral
health or condition of a consumer, including the existence or value of
any insurance policy.
Section 411(a) also amends the FCRA by adding new section 604(g)(2)
to prohibit creditors from obtaining or using medical information
pertaining to a consumer in connection with any determination of the
consumer's eligibility, or continued eligibility, for credit. Section
604(g)(2) contains two independent prohibitions--a prohibition on
obtaining medical information and a prohibition on using medical
information. The statute contains no prohibition, however, on creditors
obtaining or using medical information other than in connection with a
determination of the consumer's eligibility, or continued eligibility,
for credit. For example, section 604(g)(2) does not prohibit a creditor
from obtaining medical information in connection with employment
purposes. Nevertheless, a creditor that obtains medical information in
connection with employment purposes may not subsequently use that
information in connection with any determination of the consumer's
eligibility, or continued eligibility, for credit. Section 604(g)(5)(A)
requires the Agencies to prescribe regulations that permit transactions
that are determined to be necessary and appropriate to protect
legitimate operational, transactional, risk, consumer, and other needs
(including administrative verification purposes), consistent with
Congressional intent to restrict the use of medical information for
inappropriate purposes.
Section 411(b) of the FACT Act adds a new section 603(d)(3) to the
FCRA to restrict the sharing of medically related information with
affiliates if that information meets the definition of ``consumer
report'' in section 603(d)(1) of the FCRA. Specifically, section
603(d)(3) provides that the standard exclusions from the definition of
``consumer report'' contained in section 603(d)(2)--such as sharing
transaction or experience information among affiliates or sharing other
information among affiliates after notice and an opportunity to opt-
out--do not apply if medically related information is disclosed to an
affiliate. Medically related information includes medical information,
as described above, as well as an individualized list or description
based on payment transactions for medical products or services, and an
aggregate list of identified consumers based on payment transactions
for medical products or services.
Section 604(g)(3), however, provides several exceptions that allow
institutions to share medically related information with affiliates in
accordance with the standard exclusions that apply to the sharing of
non-medically related information. These exceptions provide that an
institution may share medically related information with an affiliate
without having the communication categorically treated as a consumer
report if the information is disclosed to an affiliate:
(1) In connection with the business of insurance or annuities
(including the activities described in section 18B of the model Privacy
of Consumer Financial and Health Information Regulation issued by the
National Association of Insurance Commissioners, as in effect on
January 1, 2003);
(2) For any purpose permitted without authorization under the
Standards for Individually Identifiable Health Information promulgated
by the Department of Health and Human Services (HHS) pursuant to the
Health Insurance Portability and Accountability Act of 1996 (HIPAA);
(3) For any purpose referred to under section 1179 of HIPAA;
(4) For any purpose described in section 502(e) of the Gramm-Leach-
Bliley Act; or
(5) As otherwise determined to be necessary and appropriate, by
regulation or order, by the Federal Trade Commission (FTC), the
Agencies, or an applicable State insurance authority.
Section 604(g)(4), as added by section 411(a)(4) of the FACT Act,
also provides that any person that receives medical information from an
affiliate pursuant to an exception in section 604(g)(3) or from a
consumer reporting agency under section 604(g)(1) must not disclose
such information to any other person, except as necessary to carry out
the purpose for which the information was initially disclosed, or as
otherwise permitted by statute, regulation, or order.
II. Overview of Comments Received
On April 28, 2004, the Agencies published a notice of proposed
rulemaking in the Federal Register (69 FR 23380) to implement the
provisions of section 411 of the FACT Act. The Agencies proposed to
create exceptions to the general prohibition against creditors
obtaining or using medical information in connection with credit
eligibility determinations, as required by section 604(g)(5)(A), to
permit transactions necessary and appropriate to protect legitimate
operational, transactional, risk, consumer, and other needs (including
administrative verification purposes), consistent with the intent of
Congress to restrict the use of medical information for inappropriate
purposes. In addition, the Agencies proposed to create additional
exceptions to the special restrictions in section 603(d)(3) on sharing
medically related information with affiliates, as permitted by section
604(g)(3)(C).
Each of the Agencies received up to 40 comment letters in response
to the proposal, although many commenters sent copies of the same
letter to more than one Agency. Comments were received from a variety
of industry commenters, including banks, thrifts, credit unions, credit
card companies, mortgage lenders and other non-bank creditors, and
industry trade associations. Comments were also received from insurance
companies and insurance industry trade associations. Other comments
were received from consumer and community groups, privacy advocates,
and health care associations. A comment letter was received from two
Members of Congress, and another comment letter was received from the
Federal Trade Commission.
Most commenters supported the proposed rule. Commenters offered a
number of suggested changes, with the most common suggestions
including: broadening the scope of coverage to apply to all creditors;
broadening the scope of coverage to apply to an individual's credit
eligibility made in connection with business credit; clarifying the
definition of ``medical information'; implementing the statute by
relying primarily on interpretations of the statute rather than
exceptions; addressing debt cancellation contracts, debt suspension
agreements, and credit insurance products through an exception; and
revising the language and scope of various exceptions to the general
prohibition on obtaining and using medical information.
The Agencies have modified the proposed rule in light of the
comments received. These comments, and the Agencies' responses to the
comments, are discussed in the following section-by-section analysis.
As discussed below, the Agencies are adopting these rules as interim
final rules so that interested parties may comment on the expanded
scope of the exceptions for obtaining and using medical information in
connection with credit eligibility determinations.
[[Page 33961]]
III. Section-by-Section Analysis
Section --.2 Examples
Section --.2 of the proposal discussed the scope and effect of the
examples included in the proposed rule. Commenters supported the
provision regarding the scope and effect of examples. Section --.2 is
therefore adopted as proposed.
Section --.3 Definitions
Section --.3 of the proposal contained definitions for the terms
``affiliate'' (as well as the related terms ``company'' and
``control''), ``consumer,'' ``medical information,'' and ``you.'' The
proposed definition of ``you'' has not been included in the interim
final rule as unnecessary.\1\
---------------------------------------------------------------------------
\1\ The OTS previously added a definition of ``you'' to Sec.
571.3(o) in connection with its disposal rule. See 69 FR 77610,
77621 (Dec. 28, 2004). That definition remains in the OTS's rule.
---------------------------------------------------------------------------
Affiliate
Several FCRA provisions apply to information sharing with persons
``related by common ownership or affiliated by corporate control,''
``related by common ownership or affiliated by common corporate
control,'' or ``affiliated by common ownership or common corporate
control.'' E.g., FCRA, sections 603(d)(2), 615(b)(2), and 624(b)(2).
Each of these provisions was enacted as part of the 1996 amendments to
the FCRA. Similarly, section 2 of the FACT Act defines the term
``affiliate'' to mean persons that are related by common ownership or
affiliated by corporate control.
Under the proposal, the Agencies proposed to define ``affiliate''
to mean any company that controls, is controlled by, or is under common
control with another company, which is identical to the definition of
``affiliate'' in section 509 of the GLB Act and the GLB Act privacy
regulations. The Agencies received very few comments on the definition
of ``affiliate'' and none that suggested changes to the definition.
In the interim final rules, the Agencies have revised the
definition of ``affiliate'' to track more closely the definition
contained in section 2 of the FACT Act. Section --.3(b) of the interim
final rules defines ``affiliate'' to mean any company that is related
by common ownership or common corporate control with another
company.\2\
---------------------------------------------------------------------------
\2\ For purposes of the regulation, an ``affiliate'' includes an
operating subsidiary of a bank or savings association, and a credit
union service organization that is controlled by a Federal credit
union.
---------------------------------------------------------------------------
The Agencies believe there is no substantive difference between the
FACT Act definition of ``affiliate'' and the definition of
``affiliate'' in section 509 of the GLB Act. The Agencies are not aware
of any circumstances in which two entities would be affiliates for
purposes of the FCRA but not for purposes of the GLB Act privacy rules,
or vice versa. Furthermore, even though affiliated entities have had to
comply with different formulations of the ``affiliate'' definition
under the FCRA and the GLB Act since 1999, the Agencies are not aware
of any compliance difficulties or disputes resulting from the two
statutes using somewhat different wording to describe what constitutes
an affiliate.
Under the GLB Act privacy rules, the definition of ``control''
determines whether two or more entities meet the definition of
``affiliate.'' \3\ The Agencies included the same definition of
``control'' in the proposal. The Agencies received no comments on the
proposed definition of ``control.'' Accordingly, the Agencies interpret
the phrase ``related by common ownership or common corporate control''
as used in the FACT Act to have the same meaning as ``control'' in the
GLB Act privacy rules. For example, if an individual owns 25 percent of
two companies, the companies would be affiliates under both the GLB Act
and FCRA definitions. However, the individual would not be considered
an affiliate of the companies because the definition of ``affiliate''
is limited to companies.
---------------------------------------------------------------------------
\3\ See 12 CFR 40.3(g), 216.3(g), 332.3(g), 573.3(g), and
716.3(g).
---------------------------------------------------------------------------
For purposes of clarity, the Agencies are revising the defined term
from ``control'' (as in the proposal) to ``common ownership or common
corporate control'' in order to track more closely the terminology used
in the FACT Act.\4\ In addition, the Agencies believe that certain
types of persons, for example, governments or governmental agencies or
individuals are not subject to control, as that term is defined in the
interim final rules, for purposes of defining an affiliate.
---------------------------------------------------------------------------
\4\ For purposes of the regulation, NCUA presumes that a Federal
credit union has a controlling influence over the management or
policies of a credit union service organization if it is 67 percent
owned by credit unions.
---------------------------------------------------------------------------
The proposal also included a definition of ``company,'' which was
defined to include any corporation, limited liability company, business
trust, general or limited partnership, association, or similar
organization. Omitted from the definition of ``company'' are some
entities that are ``persons'' under the FCRA, including estates,
cooperatives, and governments or governmental subdivisions or agencies,
as well as individuals. The Agencies received no comments on the
proposed definition of ``company,'' which is adopted as proposed.
The interim final rule includes a definition of ``person'' to
reflect that the definition of ``affiliate'' now refers to a ``person''
rather than to a ``company.'' The definition of ``person'' tracks the
statutory definition and means any individual, partnership,
corporation, trust, estate, cooperative, association, government or
governmental subdivision or agency, or other entity.
Medical Information
Under the proposed rule, paragraph (k) defined the term ``medical
information'' to mean information or data, whether oral or recorded, in
any form or medium, created by or derived from a health care provider
or the consumer, that relates to (1) the past, present, or future
physical, mental, or behavioral health or condition of an individual;
(2) the provision of health care to an individual; or (3) the payment
for the provision of health care to an individual. Proposed paragraph
(k) also made clear that the term ``medical information'' did not
include the age or gender of a consumer, demographic information about
the consumer, including a consumer's residence address or e-mail
address, or any other information about a consumer that does not relate
to the physical, mental, or behavioral health or condition of a
consumer, including the existence or value of any insurance policy. The
definition in the proposal tracked the statutory definition of
``medical information.''
The Agencies requested comment on whether coded information
furnished by a consumer reporting agency in accordance with section
604(g)(1)(C) of the FCRA should be deemed to fall outside the
definition of ``medical information.'' Industry commenters generally
believed that coded information should be excluded from the definition
of ``medical information'' because Congress, by requiring coding by
consumer reporting agencies, determined the appropriate protection for
this information. Privacy advocates, consumer and community groups, and
health care associations urged the Agencies not to exclude coded
information from the definition of ``medical information'' because they
believed it would be an inappropriate narrowing of the statutory
definition and would effectively remove such information from the anti-
discrimination protections of proposed Sec. --.30(c) by allowing
creditors to treat medical debts, if coded, differently than non-
medical debts. Based on the
[[Page 33962]]
comments received and an analysis of the terms and structure of the
FACT Act, the Agencies have determined to treat coded information as
``medical information'' for purposes of the Agencies'' rules. The
statutory definition of ``medical information'' is quite broad. In
addition, the wording of section 604(g)(1) indicates that ``medical
information about a consumer'' includes both coded and uncoded
information from a consumer report. How creditors may obtain and use
this information is discussed below.
A number of commenters asked the Agencies to clarify that ``medical
information'' must relate or pertain to a specific consumer. Commenters
requested this clarification to ensure that creditors can continue to
use databases containing aggregate, non-personally identifiable
information about consumers to analyze consumer behavior patterns
without violating the restrictions on obtaining or using medical
information. The FTC recommended that the Agencies clarify that
information about collateral is not ``medical information'' because
information about collateral does not pertain to an individual.
The Agencies believe that the statutory definition of ``medical
information'' applies only to information that is associated with a
specific consumer because such information must relate to the condition
``of an individual'' or the provision of health care or payment for the
provision of health care ``to an individual.'' In the interim final
rule, the Agencies have clarified that the term ``medical information''
does not include information that does not identify a specific
consumer. Section --.3(k)(2)(iv) contains this clarification. The
interim final rule does not categorically exclude information about
collateral from the definition of medical information because the
relationship between information about collateral and medical
information about an individual may depend upon the facts and
circumstances.
One commenter asked the Agencies to clarify that information about
the death of an individual is not medical information. The Agencies
believe that the fact that a consumer is deceased generally is not
``medical information.'' However, certain information associated with
the death of a consumer, such as information about the medical
condition that resulted in the consumer's death, may be medical
information.
Creditors are reminded that other laws, such as the Americans with
Disabilities Act, the Fair Housing Act (FHA), the GLB Act, the Health
Insurance Portability and Accountability Act (HIPAA), and other parts
of the FCRA, may limit or regulate the use, collection, and sharing of
consumer information, including medical information. These and other
laws, such as the Equal Credit Opportunity Act (ECOA), also may
prohibit creditors from using certain information that is excluded from
the restrictions on obtaining or using medical information, such as age
or gender information, in determining eligibility for credit or for
other purposes. The exceptions created by this rule do not override or
modify, or in any way limit the responsibility of creditors to comply
with all applicable Federal and state fair lending laws. The OTS
reminds creditors subject to its rules that they must comply with the
requirements of the OTS's anti-discrimination rules when seeking to
obtain and use medical information in reliance on the exceptions in
this rule.\5\
---------------------------------------------------------------------------
\5\ The OTS's anti-discrimination regulations are found at 12
CFR part 528.
---------------------------------------------------------------------------
Section --.30 Obtaining or Using Medical Information in Connection With
a Determination of Eligibility for Credit
Section 411(a) of the FACT Act adds a new section 604(g)(2) to the
FCRA, which contains a broad new limitation on the ability of creditors
to either obtain or use medical information in connection with credit
eligibility determinations.
A. Scope of Rules on Obtaining or Using Medical Information
Section 604(g)(2) (as added by section 411 of the FACT Act)
prohibits any ``creditor'' from obtaining or using ``medical
information'' in connection with any determination of the consumer's
eligibility, or continued eligibility, for credit.\6\ The definition of
``medical information'' adopted in the FACT Act broadly includes
information or data, whether oral or recorded, in any form or medium,
created by or derived from a health care provider or a consumer that
relates to the past, present, or future physical, mental, or behavioral
health or condition of an individual, the provision of health care to
an individual, or the payment for the provision of health care to an
individual.\7\ The definition encompasses important financial
information about consumers that is typically used in the credit
underwriting process, such as information about the payment history and
status of medical debts and the amount of a consumer's disability
income.
---------------------------------------------------------------------------
\6\ 15 U.S.C. 1681b(g)(2).
\7\ Id. at Sec. 1681a(i). ``Medical information'' does not
include the age or gender of a consumer, demographic information
about the consumer, including a consumer's residence address or e-
mail address, or any other information about a consumer that does
not relate to the physical, mental, or behavioral health or
condition of a consumer, including the existence or value of any
insurance policy. Id.
---------------------------------------------------------------------------
Section 111 of the FACT Act added a definition of ``creditor'' to
the FCRA that is also very broad and includes any person who regularly
extends, renews, or continues credit, any person who regularly arranges
for the extension, renewal, or continuation of credit, or any assignee
of an original creditor who participates in the decision to extend,
renew, or continue credit.\8\ A ``creditor'' includes depository
institutions as well as entities that are neither depository
institutions nor affiliates of depository institutions, such as
independent finance companies, loan brokers, health care providers, and
automobile dealers. Accordingly, section 604(g)(2) prohibits all
creditors from obtaining or using key financial information that is
also medical information in the credit underwriting process.
---------------------------------------------------------------------------
\8\ The meaning of ``creditor'' in the FCRA has the same meaning
as in the Equal Credit Opportunity Act (``ECOA''). Id. at Sec. Sec.
1681a(r)(5) and 1691a(e).
---------------------------------------------------------------------------
Section 604(g) does not contain any specific statutory exception to
this broad prohibition. Instead, section 604(g)(5) directs the Agencies
to prescribe regulations to permit ``transactions'' in which creditors
obtain or use medical information that are ``necessary and appropriate
to protect legitimate operational, transactional, risk, consumer, and
other needs consistent with the intent of paragraph (2) to restrict the
use of medical information for inappropriate purposes.'' \9\ Section
604(g)(5) does not by its terms limit the scope of the creditors that
may rely on exceptions granted by the Agencies.
---------------------------------------------------------------------------
\9\ Id. at Sec. 1681b(g)(5)(A).
---------------------------------------------------------------------------
Proposed Sec. --.1(b)(2) identified the persons to which the rules
relating to obtaining and using medical information in proposed
Sec. Sec. --.30(a)-(d) applied. As proposed, each Agency's rule and
the exceptions created by those rules applied to creditors subject to
the regulatory jurisdiction of the respective Agency. The most
significant issue raised by commenters in connection with the proposal
related to the classes of creditors to which the exceptions to the
statutory prohibition in section 604(g)(2) would apply. Many commenters
strongly urged the Agencies to make clear that the regulatory
exceptions apply to all creditors that are subject to the statutory
prohibition on
[[Page 33963]]
obtaining or using medical information, not just bank and thrift
creditors and their affiliates and Federal credit unions. Many
financial institution creditors indicated that, if the exceptions
failed to apply to all creditors, the lending activities of financial
institutions would be adversely affected because financial institutions
often originate loans through, or purchase loans from, persons that are
creditors for purposes of the FCRA but are not financial institutions.
In particular, commenters noted that arrangers of credit (which are
creditors for purposes of the FCRA) may include doctors and other
health care providers that inform consumers of medical financing
options and act as a liaison between the consumer and the creditor.
Finally, commenters argued that, without clarification that the
classes of creditors that could rely on the Agencies' regulatory
exceptions were the same as the classes of creditors subject to the
statutory prohibition, a significant number of creditors unaffiliated
with banks, thrifts, or Federal credit unions would be in doubt about
their ability to obtain and use excepted medical information in the
same way and to the same extent as the Agencies' rules allow creditors
that are banks, thrifts, Federal credit unions, or affiliates of those
institutions to obtain and use the identical information. This result
could reduce the availability of credit generally because of the
breadth of the statute's definition of medical information. Two Members
of Congress who sponsored section 411 of the FACT Act, submitted a
comment letter supporting this view and indicating that it was their
intention that the exceptions would apply to non-bank finance
companies, state-chartered credit unions, and doctors, medical
suppliers, and other medical professionals.
The prohibition on creditors obtaining or using medical information
in connection with credit eligibility determinations in section
604(g)(2) applies to all creditors. As noted above, section 605(g)(5)
does not, by its terms, limit the creditors that may rely on the
exceptions granted by the Agencies. Moreover, that section, by its
terms, applies to ``transactions'' for which the Agencies determine
exceptions are necessary, not to ``creditors'' that the Agencies
determine must be protected by the exceptions. Accordingly, the
combined scope of the exceptions adopted pursuant to section 604(g)(5)
in the interim final rules is as broad as the prohibition to which it
applies, and is available to all creditors.
The final action is comprised of six rules. The applicability of
the section of each Agency's rule addressing the prohibition on and
exceptions for creditors obtaining or using medical information in
connection with credit eligibility determinations is set forth in Sec.
--.30(a) and covers transactions in which certain enumerated entities
participate as creditors. Under Sec. --.30(a)(2), other entities that
participate as creditors in transactions in which an enumerated entity
also participates as a creditor are also subject to that Agency's rule.
In addition, a separate rule, codified in part 232 of the Board's
chapter of the Code of Federal Regulations (hereafter ``separate
rule''), affords the exceptions to the prohibition against obtaining
and using medical information for credit eligibility determinations
generally to all creditors, except for creditors that are subject to
one of the other Agencies' rules. This combination of rules establishes
uniform coverage and exceptions for transactions involving any creditor
that is subject to the prohibition on obtaining or using medical
information in section 411. The separate rule has been located in the
Board's chapter of the Code of Federal Regulations as a matter of
convenience because many creditors are accustomed to looking to the
Board's regulations implementing other statutes, such as the Truth-in-
Lending Act and the Equal Credit Opportunity Act.
The Agencies believe it is important that rules prescribing
exceptions to the prohibitions from obtaining or using medical
information in connection with credit eligibility determinations be
consistent. Thus, in developing the proposed and interim final rules,
the Agencies have consulted and coordinated with each other to
establish identical rules. The Agencies will consult and coordinate
with each other regarding any amendments to the rules for the purpose
of assuring, to the extent possible, that the regulations prescribed by
each Agency remain consistent and comparable with the regulations
prescribed by the other Agencies.
These rules are being adopted on an interim final basis with a
delayed effective date. While a number of commenters urged
clarification of the scope of the availability of the exceptions, the
Agencies are concerned that uncertainty about this matter may have led
creditors that believed they could not avail themselves of the
exceptions not to comment on the appropriateness and details of the
exceptions.
B. General Prohibition on Obtaining or Using Medical Information
Proposed paragraph (a)(1) incorporated the statute's general rule
prohibiting creditors from obtaining or using medical information
pertaining to a consumer in connection with any determination of a
consumer's eligibility, or continued eligibility, for credit, except as
provided in the regulations under subpart D. The supplementary
information to the proposal noted the consumer's eligibility for credit
typically would be determined when an initial decision is made on
whether to grant or deny credit to the consumer, but could also include
decisions whether to terminate an account or adjust a credit limit
following an account review. The Agencies received no comments on this
restatement of the statutory prohibition in the proposal. Renumbered
paragraph (b)(1) in each Agency's rule and Sec. --.1(b) of the
separate rule contain this provision, which is adopted as proposed.
Proposed paragraph (a)(2) clarified the meaning of certain terms
used in the statutory prohibition and the proposed rule, including
``eligibility, or continued eligibility, for credit,'' ``credit,'' and
``creditor.'' Commenters had no comments on the definitions of
``credit'' and ``creditor,'' which tracked the FACT Act's definition of
those terms. In the interim final rule, renumbered paragraphs (b)(2)(i)
and (ii) of each Agency's rule and Sec. --.1(c)(2) and (3) of the
separate rule contain the definitions of ``credit'' and ``creditor,''
which are adopted as proposed.
The proposed rule interpreted the phrase ``eligibility, or
continued eligibility, for credit'' to mean the consumer's
qualification or fitness to receive, or continue to receive, credit,
including the terms on which credit is offered, primarily for personal,
family, or household purposes. The proposal further clarified that the
phrase ``eligibility, or continued eligibility, for credit'' did not
include the following: (1) The consumer's qualification or fitness to
be offered employment, insurance products, or other non-credit products
or services; (2) a determination of whether the provisions of a debt
cancellation contract, debt suspension agreement, credit insurance
product, or similar forbearance practice or program are triggered; (3)
authorizing, processing, or documenting a payment or transaction on
behalf of a consumer in a manner that does not involve a determination
of the consumer's eligibility, or continued eligibility, for credit; or
(4) maintaining or servicing a
[[Page 33964]]
consumer's account in a manner that does not involve a determination of
the consumer's eligibility, or continued eligibility, for credit.
Commenters offered a substantial number of suggestions regarding
the meaning of ``eligibility, or continued eligibility, for credit.''
Industry commenters supported limiting the term to credit primarily for
personal, family, or household purposes consistent with the traditional
scope of the FCRA. Privacy advocates, consumer and community groups,
and health care associations, on the other hand, objected to the
exclusion of business credit from the general prohibition on obtaining
or using medical information. These commenters argued that the proposed
limitation to consumer credit conflicted with the FCRA definitions of
``credit'' and ``creditor,'' which incorporate the ECOA definitions of
those terms. Moreover, these commenters noted that Congress initially
used the Truth in Lending Act (TILA) definitions of ``credit'' and
``creditor'' in the draft FACT Act legislation, but subsequently
adopted the ECOA definitions of those terms. ECOA applies to business
purpose credit, whereas TILA does not.
The Federal banking agencies (OCC, Board, FDIC, and OTS) have
previously taken the position that a creditor has a permissible purpose
to obtain a consumer report on a consumer in connection with a business
credit transaction under section 604(a)(3)(A) of the FCRA if the
consumer is or will be personally liable on the loan, such as in the
case of a guarantor, co-signer, or, in most instances, an individual
proprietor. An informal FTC staff opinion letter concurred with the
banking agencies' position. See Letter from Joel Winston to Julie L.
Williams, J. Virgil Mattingly, William F. Kroener, III, and Carolyn
Buck, June 22, 2001. A copy of this letter is available from the FTC's
Internet Web site at http://www.ftc.gov/os/statutes/fcra/tatelbaum2.htm.
To ensure consistency with the prior interpretation,
the Agencies are deleting the phrase ``primarily for personal, family,
or household purposes'' from the definition of ``eligibility, or
continued eligibility, for credit.'' In order for the prohibition in
section 604(g)(3) to apply, a creditor must obtain or use medical
information about a consumer in connection with a determination of a
consumer's eligibility, or continued eligibility, for credit.
Accordingly, the general prohibition would apply to business credit if
a consumer would be personally liable for repayment of a business loan.
Commenters also pointed to an ambiguity in the proposal: proposed
paragraph (a)(2)(i)(A) referred to insurance products while proposed
paragraph (a)(2)(i)(B) referred to credit insurance products. To
eliminate this ambiguity, the interim final rule has been revised so
that renumbered paragraph (b)(2)(iii)(A) of each Agency's rule and
section --.1(c)(4)(i) of the separate rule applies to insurance
products other than credit insurance products. Additional, non-
substantive changes have been made to these paragraphs for clarity.
Commenters made a number of suggestions regarding debt cancellation
contracts, debt suspension agreements, and credit insurance products,
which were addressed in proposed paragraph (a)(2)(i)(B). Most
commenters believed that these contracts, agreements, and products
should be addressed through an exception, rather than through an
interpretation. In the interim final rule, debt cancellation contracts,
debt suspension agreements, and credit insurance products are addressed
in two new exceptions, which are discussed below.
Forbearance practices or programs were also addressed in proposed
paragraph (a)(2)(i)(B). Most commenters believed that forbearance
practices and programs should be addressed through an exception, rather
than through an interpretation. In the interim final rule, forbearance
practices or programs are addressed in a new exception, which is
discussed below.
Under the proposal, the term ``eligibility, or continued
eligibility, for credit'' did not include authorizing, processing, or
documenting a payment or transaction on behalf of a consumer in a
manner that does not involve a determination of the consumer's
eligibility, or continued eligibility, for credit. The interim final
rule retains this interpretation in paragraph (b)(2)(iii)(B). See also
section --.1(c)(4)(ii) of the separate rule. A few commenters asked the
Agencies to clarify that over limit transactions or fees and the use of
transaction codes fall within this interpretation. Typically, the
routine processing of over limit transactions or the imposition of over
limit fees would not involve a determination of the consumer's
eligibility, or continued eligibility, for credit. If, however, a
creditor has medical information about the consumer and uses that
information to determine whether or not to raise the consumer's credit
limit, such use must fall within an exception in Sec. Sec. --.30(d) or
(e) of each Agency's rule or Sec. Sec. --.3 or --.4 of the separate
rule to be permissible. Similarly, the use of transaction codes that
identify payments to merchants of medical products or services
typically would not involve a determination of the consumer's
eligibility, or continued eligibility, for credit, unless the creditor
uses the medically related codes to make a judgment about whether, and
on what terms, to extend credit to the consumer.
Under the proposal, the term ``eligibility, or continued
eligibility, for credit'' did not include maintaining or servicing a
consumer's account in a manner that does not involve a determination of
the consumer's eligibility, or continued eligibility, for credit. The
interim final rule retains this interpretation in paragraph
(b)(2)(iii)(C) of each Agency's rule. See also section --.1(c)(4)(iii)
of the separate rule.
The FTC recommended adding a number of additional interpretations
and deleting or revising references suggesting that the proposed
interpretations and rule of construction were not statutory
interpretations. In the interim final rule, the Agencies have deleted
references that may have suggested that the interpretations are not
interpretations of the statute. Most of the additional interpretations
recommended by the FTC are addressed elsewhere in this preamble.
One FTC suggestion not addressed elsewhere is the recommendation to
interpret the statute to permit doctors and other providers of medical
goods and services to extend credit to consumers where the credit is
incidental to the provision of medical goods or services. The Agencies
agree that providers of medical goods and services ordinarily would
obtain medical information pertaining to a consumer in connection with
rendering medical care, and not in connection with credit eligibility
decisions. Moreover, if a provider did not use that medical information
in connection with determining the consumer's eligibility to receive
credit, then the provider clearly would not violate the prohibition.
For example, a doctor who treats a patient before billing the patient
for her services, without considering the patient's payment history or
other medical information relating to the patient, would not have
obtained and used medical information in connection with an eligibility
determination for credit.
As discussed above, the definition of medical information is very
broad and includes not only the health or condition of an individual,
but information relating to the payment for the provision of health
care. See section 603(i) of the FCRA (15 U.S.C. 1681a(i)). If a
provider uses medical information,
[[Page 33965]]
such as a consumer's history of not paying medical bills promptly, in
determining whether and on what terms to extend credit to the consumer,
then the provider, as a creditor, has used medical information in
connection with a credit eligibility determination in contravention of
the general prohibition. Thus, the Agencies conclude that an
interpretation that excludes incidental credit from the statutory
prohibition is not supported by the statute because medical service
providers that extend incidental credit may, in some instances, use
medical information to determine the consumer's eligibility for such
credit.
C. Receiving Unsolicited Medical Information and Coded and Uncoded
Information from a Consumer Reporting Agency
Section --.30(b) of the proposal contained a rule of construction
regarding the receipt of unsolicited medical information in recognition
of the fact that creditors may receive medical information without
specifically asking for it. A creditor may receive unsolicited medical
information, for example, when a consumer informs the loan officer that
she needs a loan to pay for treatment for a particular medical
condition, or when a consumer, in response to a general request on a
credit application for information about outstanding debts, lists debts
owed to hospitals and doctors for medical services. The Agencies
proposed a rule of construction to make clear that a creditor would not
violate the prohibition on obtaining medical information if the
creditor received medical information without specifically asking for
or requesting such information and did not use it.
Commenters generally supported the rule of construction for
unsolicited medical information. Industry commenters generally favored
a rule of construction over an exception.
In addition, the Agencies solicited comment on how to treat
information in consumer reports containing information described in
section 604(g)(1) of the FCRA. The Agencies solicited comment on three
options for allowing creditors to obtain and use coded information
contained in a consumer report pursuant to section 604(g)(1)(C). One
approach was to interpret ``medical information'' to exclude coded
information that may be furnished under section 604(g)(1)(C) of the
Act. Another approach was to interpret the prohibition on obtaining or
using medical information in section 604(g)(2) as qualified by the
provisions in section 604(g)(1) that authorize consumer reporting
agencies to furnish consumer reports containing medical information
under certain circumstances. A final approach was to require creditors
that intend to obtain and use coded medical information in connection
with credit eligibility determinations to do so in accordance with the
financial information exception in proposed Sec. --.30(c).
Industry commenters generally believed that coded information
should be excluded from the definition of ``medical information.''
Privacy advocates, consumer and community groups, and health care
associations, on the other hand, maintained that coded information fell
within the definition of ``medical information'' and opposed the
creation of a separate consumer report exception as in proposed
paragraph (d)(1)(iii). These commenters believed that the other
proposed exceptions were sufficient to protect legitimate uses of both
coded and uncoded medical information obtained from a consumer report.
The FTC urged the Agencies to interpret the general prohibition on
creditors obtaining and using medical information in section 604(g)(2)
as qualified by the provisions in section 604(g)(1) applicable to
consumer reporting agencies that furnish consumer reports containing
medical information.
As noted above, the Agencies interpret coded information provided
pursuant to section 604(g)(1)(C) as meeting the broad statutory
definition of ``medical information.'' Under the interim final rules, a
creditor that receives medical information from a consumer reporting
agency, whether coded or uncoded, without specifically requesting that
information does not obtain medical information in violation of the
prohibition. Such information, however, may be used only in accordance
with the exceptions contained in renumbered paragraphs 30(d) or (e) of
each Agency's rule or Sec. Sec. --.3 or --.4 of the separate rule.
The proposal also included a separate exception for uncoded medical
information furnished by a consumer reporting agency in a consumer
report pursuant to section 604(g)(1)(B) in proposed paragraph
(d)(1)(iii). The proposed exception has been omitted from the interim
final rule as unnecessary. Commenters generally did not support this
exception. A number of these commenters believed that the other
exceptions were sufficient and that no separate exception should be
created for consumer reports. The FTC urged the Agencies to treat coded
and uncoded medical information furnished by consumer reporting
agencies the same by interpreting the general statutory prohibition as
inapplicable to such information.
The Agencies believe that the exceptions in renumbered paragraphs
(d) and (e) of each Agency's rule and in Sec. Sec. --.3 and --.4 of the
separate rule provide creditors sufficient flexibility with respect to
the use of medical information contained in consumer reports. The rule
of construction for unsolicited medical information adequately protects
creditors that receive coded or uncoded medical information in consumer
reports furnished by consumer reporting agencies without specifically
requesting medical information. If, however, a creditor specifically
requests medical information from a consumer reporting agency in
connection with a credit eligibility determination, the creditor must
meet one of the exceptions in renumbered paragraphs (d) and (e) of each
Agency's rule or Sec. Sec. --.3 and --.4 of the separate rule in order
to obtain and use that information.
Renumbered paragraph (c) of the interim final rule adopts the rule
of construction for unsolicited medical information with certain
revisions. Section --.2 of the separate rule contains the identical
provision. The interim final rule provides that a creditor does not
obtain medical information in violation of the prohibition if it
receives such information from a consumer, a consumer reporting agency,
or any other person in connection with any determination of the
consumer's eligibility, or continued eligibility, for credit without
specifically requesting medical information. The rule of construction
is retained as an interpretation, rather than as an exception because
it interprets the statutory language regarding when a creditor
``obtains'' medical information in violation of the prohibition.
The introductory language to the rule of construction has been
revised for clarity to provide that a creditor does not obtain medical
information ``in violation of the prohibition'' if it meets the
specified criteria. In addition, the cross-reference to the general
prohibition has been deleted because the rule of construction is an
interpretation of the statute.
Proposed paragraph (b)(1)(ii), which prohibited the use of
unsolicited medical information, has been deleted because the rule of
construction focuses on when a creditor does not obtain medical
information in violation of the statute. The Agencies believe that
incorporating a use limitation in the rule of construction would be
[[Page 33966]]
inconsistent with the exceptions in renumbered paragraphs (d) and (e).
Instead, the Agencies have added a new paragraph (c)(2) to clarify that
a creditor that receives unsolicited medical information may use that
information in connection with any determination of the consumer's
eligibility, or continued eligibility, for credit only to the extent
the creditor can rely on one of the exceptions in renumbered paragraphs
(d) or (e).
The examples of the rule of construction have been moved to
renumbered paragraph (c)(3) in the interim final rules and all
references to restrictions on the use of unsolicited medical
information have been deleted from the examples consistent with the
changes discussed above. In addition, paragraph (c)(3)(iii) adds a new
example to illustrate how the rule of construction applies to medical
information furnished by a consumer reporting agency.
Commenters had several other comments concerning the rule of
construction. Privacy advocates, consumer and community groups, and
health care associations suggested that the Agencies clarify that the
phrase ``without specifically requesting medical information'' means
information obtained voluntarily without any pressure, prompting, or
direct or indirect solicitation by the creditor. These commenters also
sought an additional requirement that creditors destroy unsolicited
medical information as soon as reasonably practicable and suggested
making the rule of construction an exception. Some industry commenters
suggested that consumers should have the burden of proving that
unsolicited medical information was used in a credit eligibility
determination because it may be difficult for creditors to prove that
unsolicited medical information was not used. Some industry commenters
suggested permitting a creditor to use unsolicited medical information
in a manner no less favorably than it would use comparable medical
information.
The statute does not specifically address the burden of proof to be
applied when disputes arise regarding the use of medical information.
The Agencies find it unnecessary to address this issue because the
interim final rule allows unsolicited medical information to be used as
permitted by the exceptions in renumbered paragraphs (d) and (e). The
Agencies thus decline to impose on consumers the burden of proving that
unsolicited medical information was used in a credit eligibility
determination. Furthermore, even if the consumer requests that a
creditor use unsolicited medical information in connection with a
credit eligibility determination, the creditor is not required to do
so. The phrase ``without specifically requesting medical information''
along with the examples makes clear that the rule of construction does
not apply to medical information obtained through a specific request or
solicitation for such information. No further clarification is
necessary. The destruction of unsolicited medical information would not
be appropriate in many circumstances, thus the Agencies decline to
adopt such a rule.
D. Financial Information Exception for Obtaining and Using Medical
Information
As noted above, section 604(g)(5)(A) of the Act gives the Agencies
the authority to prescribe regulations, after notice and opportunity
for comment, to permit transactions in which creditors may obtain and
use medical information in connection with determinations of credit
eligibility that the Agencies determine to be necessary and appropriate
to protect legitimate operational, transactional, risk, consumer, and
other needs (including actions necessary for administrative
verification purposes), consistent with the intent of the statute to
restrict the use of medical information for inappropriate purposes.
Applying this standard, the Agencies proposed a number of exceptions to
the general prohibition on creditors obtaining or using medical
information in connection with credit eligibility determinations. The
exceptions were contained in proposed paragraphs (c)-(d). In the
interim final rule, these exceptions are contained in renumbered
paragraphs (d) and (e) of each Agency's rule and in Sec. Sec. --.3 and
--.4 of the separate rule.
Section --.30(c) of the proposal contained the proposed financial
information exception. Proposed paragraph (c)(1) provided that a
creditor may obtain and use medical information pertaining to a
consumer in connection with any determination of the consumer's
eligibility, or continued eligibility, for credit so long as the
following three elements were met. First, the information must relate
to debts, expenses, income, benefits, collateral, or the purpose of the
loan, including the use of proceeds. Second, the creditor must use the
information in a manner and to an extent no less favorable than it
would use comparable information that is not medical information in a
credit transaction. Third, the creditor must not take the consumer's
physical, mental, or behavioral health, condition or history, type of
treatment, or prognosis into account as part of any such determination
of credit eligibility.
Commenters generally supported the proposed three-part test for the
financial information exception. Privacy advocates, consumer and
community groups, and health care associations suggested limiting the
exception to circumstances where the creditor has not specifically
requested medical information on its application for credit, but rather
has made a generic request for financial information. These commenters
also suggested including the phrase ``financial information'' in the
text of the rule. Industry commenters suggested revising the first
prong to apply to a non-exclusive list of information routinely used in
the underwriting process. These commenters noted that the Agencies may
have unintentionally omitted certain items, such as assets, that should
be included in the list. Commenters generally supported the second
prong of the test. One commenter suggested that the third prong of the
test was inconsistent with and undermined the ``no less favorable''
principle set forth in the second prong and could prove detrimental to
consumers. Another commenter found the three-part test complicated and
difficult to implement.
The interim final rule retains the three-part test for the
financial information exception, with certain modifications. The
Agencies agree with those commenters that believe the better approach
is to have a non-exclusive list of types of information that are
routinely used in making credit eligibility determinations. The first
prong of the test, therefore, has been revised to include all
information of the type routinely used in making credit eligibility
determinations and provides a non-exclusive list of such types of
information (i.e., information relating to debts, expenses, income,
benefits, assets, collateral, or the purpose of the loan, including the
use of proceeds). The Agencies do not believe it would be helpful to
include the words ``financial information'' in the text of the
exception because there is no bright line between financial information
and medical information.
The second prong of the test is adopted as proposed. Commenters
appeared comfortable with requiring a creditor to use medical
information in a manner and to an extent no less favorable than it
would use comparable non-medical information in a credit transaction.
As noted in the proposal, a creditor may deny credit to the
[[Page 33967]]
consumer because the consumer owes a debt to a hospital if the creditor
would have denied credit to the consumer if the consumer had owed the
same amount of debt with the same payment history to a retailer.
Nothing in the rule prevents the creditor from treating information
about medical debts (or expenses or income) more favorably than non-
medical debts.
The third prong of the test is also adopted as proposed. Other,
more narrowly focused exceptions, such as the medical accommodation
exception, permit a creditor to take the consumer's physical, mental,
or behavioral health, condition, or history, type of treatment, or
prognosis into account in limited circumstances as part of a consumer's
credit eligibility determination. For this type of core medical
information, the Agencies believe it is appropriate to more strictly
limit the circumstances in which creditors may obtain or use this
information.
Since creditors generally are prohibited from obtaining medical
information in connection with any determination of the consumer's
eligibility, or continued eligibility, for credit, a creditor
ordinarily would not specifically request medical information on an
application, but would obtain such information in response to a generic
question on an application about debts, income, and other information
routinely used in credit eligibility determinations. Thus, except where
a creditor has a specific application for the financing of medical
procedures, a creditor generally would be prohibited from specifically
asking for medical information on a credit application.
Proposed paragraph (c)(2) provided several non-exclusive examples
to illustrate when creditors may obtain and use medical information
under the financial information exception. Commenters generally
supported the proposed examples. One commenter requested a
clarification of the example in proposed paragraph (c)(2)(iii)(B). In
that example, a consumer meets with a loan officer of a creditor to
apply for a mortgage loan. While filling out the loan application, the
consumer informs the loan officer orally that she has a potentially
terminal disease. The consumer meets the creditor's established
requirements for the requested mortgage loan. The loan officer
recommends to the credit committee that the consumer be denied credit
because the consumer has that disease. The commenter recommended adding
a statement that the bank acted on the loan officer's recommendation
and denied the application because the consumer had a potentially
terminal disease to clarify that the creditor, in fact, used medical
information in a manner inconsistent with the exception. The Agencies
believe this clarification is helpful and, in the interim final rule,
have revised the example in renumbered paragraph (d)(2)(iii)(B) of each
Agency's rule accordingly. See also section --.3(b)(3)(ii) of the
separate rule.
In addition, a new example has been added in paragraph
(d)(2)(iii)(C) of each Agency's rule and Sec. --.3(b)(3)(iii) of the
separate rule to illustrate that a creditor cannot use a consumer's
apparent medical condition as the basis for requiring the consumer to
obtain debt cancellation, debt suspension, or credit insurance coverage
as a condition for the extension of credit. Even though the use of
medical information to determine the consumer's eligibility for a debt
cancellation contract, debt suspension agreement, or credit insurance
product generally is subject to an exception to the general prohibition
pursuant to paragraphs (e)(1)(viii) or (e)(1)(ix), a creditor may not
condition an extension of credit to the consumer on the consumer
obtaining debt cancellation, debt suspension, or credit insurance
coverage based on the consumer's physical, mental, or behavioral
health, condition or history, type of treatment, or prognosis.
In addition, the heading of renumbered paragraph (d)(2)(i) has been
revised in the interim final rule to reflect changes made to the first
prong of the test to encompass the type of information routinely used
in making credit eligibility determinations. Non-substantive revisions
have also been made to the examples in renumbered paragraphs
(d)(2)(ii)(A) and (C) for clarity. Aside from these changes, the
examples are adopted as proposed.
E. Specific Exceptions for Obtaining and Using Medical Information
Section --.30(d) of the proposal contained a number of specific
exceptions to the general prohibition. These exceptions would allow
creditors to obtain and use medical information for a limited number of
particular purposes in connection with a determination of the
consumer's eligibility, or continued eligibility, for credit. A
creditor that obtains medical information pursuant to one of these
specific exceptions may not subsequently use the information in
connection with determining the consumer's eligibility, or continued
eligibility, for credit unless an exception applies. In the interim
final rule, the specific exceptions are contained in renumbered
paragraph (e) of each Agency's rule. Section --.4 of the separate rule
contains the identical exceptions in paragraphs (a)(1)-(9).
Determination of power of attorney, legal representative and legal
capacity. Proposed paragraph (d)(1)(i) provided that a creditor may
obtain and use medical information to determine whether the use of a
power of attorney or legal representative is necessary and appropriate.
This exception was designed to permit a creditor to verify, in
connection with a credit eligibility determination, that the exercise
of a power of attorney or legal representative is necessary and
appropriate. Some industry commenters suggested that the exception
clarify that creditors may obtain and use medical information to
determine the consumer's competency or legal capacity to contract.
Privacy advocates, consumer and community groups, and health care
associations suggested limiting the power of attorney exception to
circumstances where a power of attorney is triggered by a medical
condition or where there is a legitimate question about the consumer's
legal capacity to contract when a person asserts the exercise of a
power or attorney or claims to act as a legal representative on behalf
of a consumer. The FTC commented that the limited circumstances where
medical information may be obtained and used to determine whether a
power of attorney is necessary and appropriate would not be in
connection with a credit eligibility determination, and therefore
should be addressed through an interpretation of the statute, rather
than through an exception.
The interim final rule revises the exception for the use of a power
of attorney or legal representative. Renumbered paragraph (e)(1)(i) of
the interim final rule permits a creditor to obtain and use medical
information in connection with determining the consumer's credit
eligibility to determine whether the use of a power of attorney or
legal representative that is triggered by a medical event or condition
is necessary and appropriate or whether the consumer has the legal
capacity to contract when a person seeks to exercise a power of
attorney or act as legal representative for a consumer based on an
asserted medical event or condition. The interim final rule makes two
substantive changes in response to the comments received. First, the
exception has been narrowed to permit a creditor to obtain and use
medical information only when the power of attorney or legal
representative is triggered by a medical event or condition. Second,
the exception has been revised to permit a creditor to
[[Page 33968]]
determine whether the consumer has the legal capacity to contract where
a person seeks to exercise a power of attorney or act as a legal
representative based on an asserted medical event or condition. This
revision is designed to clarify that creditors may obtain and use
medical information to verify that the asserted medical event or
condition triggering the power of attorney or legal representative has,
in fact, occurred and renders the consumer legally incapable of
contracting. Where use of a power of attorney or legal representative
is triggered by non-medical events or conditions, creditors should not
need to obtain or use medical information.
In response to the FTC's comments, the Agencies recognize that a
power of attorney or legal representative may be used in a variety of
circumstances, many of which have no connection with a determination of
a consumer's eligibility, or continued eligibility, for credit. For
example, a power of attorney or legal representative may be used in
connection with establishing a deposit or other asset account. In those
circumstances, the general prohibition on obtaining or using medical
information would not apply because the information would not be
obtained or used in connection with any determination of the consumer's
eligibility, or continued eligibility, for credit. The introductory
language to renumbered paragraph (e) of the interim final rules makes
clear that the specific exceptions apply to a creditor that ``may
obtain and use medical information pertaining to a consumer in
connection with any determination of the consumer's eligibility, or
continued eligibility, for credit.'' A creditor that obtains and uses
medical information in circumstances not connected with a credit
eligibility determination is not subject to the general statutory
prohibition and does not have to rely upon the power of attorney or any
other exception.
Compliance with applicable law. Proposed paragraph (d)(1)(ii)
provided an exception to permit a creditor to obtain and use medical
information to comply with applicable requirements of local, state, or
Federal laws. The Agencies received only a few comments on this
proposed exception. One commenter asked the Agencies to clarify that
this exception covered laws that prohibit unfair and deceptive acts or
practices. The FTC suggested that the financial abuse statutes
referenced in the preamble as an example do not involve credit
eligibility determinations, and therefore a statutory interpretation
was more appropriate than an exception.
In the interim final rule, renumbered paragraph (e)(1)(ii) is
adopted as proposed. Although many legal requirements do not have any
connection with credit eligibility, other laws may have such a
connection. As noted above, a creditor that obtains and uses medical
information to comply with applicable laws in circumstances that are
not connected with a credit eligibility determination is not subject to
the general statutory prohibition and does not have to rely upon the
exception. However, the exception is retained to cover those
circumstances where it may be needed to protect creditors from
inconsistent legal obligations.
Special credit program or credit-related assistance program. One
commenter suggested that the proposed compliance with applicable laws
exception would not be sufficient to permit creditors to obtain and use
medical information in connection with special credit or credit-related
programs, such as programs established by government-sponsored
enterprises. Such programs may require creditors as part of the program
requirements to obtain and use medical information in ways not covered
by the other exceptions. Consistent with the policy goals established
by Congress, the prohibition on creditors obtaining or using medical
information should not interfere with the ability of creditors to
assist consumers to qualify for beneficial special programs established
by government-sponsored enterprises, not-for-profit organizations, or
others.
To address this concern, the interim final rule contains a new
exception in renumbered paragraph (e)(1)(iii) that permits creditors to
obtain and use medical information in connection with a determination
of the consumer's eligibility, or continued eligibility, for credit, to
determine, at the consumer's request, whether the consumer qualifies
for a legally permissible special credit program or credit-related
assistance program that is: (a) Designed to meet the special needs of
consumers with medical conditions and (b) established and administered
pursuant to a written plan of the plan sponsor that identifies the
class of persons that the program is designed to benefit and sets forth
the procedures and standards for extending credit or providing other
credit-related assistance under the program. Because not all
potentially eligible consumers may seek to qualify for a special credit
or credit assistance program, this exception applies only when the
consumer requests to be considered for the program. A creditor,
however, may provide consumers with information about such programs to
educate consumers about their options. In addition, any special credit
or credit assistance program must meet the requirements of all
applicable fair lending laws. The plan sponsor may include a government
agency, charitable organization, the creditor, or any other person.
This exception is modeled after the provisions relating to special
purpose credit programs in the ECOA and the Board's Regulation B, 12
CFR part 202. What programs are permissible and what inquiries to
determine medical eligibility are permissible, however, are governed by
other laws, including applicable fair lending laws, and are beyond the
scope of this rule.
Renumbered paragraph (e)(2) of the interim final rule provides an
example to illustrate this exception. In the example, a not-for-profit
organization establishes a credit assistance program pursuant to a
written plan that is designed to assist disabled veterans purchase
homes by subsidizing the down payment for the home purchase mortgage
loans of qualifying veterans. The organization works through mortgage
lenders and requires mortgage lenders to obtain medical information
about the disability of any consumer that seeks to qualify for the
program, use that information to verify the consumer's eligibility for
the program, and forward that information to the organization. A
consumer who is a veteran applies to a creditor for a home purchase
mortgage loan. The creditor informs the consumer about the credit
assistance program for disabled veterans and the consumer seeks to
qualify for the program. The example states that, assuming that the
program complies with all applicable law, including applicable fair
lending laws, the creditor may obtain and use medical information about
the medical condition and disability, if any, of the consumer to
determine whether the consumer qualifies for the credit assistance
program.
Fraud prevention or detection. Proposed paragraph (d)(1)(iv)
provided that a creditor may obtain and use medical information for
purposes of fraud prevention and detection. Industry commenters
supported the proposed exception. Privacy advocates, consumer and
community groups, and health care associations believed the proposed
exception was overbroad and unnecessary in light of the other
exceptions.
The interim final rule retains the fraud prevention or detection
exception in renumbered paragraph (e)(1)(iv), although the language has
been revised to make clear that the exception is
[[Page 33969]]
available only to the extent necessary to prevent or detect fraud. The
Agencies anticipate that creditors would find it necessary to obtain
and use medical information for purposes of fraud prevention and
detection in limited circumstances. Creditors relying on this exception
should have the systems in place to demonstrate the necessity for
obtaining and using medical information to prevent or detect fraud.
Creditors that actually use medical information in legitimate fraud
prevention or detection programs should be able to make this
demonstration. Blanket assertions of a fraud prevention or detection
purpose alone, however, are not sufficient to justify the collection of
medical information about consumers under the anti-fraud exception.
Financing medical products or services. Proposed paragraph
(d)(1)(v) provided that a creditor may obtain and use medical
information in connection with credit eligibility determinations in the
case of credit for the purpose of financing medical products or
services to determine and verify the medical purpose of a loan and the
use of proceeds. As noted in the proposal, certain creditors have
established specialized loan programs that finance specific medical
procedures, such as vision correction surgery, but not others. In such
cases, the creditor may need to obtain and use medical information in
connection with determining whether the purpose of the loan is within
the scope of the creditor's established loan program. The proposal also
provided examples of this exception.
Commenters generally supported the medical financing exception.
Several commenters suggested revising the example in proposed paragraph
(d)(2)(i) to permit the creditor to verify that the procedure to be
financed will be performed, in conformance with the language of the
exception, rather than permitting a creditor to confirm the consumer's
medical eligibility.
Renumbered paragraph (e)(1)(v) of the interim final rule retains
the medical financing exception as proposed. The examples of the
medical financing exception have been moved to paragraph (e)(3) in the
interim final rule. The example in paragraph (e)(3)(i) of the interim
final rule has been revised from the proposal in accordance with the
commenters' suggestions.
Medical accommodation. Section --.30(d)(1)(vi) of the proposal
provided that a creditor may obtain and use medical information if the
consumer or the consumer's legal representative requested in writing,
on a separate document signed by the consumer or the consumer's legal
representative, that the creditor use specific medical information for
a specific purpose in determining the consumer's eligibility, or
continued eligibility, for credit, to accommodate the consumer's
particular circumstances. Under the proposal, the signed, written
request had to describe the specific medical information that the
consumer requested the creditor to use and the specific purpose for
which the information would be used. The proposal contemplated an
individualized process in which the consumer would inform the creditor
about the specific medical information that the consumer would like the
creditor to use and for what purpose. As noted in the preamble to the
proposal, this exception was not intended to allow creditors to obtain
consent on a routine basis or as a part of loan applications or
documentation. The proposal provided examples of the medical
accommodation exception.
Commenters had a number of recommendations regarding the medical
accommodation exception. Privacy advocates, consumer and community
groups, and health care associations suggested that the regulation
should explicitly state that creditors may not request medical
information or consent to obtain medical information on a routine basis
or as part of a loan application. Several commenters also suggested
clarifying that the request must be voluntary and initiated by the
consumer. In addition, commenters suggested including language in the
regulation to clarify that the exception is not met by a form that
contains a pre-printed description of various types of medical
information and the uses to which it might be put. Some commenters
urged the Agencies to add a disposal requirement on creditors that
obtain information that is not needed. Consumer and community groups
also suggested eliminating the forbearance interpretation, folding that
interpretation into the medical accommodation exception, and adding
anti-discrimination protections to the provision, similar to the ``no
less favorable'' standard used in renumbered paragraph (d).
Industry commenters generally believed that the medical
accommodation was too restrictive. Some industry commenters suggested
that the use of pre-printed consent forms or other routine form of
consent should be sufficient to trigger the exception. Other commenters
suggested that the consumer should be able to request the use of
medical information through oral and electronic means, not simply
through a signed writing. One commenter noted that many creditors
include a section on their credit applications where the consumer may
describe special circumstances or other information that the consumer
would like the creditor to consider. This commenter recommended
relaxing the requirements of the medical accommodation exception to
enable the exception to apply in this circumstance. Another commenter
noted that the medical accommodation exception was drafted so narrowly
that it may prohibit a creditor from obtaining or using additional
medical information to verify or corroborate the facts necessary to
support a consumer's medical accommodation request.
In the interim final rule, the medical accommodation exception in
renumbered paragraph (e)(1)(vi) has been revised to address commenters'
concerns. Paragraph (e)(1)(vi) provides an exception for circumstances
where the consumer or the consumer's legal representative specifically
requests that the creditor use medical information in determining the
consumer's eligibility, or continued eligibility, for credit, to
accommodate the consumer's particular circumstances, and such request
is documented by the creditor. Any such accommodation must be
consistent with safe and sound practices. The requirement for a
separate signed writing by the consumer that describes the specific
medical information and the specific purpose for which it is to be used
has been deleted in the interim final rule. Instead, the interim final
rule focuses on the specific request of the consumer and the creditor's
documentation of that request. As revised, the interim final rule
permits the medical accommodation exception to be triggered by the
consumer's oral, electronic, or written request. A consumer may make a
specific request by responding to a generic inquiry on a credit
application that invites the consumer to describe any special
circumstances or other information (not limited to medical information)
that the consumer would like the creditor to consider in evaluating the
consumer's application. The disposal of records connected with a
specific request for a medical accommodation is beyond the scope of
this rule and may not be appropriate in certain circumstances.
The proposal contained examples to illustrate the medical
accommodation exception. In the interim final rule, the examples have
been moved to paragraph (e)(4) and revised and expanded to address
commenters' concerns.
By its terms, the medical accommodation exception incorporates a
non-discrimination provision, because
[[Page 33970]]
a creditor may only use medical information to ``accommodate'' or favor
the consumer's particular circumstances. Using medical information to
discriminate against or disadvantage the consumer would not meet the
requirements of the exception. Nothing in this rule, however, requires
a creditor to consider medical information at the consumer's request or
to provide an accommodation to the consumer. Under this rule, a
creditor may disregard medical information obtained in connection with
a consumer's specific request for an accommodation and evaluate the
consumer in accordance with the creditor's otherwise applicable
underwriting criteria. Other applicable laws, including applicable fair
lending laws, may require creditors to consider such requests in
certain circumstances. Consideration of circumstances governed by other
applicable laws is beyond the scope of this rule. The example in
renumbered paragraph (e)(4)(i) has been revised to clarify the
creditor's options when presented with a specific request from a
consumer for a medical accommodation.
The example in renumbered paragraph (e)(4)(ii) has been revised to
apply to a specific request made by telephone and documented by the
creditor. The example in paragraph (e)(4)(iii) is new and illustrates
how a specific request may be made by the consumer on a credit
application.
A consumer who specifically requests a medical accommodation may
not provide sufficient information to enable a creditor to determine
whether such an accommodation is warranted. In that case, a creditor
may request additional information as necessary to verify or
corroborate the information provided or to enable the creditor to
determine whether to make a medical accommodation for the consumer's
particular circumstances. The consumer at any time may decline to
provide further medical information, withdraw the request for an
accommodation, and choose to be evaluated according to the creditor's
otherwise applicable underwriting criteria. The example in paragraph
(e)(4)(iv) is new and illustrates how creditor requests for additional
information may be handled.
As noted in the proposal, creditors may not rely on the medical
accommodation exception to routinely obtain and use medical information
about consumers in connection with credit eligibility determinations.
This exception is triggered when the consumer specifically requests an
accommodation. The requirement for a specific request from the consumer
is not satisfied by a creditor routinely including boilerplate language
in a credit application which indicates that by applying for credit the
consumer authorizes or consents to the creditor obtaining and using
medical information in connection with credit eligibility
determinations. The example in paragraph (e)(4)(v) is new and
illustrates that routine requests by creditors do not fall within the
exception.
Forbearance. In the proposal, forbearance practices and programs
were addressed as an interpretation, rather than as an exception.
Industry commenters believed that the proposed interpretation was too
narrow because it only covered the triggering of forbearance practices
and programs. These commenters believed that medical information should
be available for use in determining whether to offer forbearance
practices or programs to the consumer. Several industry commenters also
requested clarification that informal forbearance practices would be
covered by this interpretation. Privacy advocates, consumer and
community groups, and health care associations suggested limiting the
proposed interpretation to forbearance practices and programs triggered
by a medically related event.
In the interim final rule, forbearance practices and programs are
addressed in a new exception in paragraph (e)(1)(vii). Forbearance
practices and programs may be established to address both medical and
non-medical events. The exception, however, applies only to forbearance
practices and programs that are triggered by medical events or
conditions. Accordingly, paragraph (e)(1)(vii) of the interim final
rule creates an exception to permit creditors to obtain and use medical
information ``consistent with safe and sound practices, to determine
whether the provisions of a forbearance practice or program that is
triggered by a medical event or condition apply to a consumer.'' This
exception is flexible enough to cover both formal and informal
forbearance practices and programs. Application of a forbearance
practice or program may or may not be based on the request of the
consumer. Paragraph (e)(5) provides an example of a forbearance
practice or program.
Debt cancellation contracts, debt suspension agreements, or credit
insurance products. As noted above, the proposal addressed debt
cancellation contracts, debt suspension agreements, and credit
insurance products through an interpretation. Most commenters believed
that it was more appropriate to address these contracts, agreements,
and products through an exception. The FTC, however, recommended that
the Agencies continue to address debt cancellation contracts, debt
suspension agreements, and credit insurance products through an
interpretation. The Agencies believe that the better approach is to
create exceptions and, thus, have created two new exceptions in
paragraphs (e)(1)(viii) (covering debt cancellation contracts and debt
suspension agreements) and (e)(1)(ix) (covering credit insurance
products) for the reasons discussed below.
Industry commenters believed that the proposed interpretation was
too narrow because it only covered the triggering of debt cancellation
contracts, debt suspension agreements, and credit insurance products.
These commenters believed that medical information should be available
for use in determining the consumer's eligibility for, the triggering
of, or the reactivation of those contracts, agreements, or products.
Privacy advocates, consumer and community groups, and health care
associations believed that the proposed interpretation was too broad
because debt cancellation contracts and debt suspension agreements are
often triggered by events such as loss of employment or divorce that
have no connection with medical information. Privacy advocates,
consumer and community groups, and health care associations urged the
Agencies to delete credit insurance from the proposed provision,
maintaining that creditors typically do not offer credit insurance
directly. Industry commenters had various suggestions regarding credit
insurance, including creating a separate exception for credit
insurance, referencing credit insurance in the preceding paragraph
(a)(2)(i)(A) (now paragraph (b)(2)(iii)(A)), or broadening the proposed
interpretation to cover eligibility and reactivation determinations.
In the interim final rule, debt cancellation contracts and debt
suspension agreements are addressed in one exception (paragraph
(e)(1)(viii)) and credit insurance products are addressed in a separate
exception (paragraph (e)(1)(ix)) in recognition of the distinct
character of those products. See also sections --.4(a)(8) and (9) of
the separate rule.
Under this rule, a creditor may not use medical information about a
consumer to determine whether the consumer will be required to obtain a
debt cancellation contract, debt suspension agreement, or credit
insurance product. For example, a consumer who is in a wheelchair
cannot be required to obtain credit insurance
[[Page 33971]]
because of the consumer's disability. An example in paragraph
(d)(2)(iii)(C) of each Agency's rule and in Sec. --.3(b)(3)(iii) of
the separate rule illustrates this limitation. Also, a creditor would
not violate this particular rule if it requires all consumers who seek
a particular type of credit, such as credit to finance the purchase of
a home with a small down payment, to obtain credit insurance or a
similar product.
The rule makes clear that creditors may use medical information to
underwrite credit insurance, or to underwrite related credit products,
such as debt cancellation contracts and debt suspension agreements, if
a medical condition or event is a triggering event for the provision of
benefits. However, denial of these products cannot be used as a
subterfuge to consider medical information in making a determination
about eligibility or continued eligibility for the underlying loan.
In addition, other laws and regulations, including applicable anti-
tying rules and fair lending laws, may prohibit or otherwise restrict a
creditor from requiring a consumer to obtain a debt cancellation
contract, debt suspension agreement, or credit insurance product in
connection with an extension of credit.\10\ A discussion of the
circumstances prohibited by other laws and regulations is beyond the
scope of this rule.
---------------------------------------------------------------------------
\10\ For example, banks are prohibited from conditioning an
extension of credit on the consumer obtaining some additional
credit, property or service from the bank or its affiliate other
than a loan, discount, deposit or trust service, see Bank Holding
Company Amendments of 1970 Sec. 106(b) (12 U.S.C. 1972); see also
12 CFR 37.3(a) (providing that a national bank may not extend credit
nor alter the terms or conditions of an extension of credit
conditioned upon the customer entering into a debt cancellation
contract or debt suspension agreement with the bank).
---------------------------------------------------------------------------
Finally, creditors are reminded that when a creditor offers a
consumer a debt cancellation contract, debt suspension agreement, or
credit insurance product that is related to a credit product that the
consumer obtains or seeks to obtain from the creditor, it may not be
clear to the consumer why the creditor is seeking to obtain medical
information. As discussed below, creditors generally would be
prohibited from specifically asking for medical information on a credit
application, except where a creditor has a specific application for the
financing of medical procedures. Whether medical information is
collected on the credit application or through other means, creditors
should make it clear to consumers that the purpose for obtaining
medical information relates to debt cancellation contracts, debt
suspension agreements, or credit insurance products, rather than to the
credit itself. Moreover, where obtaining those products is voluntary,
the consumer should be told that it is not necessary to provide medical
information and that the failure to answer medically related questions
will have no impact on the credit decision.
Deleted exceptions and additional exceptions requested by
commenters. Proposed paragraph (d)(1)(iii) provided that a creditor may
obtain and use uncoded medical information included in a consumer
report furnished by a consumer reporting agency in accordance with
section 604(g)(1)(B) of the FCRA, if such information is used for the
purpose for which the consumer provided specific written consent. As
discussed above, this proposed exception has been eliminated.
Proposed paragraph (d)(1)(vii) provided that a creditor may obtain
and use medical information as otherwise permitted by order of the
appropriate agency. Privacy advocates, consumer and community groups,
and health care associations objected to this provision. The Agencies
believe this paragraph is unnecessary and have omitted it from the
interim final rule because the Agencies are adopting identical
exceptions and, as noted above, intend to make any amendments to the
rules in consultation and coordination with each other.
Commenters also requested the creation of a number of additional
exceptions for flexible spending programs tied to credit cards, for
products tied to a consumer's life expectancy, and to facilitate
resolution of direct disputes with consumers. The Agencies believe that
additional exceptions are not needed and that commenters' concerns are
adequately addressed by the interpretation of ``eligibility, or
continued eligibility, for credit'' and the existing exceptions.
Section --.31 Limits on Redisclosure of Information
Proposed section --.30(e) incorporated the statutory provision
regarding the limits on redisclosure of medical information. In the
proposal, this paragraph provided that a person that receives medical
information about a consumer from a consumer reporting agency or an
affiliate is prohibited from disclosing that information to any other
person, except as necessary to carry out the purposes for which the
information was initially disclosed, or as otherwise permitted by
statute, regulation, or order.
Some commenters requested clarification of the phrase ``as
otherwise permitted by statute, regulation, or order'' that is used in
the statute and proposed regulation. Other commenters requested
clarification that a redisclosure may be made for any purpose described
in section 502(e) of the GLB Act. The Agencies believe that the
redisclosure language, which was taken directly from the statute, is
clear and that no further clarification is necessary.
In the interim final rules, the Agencies are adopting this
provision in a new section --.31 in each Agency's rule pursuant to
their joint rulemaking authority under section 621(e) of the FCRA. The
separate rule does not contain a similar provision on redisclosure
limits.
Section --.32 Sharing Medical Information With Affiliates
Section --.31 of the proposal addressed the sharing of medically
related information with affiliates. In the interim final rule, these
provisions are contained in section --.32.
Proposed paragraph (a) provided that the standard exclusions from
the definition of ``consumer report'' contained in section 603(d)(2) of
the Act--including the exclusions for sharing transaction or experience
information among affiliates or sharing other eligibility information
among affiliates after notice and an opportunity to opt-out--do not
apply if medical information, an individualized list or description
based on payment transactions for medical products or services, or an
aggregate list or description based on payment transactions for medical
products or services is disclosed to an affiliate.
Proposed paragraph (b) provided that the special restrictions on
sharing medically related information with affiliates did not apply,
and the standard exclusions from the definition of consumer report
remained in effect, if the information was disclosed to an affiliate in
certain circumstances. The proposal incorporated each of the exceptions
enumerated in section 604(g)(3)(A) and (B) of the Act.
The first statutory exception is when medically related information
is shared with an affiliate in connection with the business of
insurance or annuities (including the activities described in section
18B of the model Privacy of Consumer Financial and Health Information
Regulation issued by the National Association of Insurance
Commissioners (NAIC), as in effect on January 1, 2003). Some commenters
questioned the adequacy of the comment period based on the fact that
the NAIC model privacy regulation is
[[Page 33972]]
not readily available to the public, but must be purchased from NAIC.
The reference to the NAIC model privacy regulation is a statutory
reference that the Agencies have incorporated into the regulation.
Interested parties may purchase a copy of the NAIC model Privacy of
Consumer Financial and Health Information Regulation at http://www.naic.org
.
The second statutory exception is when medically related
information is shared with an affiliate for any purpose permitted
without authorization under the Standards for Individually Identifiable
Health Information promulgated by the Department of Health and Human
Services (HHS) pursuant to the Health Insurance Portability and
Accountability Act of 1996 (HIPAA). One commenter asked the Agencies to
broaden this exception by deleting the phrase ``for any purpose
permitted without authorization'' and replacing it with a reference to
any sharing ``as permitted under'' the HIPAA regulations issued by HHS.
The Agencies find no basis for altering the specific exceptions adopted
by Congress. Furthermore, the Agencies note that the special affiliate
sharing restrictions do not apply unless the communication of medically
related information would otherwise meet the definition of a ``consumer
report.''
The third statutory exception is when medically related information
is shared with an affiliate for any purpose referred to under section
1179 of HIPAA. Section 1179 of HIPAA provides that to the extent that
an entity is engaged in activities of a financial institution or is
engaged in authorizing, processing, clearing, settling, billing,
transferring, reconciling or collecting payments for a financial
institution, the HIPAA standards and requirements do not apply to the
entity with respect to such activities. Section 1179 also provides as
an example of a use or disclosure of information not covered by that
statute, the use or disclosure of information for authorizing,
processing, clearing, settling, billing, transferring, reconciling, or
collection, a payment for, or related to, health care premiums or
health care. Some commenters requested that the Agencies contact the
Department of Health and Human Services (HHS) to clarify an issue
regarding the scope of section 1179. Any consultation with HHS
regarding section 1179 of HIPAA would be independent of this
rulemaking.
The fourth statutory exception is when medically related
information is shared with an affiliate for any purpose described in
section 502(e) of the GLB Act. As previously noted in the proposal,
some of the purposes described in section 502(e) of the GLB Act may be
germane to the sharing of information among affiliates--for example,
sharing with the consent of the consumer, for fraud prevention
purposes, or as necessary to effect, administer, or enforce a
transaction requested or authorized by the consumer--while other
purposes described in section 502(e) are not--for example, sharing
information with law enforcement or regulatory authorities.
The fifth exception is not set forth in the statute and provides
that the special restrictions on sharing medically related information
with affiliates do not apply, and the standard exclusions from the
definition of consumer report remain in effect, if the information is
disclosed to an affiliate in connection with a determination of the
consumer's eligibility, or continued eligibility, for credit consistent
with Sec. --.30 of this subpart. Industry commenters supported this
exception. Privacy advocates, consumer and community groups, and health
care associations requested the deletion of this exception or, as an
alternative, that this exception not apply to uncoded medical
information obtained from a consumer reporting agency with the
consumer's specific written consent or to information obtained pursuant
to the medical accommodation exception. This exception is adopted as
proposed in paragraph (b)(5).
The Agencies continue to believe that it is necessary and
appropriate to allow a person to share medically related information
with an affiliate in connection with a determination of the consumer's
eligibility, or continued eligibility, for credit consistent with the
provisions of Sec. --.30. In response to commenters' concerns, the
Agencies note that the interim final rule permits uncoded medical
information from a consumer reporting agency to be used only as
permitted by the exceptions in Sec. --.30(d) and (e). Moreover, the
medical accommodation exception restricts creditors from routinely
obtaining and using medical information because the exception is
triggered by a consumer's specific request. Thus, the Agencies believe
that the provisions of Sec. --.30(d) and (e) are sufficient to prevent
the inappropriate sharing of medical information with and the
inappropriate use of medical information by affiliates.
Finally, the sixth exception provides that the special restrictions
on sharing medically related information with affiliates would not
apply if otherwise permitted by order of the appropriate agency. This
exception incorporates the authority delegated to the Agencies by the
Congress to create exceptions through orders. Privacy advocates,
consumer and community groups, and health care associations
acknowledged the authority of the Agencies to expand the affiliate-
sharing exceptions by order. This exception is adopted as proposed in
paragraph (b)(6).
As noted in the proposal, the prohibitions on obtaining or using
medical information in Sec. --.30 operate independently from the
exceptions that permit the sharing of that information among affiliates
in accordance with the provisions of section 603(d)(2) of the Act. For
example, if a mortgage lender has obtained and used medical information
in accordance with one of the exceptions in Sec. --.30(c) or (d), the
mortgage lender may share that information with its credit card
affiliate without becoming a consumer reporting agency if one of the
exceptions in Sec. --.32(b) applies. However, the credit card
affiliate may not obtain or use that information in connection with any
determination of the consumer's eligibility, or continued eligibility,
for credit, except to the extent permitted by Sec. --.30.
Effective Date and Solicitation of Comments
The statute provides that the final rules shall take effect on the
later of 90 days after the rules are issued in final form, or the date
specified in the regulations. Commenters believed that the effective
date of the final rules should be no sooner than 90 days after the
rules are issued in final form, although many commenters requested a
longer period before the final rules take effect. Commenters generally
believed that the effective date should be synchronized with the
statutory prohibition, so that creditors would not be subject to the
prohibition on obtaining or using medical information before the
effective date of the regulatory exceptions. The interim final rules
shall take effect on March 7, 2006, which is 270 days after the date of
publication in the Federal Register. Comments on the interim final rule
must be received by July 11, 2005.
V. Regulatory Analysis
Paperwork Reduction Act
In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C.
3506, et seq.) and its implementing regulations at 5 CFR part 1320,
including Appendix A.1, the Agencies have reviewed the interim final
rules and determined that they contain no collections of information.
The Board
[[Page 33973]]
made this determination under authority delegated by the Office of
Management and Budget.
Regulatory Flexibility Analysis
OCC: The OCC received no comment on its Initial Regulatory
Flexibility Analysis published in connection with the April 28, 2004,
NPRM. Upon further review, the OCC certifies that this interim final
rule will not have a significant economic impact on a substantial
number of small entities.
Under section 605(b) of the Regulatory Flexibility Act (RFA), 5
U.S.C. 605(b), the regulatory flexibility analysis otherwise required
under section 604 of the RFA is not required if an agency certifies,
along with a statement providing the factual basis for such
certification, that the rule will not have a significant economic
impact on a substantial number of small entities. The OCC has reviewed
the impact of this interim final rule on small entities and certifies
that it will not have a significant economic impact on a substantial
number of small entities.
The Small Business Administration (SBA) has defined ``small
entities'' for banking purposes as a bank or savings institution with
assets of $150 million or less. See 13 CFR 121.201. The interim final
rule implements section 411 of the FACT Act and imposes only minimal
economic impact on national banks. The interim final rule creates
exceptions to the FACT Act's prohibition against national banks
obtaining and using a consumer's medical information in connection with
credit determinations. Additionally, the interim final rule implements
the FACT Act's restrictions on the sharing of medical information among
affiliates and includes exceptions to permit the sharing of medical
information in certain circumstances. The interim final rule applies to
national banks, Federal branches and agencies, their respective
subsidiaries, and persons that participate in a credit transaction
involving a national bank, Federal Branch or agency, or their
respective subsidiaries (``entities'') that obtain or use medical
information in connection with credit determinations, regardless of
their size. However, it is likely that small entities, because of the
nature and size of their operations, will encounter fewer instances
where they might obtain or use medical information. Therefore, the
interim final rule is not expected to result in a significant economic
impact for small national entities.
Board: The Board has prepared a final regulatory flexibility
analysis as required by the Regulatory Flexibility Act (5 U.S.C. 601 et
seq.).
1. Statement of the need for and objectives of the interim final
rule. The FACT Act amends the FCRA and was enacted, in part, for the
purpose of protecting consumers' medical information. Section 411 of
the FACT Act contains a general prohibition on creditors obtaining or
using medical information pertaining to a consumer in connection with
any determination of the consumer's eligibility, or continued
eligibility, for credit. Section 411 authorizes the Board, together
with the other Agencies, to create exceptions to allow creditors to
obtain or use medical information for eligibility purposes where
necessary and appropriate to protect legitimate operational,
transactional risk, consumer, and other needs, consistent with the
Congressional intent to restrict the use of medical information for
inappropriate purposes.
Section 411 also limits the ability of an institution to share
medical information with its affiliates without becoming a consumer
reporting agency, subject to certain exceptions, and restricts the
redisclosure of medical information. The statute authorizes the Board
to issue regulations to create additional exceptions that are
determined to be necessary and appropriate to permit the sharing of
medical information among affiliates. The Board is adopting the interim
final rule to create exceptions that permit creditors to obtain and use
medical information in credit eligibility determinations, restate the
limits on redisclosure, and restate and add to the exceptions that
allow sharing among affiliates. The SUPPLEMENTARY INFORMATION above
contains information on the objectives of the interim final rule.
2. Summary of issues raised by comments in response to the initial
regulatory flexibility analysis. In accordance with section 3(a) of the
Regulatory Flexibility Act, the Board conducted an initial regulatory
flexibility analysis in connection with the proposed rule. The Board
did not receive any comments on its initial regulatory flexibility
analysis.
3. Description of small entities affected by the proposal. Each
section of the interim final rule applies to different types of small
entities and specifies the types of small entities subject to that
section. The interim final rule would apply, in whole or in part, to
banks that are members of the Federal Reserve System (other than
national banks) and their subsidiaries, branches and Agencies of
foreign banks (other than Federal branches, Federal Agencies, and
insured State branches of foreign banks) and their subsidiaries,
commercial lending companies owned or controlled by foreign banks,
organizations operating under section 25 or 25A of the Federal Reserve
Act (12 U.S.C. 601 et seq., and 611 et seq.), bank holding companies
and affiliates of such holding companies (other than depository
institutions and consumer reporting agencies), and creditors that
participate in a transaction with one of the above-mentioned entities.
A separate rule would apply to creditors not otherwise subject to one
of the Agency rules. The Board's interim final rule will apply to the
following institutions (numbers approximate): State member banks (932),
bank holding companies (5,152), holding company non-bank subsidiaries
(2,131), U.S. branches and agencies of foreign banks (289), and Edge
and agreement corporations (75), for a subtotal of approximately 8,579
institutions. The Board estimates that over 5,000 of these institutions
could be considered small institutions with assets less than $150
million. The Board is unable to estimate the number of creditors that
may participate in transactions with such institutions or the number of
other creditors that may be covered by the separate rule.
All small entities that are creditors will be affected by the
provision of the interim final rule that addresses the prohibition on,
and exceptions to, creditors obtaining or using medical information in
connection with credit eligibility determinations. All small creditors
will have to comply with the exceptions if they obtain or use medical
information about consumers in connection with any credit eligibility
determination.
4. Recordkeeping, reporting, and compliance requirements. The
interim final rule requires certain documentation to qualify for some
of the specific exceptions, as discussed in the SUPPLEMENTARY
INFORMATION above. The interim final rule contains no reporting or
disclosure requirements.
5. Steps taken to minimize the economic impact on small entities.
The Board solicited comment on how to minimize the economic impact on
small entities. The Board did not receive any comments on this issue.
By adopting consistent rules and exceptions, the Board and the other
Agencies have attempted to minimize the economic impact on small
entities.
FDIC: The Agencies received no comments on their initial regulatory
flexibility analyses. Upon further analysis, the FDIC certifies that
this rule creating exceptions to the FACT Act's general prohibition on
creditors obtaining or using medical information
[[Page 33974]]
pertaining to a consumer in connection with any determination of the
consumer's eligibility, or continued eligibility, for credit will not
have a significant economic impact on small entities. This interim
final rule, as authorized by section 411 of the FACT Act, creates
exceptions to allow creditors to obtain or use medical information for
eligibility purposes where necessary and appropriate to protect
legitimate operational, transactional risk, consumer, and other needs,
consistent with the Congressional intent to restrict the use of medical
information for inappropriate purposes. The rule also excludes, in
certain situations, medical information shared by a covered entity with
an affiliate from the definition of a consumer report in section 603(d)
of the FCRA, and addresses the reuse and redisclosure of medical
information.
OTS: In accordance with section 603(a) of the Regulatory
Flexibility Act (RFA) (5 U.S.C. 603(a)), OTS conducted an initial
regulatory flexibility analysis in connection with the April 28, 2004
proposed rule. OTS did not receive any comments on its initial
regulatory flexibility analysis.
Upon further analysis, OTS certifies in accordance with section
605(b) of the RFA (5 U.S.C. 605(b)) that this interim final rule will
not have a significant economic impact on a substantial number of small
entities. The Small Business Administration (SBA) has generally defined
small savings institutions for RFA purposes as those with assets of
$150 million or less. 13 CFR 121.201.
This interim final rule implements section 411 of the FACT Act and
imposes only minimal economic impact. Section 571.30 creates exceptions
to allow creditors to obtain or use medical information for credit
eligibility purposes where necessary and appropriate to protect
legitimate operational, transactional risk, consumer, and other needs,
consistent with the congressional intent to restrict the use of medical
information for inappropriate purposes. It applies to all any of the
following, regardless of size, that participates as a creditor in a
transaction: (1) A savings association; (2) a subsidiary owned in whole
or in part by a savings association; (3) a savings and loan holding
company; (4) a subsidiary of a savings and loan holding company other
than a bank or subsidiary of a bank; (5) a service corporation owned in
whole or in part by a savings association; or (6) any other person that
participates as a creditor in a transaction involving a person
described (1)-(5).
Section 571.31 implements the FACT Act's restrictions on the
redisclosure of information. Section 571.32 implements the FACT Act's
restrictions on the sharing of medical information among affiliates and
includes exceptions to permit the sharing of medical information in
certain circumstances. These sections apply to savings associations and
Federal savings association operating subsidiaries, regardless of size.
As referenced elsewhere in this SUPPLEMENTARY INFORMATION, other
laws and regulations, such as the Fair Housing Act, the Americans with
Disabilities Act, and OTS's anti-discrimination rules in 12 CFR part
528, also limit or regulate obtaining and using medical information for
credit eligibility determinations in a manner that discriminates
against persons whose medical condition constitutes a ``disability'' or
``handicap'' under those authorities. Other laws, such as the GLB Act,
HIPAA, and other parts of the FCRA, also limit or regulate the use,
collection, and sharing of consumer information, including medical
information. The industry's preexisting familiarity and compliance with
the requirements of these other authorities to the extent applicable is
one factor that OTS expects will minimize the economic impact of
today's interim final rule.
NCUA: The Regulatory Flexibility Act requires NCUA to prepare an
analysis to describe any significant economic impact any regulation may
have on a substantial number of small entities. NCUA considers credit
unions having less than ten million dollars in assets to be small for
purposes of the Regulatory Flexibility Act. NCUA Interpretive Ruling
and Policy Statement (IRPS) 87-2, as amended by IRPS 03-2. NCUA
conducted an initial regulatory flexibility analysis in connection with
the proposed rule and did not receive any comments on it.
Upon further review, NCUA certifies that this interim final rule
will not have a significant economic impact on a substantial number of
small entities. The interim final rule applies to all Federal credit
unions that obtain or use a consumer's medical information in
connection with credit determinations, regardless of credit union size.
The interim final rule creates exceptions to the FACT Act's prohibition
against Federal credit unions obtaining and using such information in
connection with credit determinations. Additionally, the interim final
rule implements the FACT Act's restrictions on the sharing of medical
information among Federal credit union affiliates, credit union service
organizations (CUSOs), and includes exceptions to permit the sharing of
medical information in certain circumstances.
FDIC--Small Business Regulatory Enforcement Act
The Small Business Regulatory Enforcement Act of 1996 (SBREFA)
(Pub. L. 104-121, 110 Stat. 857) provides generally for agencies to
report rules to Congress and for Congress to review these rules. The
reporting requirement is triggered in instances where the FDIC issues a
final rule as defined by the Administrative Procedure Act (APA) (5
U.S.C. 55, et seq.). Because the FDIC is issuing a final rule as
defined by the APA, the FDIC will file the reports required by SBREFA.
OCC and OTS Executive Order 12866 Determination
The OCC and OTS each has determined that its portion of the rule is
not a significant regulatory action under Executive Order 12866.
OCC Executive Order 13132 Determination
The OCC has determined that this rule does not have any Federalism
implications, as required by Executive Order 13132.
NCUA Executive Order 13132 Determination
Executive Order 13132 encourages independent regulatory agencies to
consider the impact of their actions on state and local interests. In
adherence to fundamental federalism principles, the NCUA, an
independent regulatory agency as defined in 44 U.S.C. 3502(5),
voluntarily complies with the executive order. The rule applies only to
federally chartered credit unions and would not have substantial direct
effects on the states, on the connection between the national
government and the states, or on the distribution of power and
responsibilities among the various levels of government. The NCUA has
determined that this rule does not constitute a policy that has
federalism implications for purposes of the executive order.
OCC and OTS Unfunded Mandates Reform Act of 1995 Determination
Section 202 of the Unfunded Mandates Reform Act of 1995, Public Law
104-4 (Unfunded Mandates Act) requires that an agency prepare a
budgetary impact statement before promulgating a rule that includes a
Federal mandate that may result in expenditure by State, local, and
tribal
[[Page 33975]]
governments, in the aggregate, or by the private sector, of $100
million or more in any one year. If a budgetary impact statement is
required, section 205 of the Unfunded Mandates Act also requires an
agency to identify and consider a reasonable number of regulatory
alternatives before promulgating a rule. The OCC and OTS each has
determined that this rule will not result in expenditures by State,
local, and tribal governments, or by the private sector, of $100
million or more. Accordingly, neither the OCC nor the OTS has prepared
a budgetary impact statement or specifically addressed the regulatory
alternatives considered.
NCUA: The Treasury and General Government Appropriations Act, 1999--
Assessment of Federal Regulations and Policies on Families
The NCUA has determined that this rule would not affect family
well-being within the meaning of section 654 of the Treasury and
General Government Appropriations Act, 1999, Pub. L. 105-277, 112 Stat.
2681 (1998).
Plain Language Requirement
Section 722 of the Gramm-Leach-Bliley Act (GLBA) (12 U.S.C. 4809),
requires the Federal banking agencies to use plain language in all
proposed and final rules published after January 1, 2000. The proposed
rule requested comments on how the rule might be changed to reflect the
requirements of GLBA. No GLBA comments were received.
List of Subjects
12 CFR Part 41
Banks, banking, Consumer protection, National banks, Reporting and
recordkeeping requirements.
12 CFR Part 222
Banks, banking, Consumer protection, Credit, Fair Credit Reporting
Act, Holding companies, Privacy, Reporting and recordkeeping
requirements, State member banks.
12 CFR Part 232
Consumer protection, Credit, Fair Credit Reporting Act, Privacy,
Reporting and recordkeeping requirements.
12 CFR Part 334
Administrative practice and procedure, Bank deposit insurance,
Banks, banking, Reporting and recordkeeping requirements, Safety and
soundness.
12 CFR Part 571
Consumer protection, Credit, Fair Credit Reporting Act, Privacy,
Reporting and recordkeeping requirements, Savings associations.
12 CFR Part 717
Consumer protection, Credit unions, Fair credit reporting, Medical
information, Privacy, Reporting and recordkeeping requirements.
Office of the Comptroller of the Currency
12 CFR Chapter I.
Authority and Issuance
0
For the reasons set forth in the preamble, the OCC amends Chapter I of
Title 12 of the Code of Federal Regulations as follows:
PART 41--FAIR CREDIT
0
1. Revise the authority citation for part 41 to read as follows:
Authority: 12 U.S.C. 1 et seq., 24(Seventh), 93a, 481, 484, and
1818; 15 U.S.C. 1681a, 1681b, 1681s, 1681w, 6801, and 6805.
0
2. Revise subpart A to read as follows:
Subpart A--General Provisions
Sec. 41.2 Examples.
The examples in this part are not exclusive. Compliance with an
example, to the extent applicable, constitutes compliance with this
part. Examples in a paragraph illustrate only the issue described in
the paragraph and do not illustrate any other issue that may arise in
this part.
Sec. 41.3 Definitions.
As used in this part, unless the context requires otherwise:
(a) Act means the Fair Credit Reporting Act (15 U.S.C. 1681 et
seq.).
(b) Affiliate means any company that is related by common ownership
or common corporate control with another company.
(c) [Reserved]
(d) Company means any corporation, limited liability company,
business trust, general or limited partnership, association, or similar
organization.
(e) Consumer means an individual.
(f) [Reserved]
(g) [Reserved]
(h) [Reserved]
(i) Common ownership or common corporate control means a
relationship between two companies under which:
(1) One company has, with respect to the other company:
(i) Ownership, control, or power to vote 25 percent or more of the
outstanding shares of any class of voting security of a company,
directly or indirectly, or acting through one or more other persons;
(ii) Control in any manner over the election of a majority of the
directors, trustees, or general partners (or individuals exercising
similar functions) of a company; or
(iii) The power to exercise, directly or indirectly, a controlling
influence over the management or policies of a company, as the OCC
determines; or
(2) Any other person has, with respect to both companies, a
relationship described in paragraphs (i)(1)(i)-(i)(1)(iii) of this
section.
(j) [Reserved]
(k) Medical information means:
(1) Information or data, whether oral or recorded, in any form or
medium, created by or derived from a health care provider or the
consumer, that relates to--
(i) The past, present, or future physical, mental, or behavioral
health or condition of an individual;
(ii) The provision of health care to an individual; or
(iii) The payment for the provision of health care to an
individual.
(2) The term does not include:
(i) The age or gender of a consumer;
(ii) Demographic information about the consumer, including a
consumer's residence address or e-mail address;
(iii) Any other information about a consumer that does not relate
to the physical, mental, or behavioral health or condition of a
consumer, including the existence or value of any insurance policy; or
(iv) Information that does not identify a specific consumer.
(l) Person means any individual, partnership, corporation, trust,
estate cooperative, association, government or governmental subdivision
or agency, or other entity.
0
3. Add subpart D to read as follows:
Subpart D--Medical Information
Sec. 41.30 Obtaining or using medical information in connection with
a determination of eligibility for credit.
(a) Scope. This section applies to:
(1) Any person that participates as a creditor in a transaction and
that is a national bank, a Federal branch or agency of a foreign bank,
and their respective subsidiaries; or
(2) Any other person that participates as a creditor in a
transaction involving a person described in paragraph (a)(1) of this
section.
(b) General prohibition on obtaining or using medical information.
(1) In general. A creditor may not obtain or use medical information
pertaining to a consumer in connection with any determination of the
consumer's eligibility, or continued eligibility, for
[[Page 33976]]
credit, except as provided in this section.
(2) Definitions. (i) Credit has the same meaning as in section 702
of the Equal Credit Opportunity Act, 15 U.S.C. 1691a.
(ii) Creditor has the same meaning as in section 702 of the Equal
Credit Opportunity Act, 15 U.S.C. 1691a.
(iii) Eligibility, or continued eligibility, for credit means the
consumer's qualification or fitness to receive, or continue to receive,
credit, including the terms on which credit is offered. The term does
not include:
(A) Any determination of the consumer's qualification or fitness
for employment, insurance (other than a credit insurance product), or
other non-credit products or services;
(B) Authorizing, processing, or documenting a payment or
transaction on behalf of the consumer in a manner that does not involve
a determination of the consumer's eligibility, or continued
eligibility, for credit; or
(C) Maintaining or servicing the consumer's account in a manner
that does not involve a determination of the consumer's eligibility, or
continued eligibility, for credit.
(c) Rule of construction for obtaining and using unsolicited
medical information. (1) In general. A creditor does not obtain medical
information in violation of the prohibition if it receives medical
information pertaining to a consumer in connection with any
determination of the consumer's eligibility, or continued eligibility,
for credit without specifically requesting medical information.
(2) Use of unsolicited medical information. A creditor that
receives unsolicited medical information in the manner described in
paragraph (c)(1) of this section may use that information in connection
with any determination of the consumer's eligibility, or continued
eligibility, for credit to the extent the creditor can rely on at least
one of the exceptions in Sec. 41.30(d) or (e).
(3) Examples. A creditor does not obtain medical information in
violation of the prohibition if, for example:
(i) In response to a general question regarding a consumer's debts
or expenses, the creditor receives information that the consumer owes a
debt to a hospital.
(ii) In a conversation with the creditor's loan officer, the
consumer informs the creditor that the consumer has a particular
medical condition.
(iii) In connection with a consumer's application for an extension
of credit, the creditor requests a consumer report from a consumer
reporting agency and receives medical information in the consumer
report furnished by the agency even though the creditor did not
specifically request medical information from the consumer reporting
agency.
(d) Financial information exception for obtaining and using medical
information. (1) In general. A creditor may obtain and use medical
information pertaining to a consumer in connection with any
determination of the consumer's eligibility, or continued eligibility,
for credit so long as:
(i) The information is the type of information routinely used in
making credit eligibility determinations, such as information relating
to debts, expenses, income, benefits, assets, collateral, or the
purpose of the loan, including the use of proceeds;
(ii) The creditor uses the medical information in a manner and to
an extent that is no less favorable than it would use comparable
information that is not medical information in a credit transaction;
and
(iii) The creditor does not take the consumer's physical, mental,
or behavioral health, condition or history, type of treatment, or
prognosis into account as part of any such determination.
(2) Examples. (i) Examples of the types of information routinely
used in making credit eligibility determinations. Paragraph (d)(1)(i)
of this section permits a creditor, for example, to obtain and use
information about:
(A) The dollar amount, repayment terms, repayment history, and
similar information regarding medical debts to calculate, measure, or
verify the repayment ability of the consumer, the use of proceeds, or
the terms for granting credit;
(B) The value, condition, and lien status of a medical device that
may serve as collateral to secure a loan;
(C) The dollar amount and continued eligibility for disability
income or benefits related to health or a medical condition that is
relied on as a source of repayment; or
(D) The identity of creditors to whom outstanding medical debts are
owed in connection with an application for credit, including but not
limited to, a transaction involving the consolidation of medical debts.
(ii) Examples of uses of medical information consistent with the
exception. (A) A consumer includes on an application for credit
information about two $20,000 debts. One debt is to a hospital; the
other debt is to a retailer. The creditor contacts the hospital and the
retailer to verify the amount and payment status of the debts. The
creditor learns that both debts are more than 90 days past due. Any two
debts of this size that are more than 90 days past due would disqualify
the consumer under the creditor's established underwriting criteria.
The creditor denies the application on the basis that the consumer has
a poor repayment history on outstanding debts. The creditor has used
medical information in a manner and to an extent no less favorable than
it would use comparable non-medical information.
(B) A consumer indicates on an application for a $200,000 mortgage
loan that she receives $15,000 in long-term disability income each year
from her former employer and has no other income. Annual income of
$15,000, regardless of source, would not be sufficient to support the
requested amount of credit. The creditor denies the application on the
basis that the projected debt-to-income ratio of the consumer does not
meet the creditor's underwriting criteria. The creditor has used
medical information in a manner and to an extent that is no less
favorable than it would use comparable non-medical information.
(C) A consumer includes on an application for a $10,000 home equity
loan that he has a $50,000 debt to a medical facility that specializes
in treating a potentially terminal disease. The creditor contacts the
medical facility to verify the debt and obtain the repayment history
and current status of the loan. The creditor learns that the debt is
current. The applicant meets the income and other requirements of the
creditor's underwriting guidelines. The creditor grants the
application. The creditor has used medical information in accordance
with the exception.
(iii) Examples of uses of medical information inconsistent with the
exception. (A) A consumer applies for $25,000 of credit and includes on
the application information about a $50,000 debt to a hospital. The
creditor contacts the hospital to verify the amount and payment status
of the debt, and learns that the debt is current and that the consumer
has no delinquencies in her repayment history. If the existing debt
were instead owed to a retail department store, the creditor would
approve the application and extend credit based on the amount and
repayment history of the outstanding debt. The creditor, however,
denies the application because the consumer is indebted to a hospital.
The creditor has used medical information, here the identity of the
medical creditor, in a manner and to an extent that is less favorable
than it would use comparable non-medical information.
(B) A consumer meets with a loan officer of a creditor to apply for
a
[[Page 33977]]
mortgage loan. While filling out the loan application, the consumer
informs the loan officer orally that she has a potentially terminal
disease. The consumer meets the creditor's established requirements for
the requested mortgage loan. The loan officer recommends to the credit
committee that the consumer be denied credit because the consumer has
that disease. The credit committee follows the loan officer's
recommendation and denies the application because the consumer has a
potentially terminal disease. The creditor has used medical information
in a manner inconsistent with the exception by taking into account the
consumer's physical, mental, or behavioral health, condition, or
history, type of treatment, or prognosis as part of a determination of
eligibility or continued eligibility for credit.
(C) A consumer who has an apparent medical condition, such as a
consumer who uses a wheelchair or an oxygen tank, meets with a loan
officer to apply for a home equity loan. The consumer meets the
creditor's established requirements for the requested home equity loan
and the creditor typically does not require consumers to obtain a debt
cancellation contract, debt suspension agreement, or credit insurance
product in connection with such loans. However, based on the consumer's
apparent medical condition, the loan officer recommends to the credit
committee that credit be extended to the consumer only if the consumer
obtains a debt cancellation contract, debt suspension agreement, or
credit insurance product. The credit committee agrees with the loan
officer's recommendation. The loan officer informs the consumer that
the consumer must obtain a debt cancellation contract, debt suspension
agreement, or credit insurance product to qualify for the loan. The
consumer obtains one of these products from a third party and the
creditor approves the loan. The creditor has used medical information
in a manner inconsistent with the exception by taking into account the
consumer's physical, mental, or behavioral health, condition, or
history, type of treatment, or prognosis in setting conditions on the
consumer's eligibility for credit.
(e) Specific exceptions for obtaining and using medical
information. (1) In general. A creditor may obtain and use medical
information pertaining to a consumer in connection with any
determination of the consumer's eligibility, or continued eligibility,
for credit--
(i) To determine whether the use of a power of attorney or legal
representative that is triggered by a medical event or condition is
necessary and appropriate or whether the consumer has the legal
capacity to contract when a person seeks to exercise a power of
attorney or act as legal representative for a consumer based on an
asserted medical event or condition;
(ii) To comply with applicable requirements of local, State, or
Federal laws;
(iii) To determine, at the consumer's request, whether the consumer
qualifies for a legally permissible special credit program or credit-
related assistance program that is--
(A) Designed to meet the special needs of consumers with medical
conditions; and
(B) Established and administered pursuant to a written plan that--
(1) Identifies the class of persons that the program is designed to
benefit; and
(2) Sets forth the procedures and standards for extending credit or
providing other credit-related assistance under the program.
(iv) To the extent necessary for purposes of fraud prevention or
detection;
(v) In the case of credit for the purpose of financing medical
products or services, to determine and verify the medical purpose of a
loan and the use of proceeds;
(vi) Consistent with safe and sound practices, if the consumer or
the consumer's legal representative specifically requests that the
creditor use medical information in determining the consumer's
eligibility, or continued eligibility, for credit, to accommodate the
consumer's particular circumstances, and such request is documented by
the creditor;
(vii) Consistent with safe and sound practices, to determine
whether the provisions of a forbearance practice or program that is
triggered by a medical event or condition apply to a consumer;
(viii) To determine the consumer's eligibility for, the triggering
of, or the reactivation of a debt cancellation contract or debt
suspension agreement if a medical condition or event is a triggering
event for the provision of benefits under the contract or agreement; or
(ix) To determine the consumer's eligibility for, the triggering
of, or the reactivation of a credit insurance product if a medical
condition or event is a triggering event for the provision of benefits
under the product.
(2) Example of determining eligibility for a special credit program
or credit assistance program. A not-for-profit organization establishes
a credit assistance program pursuant to a written plan that is designed
to assist disabled veterans in purchasing homes by subsidizing the down
payment for the home purchase mortgage loans of qualifying veterans.
The organization works through mortgage lenders and requires mortgage
lenders to obtain medical information about the disability of any
consumer that seeks to qualify for the program, use that information to
verify the consumer's eligibility for the program, and forward that
information to the organization. A consumer who is a veteran applies to
a creditor for a home purchase mortgage loan. The creditor informs the
consumer about the credit assistance program for disabled veterans and
the consumer seeks to qualify for the program. Assuming that the
program complies with all applicable law, including applicable fair
lending laws, the creditor may obtain and use medical information about
the medical condition and disability, if any, of the consumer to
determine whether the consumer qualifies for the credit assistance
program.
(3) Examples of verifying the medical purpose of the loan or the
use of proceeds. (i) If a consumer applies for $10,000 of credit for
the purpose of financing vision correction surgery, the creditor may
verify with the surgeon that the procedure will be performed. If the
surgeon reports that surgery will not be performed on the consumer, the
creditor may use that medical information to deny the consumer's
application for credit, because the loan would not be used for the
stated purpose.
(ii) If a consumer applies for $10,000 of credit for the purpose of
financing cosmetic surgery, the creditor may confirm the cost of the
procedure with the surgeon. If the surgeon reports that the cost of the
procedure is $5,000, the creditor may use that medical information to
offer the consumer only $5,000 of credit.
(iii) A creditor has an established medical loan program for
financing particular elective surgical procedures. The creditor
receives a loan application from a consumer requesting $10,000 of
credit under the established loan program for an elective surgical
procedure. The consumer indicates on the application that the purpose
of the loan is to finance an elective surgical procedure not eligible
for funding under the guidelines of the established loan program. The
creditor may deny the consumer's application because the purpose of the
loan is not for a particular procedure funded by the established loan
program.
(4) Examples of obtaining and using medical information at the
request of
[[Page 33978]]
the consumer. (i) If a consumer applies for a loan and specifically
requests that the creditor consider the consumer's medical disability
at the relevant time as an explanation for adverse payment history
information in his credit report, the creditor may consider such
medical information in evaluating the consumer's willingness and
ability to repay the requested loan to accommodate the consumer's
particular circumstances, consistent with safe and sound practices. The
creditor may also decline to consider such medical information to
accommodate the consumer, but may evaluate the consumer's application
in accordance with its otherwise applicable underwriting criteria. The
creditor may not deny the consumer's application or otherwise treat the
consumer less favorably because the consumer specifically requested a
medical accommodation, if the creditor would have extended the credit
or treated the consumer more favorably under the creditor's otherwise
applicable underwriting criteria.
(ii) If a consumer applies for a loan by telephone and explains
that his income has been and will continue to be interrupted on account
of a medical condition and that he expects to repay the loan by
liquidating assets, the creditor may, but is not required to, evaluate
the application using the sale of assets as the primary source of
repayment, consistent with safe and sound practices, provided that the
creditor documents the consumer's request by recording the oral
conversation or making a notation of the request in the consumer's
file.
(iii) If a consumer applies for a loan and the application form
provides a space where the consumer may provide any other information
or special circumstances, whether medical or non-medical, that the
consumer would like the creditor to consider in evaluating the
consumer's application, the creditor may use medical information
provided by the consumer in that space on that application to
accommodate the consumer's application for credit, consistent with safe
and sound practices, or may disregard that information.
(iv) If a consumer specifically requests that the creditor use
medical information in determining the consumer's eligibility, or
continued eligibility, for credit and provides the creditor with
medical information for that purpose, and the creditor determines that
it needs additional information regarding the consumer's circumstances,
the creditor may request, obtain, and use additional medical
information about the consumer as necessary to verify the information
provided by the consumer or to determine whether to make an
accommodation for the consumer. The consumer may decline to provide
additional information, withdraw the request for an accommodation, and
have the application considered under the creditor's otherwise
applicable underwriting criteria.
(v) If a consumer completes and signs a credit application that is
not for medical purpose credit and the application contains boilerplate
language that routinely requests medical information from the consumer
or that indicates that by applying for credit the consumer authorizes
or consents to the creditor obtaining and using medical information in
connection with a determination of the consumer's eligibility, or
continued eligibility, for credit, the consumer has not specifically
requested that the creditor obtain and use medical information to
accommodate the consumer's particular circumstances.
(5) Example of a forbearance practice or program. After an
appropriate safety and soundness review, a creditor institutes a
program that allows consumers who are or will be hospitalized to defer
payments as needed for up to three months, without penalty, if the
credit account has been open for more than one year and has not
previously been in default, and the consumer provides confirming
documentation at an appropriate time. A consumer is hospitalized and
does not pay her bill for a particular month. This consumer has had a
credit account with the creditor for more than one year and has not
previously been in default. The creditor attempts to contact the
consumer and speaks with the consumer's adult child, who is not the
consumer's legal representative. The adult child informs the creditor
that the consumer is hospitalized and is unable to pay the bill at that
time. The creditor defers payments for up to three months, without
penalty, for the hospitalized consumer and sends the consumer a letter
confirming this practice and the date on which the next payment will be
due.
Sec. 41.31 Limits on redisclosure of information.
(a) Scope. This section applies to national banks, Federal branches
and agencies of foreign banks, and their respective operating
subsidiaries.
(b) Limits on redisclosure. If a person described in paragraph (a)
of this section receives medical information about a consumer from a
consumer reporting agency or its affiliate, the person must not
disclose that information to any other person, except as necessary to
carry out the purpose for which the information was initially
disclosed, or as otherwise permitted by statute, regulation, or order.
Sec. 41.32 Sharing medical information with affiliates.
(a) Scope. This section applies to national banks, Federal branches
and agencies of foreign banks, and their respective operating
subsidiaries.
(b) In general. The exclusions from the term ``consumer report'' in
section 603(d)(2) of the Act that allow the sharing of information with
affiliates do not apply if a person described in paragraph (a) of this
section communicates to an affiliate--
(1) Medical information;
(2) An individualized list or description based on the payment
transactions of the consumer for medical products or services; or
(3) An aggregate list of identified consumers based on payment
transactions for medical products or services.
(c) Exceptions. A person described in paragraph (a) may rely on the
exclusions from the term ``consumer report'' in section 603(d)(2) of
the Act to communicate the information in paragraph (b) to an
affiliate--
(1) In connection with the business of insurance or annuities
(including the activities described in section 18B of the model Privacy
of Consumer Financial and Health Information Regulation issued by the
National Association of Insurance Commissioners, as in effect on
January 1, 2003);
(2) For any purpose permitted without authorization under the
regulations promulgated by the Department of Health and Human Services
pursuant to the Health Insurance Portability and Accountability Act of
1996 (HIPAA);
(3) For any purpose referred to in section 1179 of HIPAA;
(4) For any purpose described in section 502(e) of the Gramm-Leach-
Bliley Act;
(5) In connection with a determination of the consumer's
eligibility, or continued eligibility, for credit consistent with Sec.
41.30; or
(6) As otherwise permitted by order of the OCC.
Board of Governors of the Federal Reserve System
12 CFR Chapter II.
Authority and Issuance
0
For the reasons set forth in the joint preamble, title 12, chapter II,
of the Code
[[Page 33979]]
of Federal Regulations is amended as follows:
PART 222--FAIR CREDIT REPORTING (REGULATION V)
0
1. The authority citation for part 222 is revised to read as follows:
Authority: 15 U.S.C. 1681b and 1681s; Secs. 3, 214, and 217,
Pub. L. 108-159, 117 Stat. 1952.
Subpart A--General Provisions
0
2. Amend subpart A to part 222 by adding Sec. Sec. 222.2 and 222.3 to
read as follows:
Sec. 222.2 Examples.
The examples in this part are not exclusive. Compliance with an
example, to the extent applicable, constitutes compliance with this
part. Examples in a paragraph illustrate only the issue described in
the paragraph and do not illustrate any other issue that may arise in
this part.
Sec. 222.3 Definitions.
As used in this part, unless the context requires otherwise:
(a) Act means the Fair Credit Reporting Act (15 U.S.C. 1681 et
seq.).
(b) Affiliate means any company that is related by common ownership
or common corporate control with another company.
(c) [Reserved]
(d) Company means any corporation, limited liability company,
business trust, general or limited partnership, association, or similar
organization.
(e) Consumer means an individual.
(f) [Reserved]
(g) [Reserved]
(h) [Reserved]
(i) Common ownership or common corporate control means a
relationship between two companies under which:
(1) One company has, with respect to the other company:
(i) Ownership, control, or power to vote 25 percent or more of the
outstanding shares of any class of voting security of a company,
directly or indirectly, or acting through one or more other persons;
(ii) Control in any manner over the election of a majority of the
directors, trustees, or general partners (or individuals exercising
similar functions) of a company; or
(iii) The power to exercise, directly or indirectly, a controlling
influence over the management or policies of a company, as the Board
determines; or
(2) Any other person has, with respect to both companies, a
relationship described in paragraphs (i)(1)(i)-(i)(1)(iii) of this
section.
(j) [Reserved]
(k) Medical information means:
(1) Information or data, whether oral or recorded, in any form or
medium, created by or derived from a health care provider or the
consumer, that relates to--
(i) The past, present, or future physical, mental, or behavioral
health or condition of an individual;
(ii) The provision of health care to an individual; or
(iii) The payment for the provision of health care to an
individual.
(2) The term does not include:
(i) The age or gender of a consumer;
(ii) Demographic information about the consumer, including a
consumer's residence address or e-mail address;
(iii) Any other information about a consumer that does not relate
to the physical, mental, or behavioral health or condition of a
consumer, including the existence or value of any insurance policy; or
(iv) Information that does not identify a specific consumer.
(l) Person means any individual, partnership, corporation, trust,
estate cooperative, association, government or governmental subdivision
or agency, or other entity.
0
3. Subpart D is added to part 222 to read as follows:
Subpart D--Medical Information
Sec.
222.30 Obtaining or using medical information in connection with a
determination of eligibility for credit.
222.31 Limits on redisclosure of information.
222.32 Sharing medical information with affiliates.
Subpart D--Medical Information
Sec. 222.30 Obtaining or using medical information in connection with
a determination of eligibility for credit.
(a) Scope. This section applies to
(1) Any of the following that participates as a creditor in a
transaction--
(i) A bank that is a member of the Federal Reserve System (other
than national banks) and its subsidiaries;
(ii) A branch or Agency of a foreign bank (other than Federal
branches, Federal Agencies, and insured State branches of foreign
banks) and its subsidiaries;
(iii) A commercial lending company owned or controlled by foreign
banks;
(iv) An organization operating under section 25 or 25A of the
Federal Reserve Act (12 U.S.C. 601 et seq., and 611 et seq.);
(v) A bank holding company and an affiliate of such holding company
(other than depository institutions and consumer reporting agencies);
or
(2) Any other person that participates as a creditor in a
transaction involving a person described in paragraph (a)(1) of this
section.
(b) General prohibition on obtaining or using medical information.
(1) In general. A creditor may not obtain or use medical information
pertaining to a consumer in connection with any determination of the
consumer's eligibility, or continued eligibility, for credit, except as
provided in this section.
(2) Definitions. (i) Credit has the same meaning as in section 702
of the Equal Credit Opportunity Act, 15 U.S.C. 1691a.
(ii) Creditor has the same meaning as in section 702 of the Equal
Credit Opportunity Act, 15 U.S.C. 1691a.
(iii) Eligibility, or continued eligibility, for credit means the
consumer's qualification or fitness to receive, or continue to receive,
credit, including the terms on which credit is offered. The term does
not include:
(A) Any determination of the consumer's qualification or fitness
for employment, insurance (other than a credit insurance product), or
other non-credit products or services;
(B) Authorizing, processing, or documenting a payment or
transaction on behalf of the consumer in a manner that does not involve
a determination of the consumer's eligibility, or continued
eligibility, for credit; or
(C) Maintaining or servicing the consumer's account in a manner
that does not involve a determination of the consumer's eligibility, or
continued eligibility, for credit.
(c) Rule of construction for obtaining and using unsolicited
medical information. (1) In general. A creditor does not obtain medical
information in violation of the prohibition if it receives medical
information pertaining to a consumer in connection with any
determination of the consumer's eligibility, or continued eligibility,
for credit without specifically requesting medical information.
(2) Use of unsolicited medical information. A creditor that
receives unsolicited medical information in the manner described in
paragraph (c)(1) of this section may use that information in connection
with any determination of the consumer's eligibility, or continued
eligibility, for credit to the extent the creditor can rely on at least
one of the exceptions in Sec. 222.30(d) or (e).
(3) Examples. A creditor does not obtain medical information in
violation of the prohibition if, for example:
[[Page 33980]]
(i) In response to a general question regarding a consumer's debts
or expenses, the creditor receives information that the consumer owes a
debt to a hospital.
(ii) In a conversation with the creditor's loan officer, the
consumer informs the creditor that the consumer has a particular
medical condition.
(iii) In connection with a consumer's application for an extension
of credit, the creditor requests a consumer report from a consumer
reporting agency and receives medical information in the consumer
report furnished by the agency even though the creditor did not
specifically request medical information from the consumer reporting
agency.
(d) Financial information exception for obtaining and using medical
information. (1) In general. A creditor may obtain and use medical
information pertaining to a consumer in connection with any
determination of the consumer's eligibility, or continued eligibility,
for credit so long as:
(i) The information is the type of information routinely used in
making credit eligibility determinations, such as information relating
to debts, expenses, income, benefits, assets, collateral, or the
purpose of the loan, including the use of proceeds;
(ii) The creditor uses the medical information in a manner and to
an extent that is no less favorable than it would use comparable
information that is not medical information in a credit transaction;
and
(iii) The creditor does not take the consumer's physical, mental,
or behavioral health, condition or history, type of treatment, or
prognosis into account as part of any such determination.
(2) Examples. (i) Examples of the types of information routinely
used in making credit eligibility determinations. Paragraph (d)(1)(i)
of this section permits a creditor, for example, to obtain and use
information about:
(A) The dollar amount, repayment terms, repayment history, and
similar information regarding medical debts to calculate, measure, or
verify the repayment ability of the consumer, the use of proceeds, or
the terms for granting credit;
(B) The value, condition, and lien status of a medical device that
may serve as collateral to secure a loan;
(C) The dollar amount and continued eligibility for disability
income or benefits related to health or a medical condition that is
relied on as a source of repayment; or
(D) The identity of creditors to whom outstanding medical debts are
owed in connection with an application for credit, including but not
limited to, a transaction involving the consolidation of medical debts.
(ii) Examples of uses of medical information consistent with the
exception. (A) A consumer includes on an application for credit
information about two $20,000 debts. One debt is to a hospital; the
other debt is to a retailer. The creditor contacts the hospital and the
retailer to verify the amount and payment status of the debts. The
creditor learns that both debts are more than 90 days past due. Any two
debts of this size that are more than 90 days past due would disqualify
the consumer under the creditor's established underwriting criteria.
The creditor denies the application on the basis that the consumer has
a poor repayment history on outstanding debts. The creditor has used
medical information in a manner and to an extent no less favorable than
it would use comparable non-medical information.
(B) A consumer indicates on an application for a $200,000 mortgage
loan that she receives $15,000 in long-term disability income each year
from her former employer and has no other income. Annual income of
$15,000, regardless of source, would not be sufficient to support the
requested amount of credit. The creditor denies the application on the
basis that the projected debt-to-income ratio of the consumer does not
meet the creditor's underwriting criteria. The creditor has used
medical information in a manner and to an extent that is no less
favorable than it would use comparable non-medical information.
(C) A consumer includes on an application for a $10,000 home equity
loan that he has a $50,000 debt to a medical facility that specializes
in treating a potentially terminal disease. The creditor contacts the
medical facility to verify the debt and obtain the repayment history
and current status of the loan. The creditor learns that the debt is
current. The applicant meets the income and other requirements of the
creditor's underwriting guidelines. The creditor grants the
application. The creditor has used medical information in accordance
with the exception.
(iii) Examples of uses of medical information inconsistent with the
exception. (A) A consumer applies for $25,000 of credit and includes on
the application information about a $50,000 debt to a hospital. The
creditor contacts the hospital to verify the amount and payment status
of the debt, and learns that the debt is current and that the consumer
has no delinquencies in her repayment history. If the existing debt
were instead owed to a retail department store, the creditor would
approve the application and extend credit based on the amount and
repayment history of the outstanding debt. The creditor, however,
denies the application because the consumer is indebted to a hospital.
The creditor has used medical information, here the identity of the
medical creditor, in a manner and to an extent that is less favorable
than it would use comparable non-medical information.
(B) A consumer meets with a loan officer of a creditor to apply for
a mortgage loan. While filling out the loan application, the consumer
informs the loan officer orally that she has a potentially terminal
disease. The consumer meets the creditor's established requirements for
the requested mortgage loan. The loan officer recommends to the credit
committee that the consumer be denied credit because the consumer has
that disease. The credit committee follows the loan officer's
recommendation and denies the application because the consumer has a
potentially terminal disease. The creditor has used medical information
in a manner inconsistent with the exception by taking into account the
consumer's physical, mental, or behavioral health, condition, or
history, type of treatment, or prognosis as part of a determination of
eligibility or continued eligibility for credit.
(C) A consumer who has an apparent medical condition, such as a
consumer who uses a wheelchair or an oxygen tank, meets with a loan
officer to apply for a home equity loan. The consumer meets the
creditor's established requirements for the requested home equity loan
and the creditor typically does not require consumers to obtain a debt
cancellation contract, debt suspension agreement, or credit insurance
product in connection with such loans. However, based on the consumer's
apparent medical condition, the loan officer recommends to the credit
committee that credit be extended to the consumer only if the consumer
obtains a debt cancellation contract, debt suspension agreement, or
credit insurance product. The credit committee agrees with the loan
officer's recommendation. The loan officer informs the consumer that
the consumer must obtain a debt cancellation contract, debt suspension
agreement, or credit insurance product to qualify for the loan. The
consumer obtains one of these products from a third party and the
creditor approves the loan. The creditor has used medical information
in a manner inconsistent with the exception by taking into account the
consumer's
[[Page 33981]]
physical, mental, or behavioral health, condition, or history, type of
treatment, or prognosis in setting conditions on the consumer's
eligibility for credit.
(e) Specific exceptions for obtaining and using medical
information. (1) In general. A creditor may obtain and use medical
information pertaining to a consumer in connection with any
determination of the consumer's eligibility, or continued eligibility,
for credit--
(i) To determine whether the use of a power of attorney or legal
representative that is triggered by a medical event or condition is
necessary and appropriate or whether the consumer has the legal
capacity to contract when a person seeks to exercise a power of
attorney or act as legal representative for a consumer based on an
asserted medical event or condition;
(ii) To comply with applicable requirements of local, State, or
Federal laws;
(iii) To determine, at the consumer's request, whether the consumer
qualifies for a legally permissible special credit program or credit-
related assistance program that is--
(A) Designed to meet the special needs of consumers with medical
conditions; and
(B) Established and administered pursuant to a written plan that--
(1) Identifies the class of persons that the program is designed to
benefit; and
(2) Sets forth the procedures and standards for extending credit or
providing other credit-related assistance under the program.
(iv) To the extent necessary for purposes of fraud prevention or
detection;
(v) In the case of credit for the purpose of financing medical
products or services, to determine and verify the medical purpose of a
loan and the use of proceeds;
(vi) Consistent with safe and sound practices, if the consumer or
the consumer's legal representative specifically requests that the
creditor use medical information in determining the consumer's
eligibility, or continued eligibility, for credit, to accommodate the
consumer's particular circumstances, and such request is documented by
the creditor;
(vii) Consistent with safe and sound practices, to determine
whether the provisions of a forbearance practice or program that is
triggered by a medical event or condition apply to a consumer;
(viii) To determine the consumer's eligibility for, the triggering
of, or the reactivation of a debt cancellation contract or debt
suspension agreement if a medical condition or event is a triggering
event for the provision of benefits under the contract or agreement; or
(ix) To determine the consumer's eligibility for, the triggering
of, or the reactivation of a credit insurance product if a medical
condition or event is a triggering event for the provision of benefits
under the product.
(2) Example of determining eligibility for a special credit program
or credit assistance program. A not-for-profit organization establishes
a credit assistance program pursuant to a written plan that is designed
to assist disabled veterans in purchasing homes by subsidizing the down
payment for the home purchase mortgage loans of qualifying veterans.
The organization works through mortgage lenders and requires mortgage
lenders to obtain medical information about the disability of any
consumer that seeks to qualify for the program, use that information to
verify the consumer's eligibility for the program, and forward that
information to the organization. A consumer who is a veteran applies to
a creditor for a home purchase mortgage loan. The creditor informs the
consumer about the credit assistance program for disabled veterans and
the consumer seeks to qualify for the program. Assuming that the
program complies with all applicable law, including applicable fair
lending laws, the creditor may obtain and use medical information about
the medical condition and disability, if any, of the consumer to
determine whether the consumer qualifies for the credit assistance
program.
(3) Examples of verifying the medical purpose of the loan or the
use of proceeds. (i) If a consumer applies for $10,000 of credit for
the purpose of financing vision correction surgery, the creditor may
verify with the surgeon that the procedure will be performed. If the
surgeon reports that surgery will not be performed on the consumer, the
creditor may use that medical information to deny the consumer's
application for credit, because the loan would not be used for the
stated purpose.
(ii) If a consumer applies for $10,000 of credit for the purpose of
financing cosmetic surgery, the creditor may confirm the cost of the
procedure with the surgeon. If the surgeon reports that the cost of the
procedure is $5,000, the creditor may use that medical information to
offer the consumer only $5,000 of credit.
(iii) A creditor has an established medical loan program for
financing particular elective surgical procedures. The creditor
receives a loan application from a consumer requesting $10,000 of
credit under the established loan program for an elective surgical
procedure. The consumer indicates on the application that the purpose
of the loan is to finance an elective surgical procedure not eligible
for funding under the guidelines of the established loan program. The
creditor may deny the consumer's application because the purpose of the
loan is not for a particular procedure funded by the established loan
program.
(4) Examples of obtaining and using medical information at the
request of the consumer. (i) If a consumer applies for a loan and
specifically requests that the creditor consider the consumer's medical
disability at the relevant time as an explanation for adverse payment
history information in his credit report, the creditor may consider
such medical information in evaluating the consumer's willingness and
ability to repay the requested loan to accommodate the consumer's
particular circumstances, consistent with safe and sound practices. The
creditor may also decline to consider such medical information to
accommodate the consumer, but may evaluate the consumer's application
in accordance with its otherwise applicable underwriting criteria. The
creditor may not deny the consumer's application or otherwise treat the
consumer less favorably because the consumer specifically requested a
medical accommodation, if the creditor would have extended the credit
or treated the consumer more favorably under the creditor's otherwise
applicable underwriting criteria.
(ii) If a consumer applies for a loan by telephone and explains
that his income has been and will continue to be interrupted on account
of a medical condition and that he expects to repay the loan by
liquidating assets, the creditor may, but is not required to, evaluate
the application using the sale of assets as the primary source of
repayment, consistent with safe and sound practices, provided that the
creditor documents the consumer's request by recording the oral
conversation or making a notation of the request in the consumer's
file.
(iii) If a consumer applies for a loan and the application form
provides a space where the consumer may provide any other information
or special circumstances, whether medical or non-medical, that the
consumer would like the creditor to consider in evaluating the
consumer's application, the creditor may use medical information
provided by the consumer in that space on that application to
accommodate the consumer's application for credit,
[[Page 33982]]
consistent with safe and sound practices, or may disregard that
information.
(iv) If a consumer specifically requests that the creditor use
medical information in determining the consumer's eligibility, or
continued eligibility, for credit and provides the creditor with
medical information for that purpose, and the creditor determines that
it needs additional information regarding the consumer's circumstances,
the creditor may request, obtain, and use additional medical
information about the consumer as necessary to verify the information
provided by the consumer or to determine whether to make an
accommodation for the consumer. The consumer may decline to provide
additional information, withdraw the request for an accommodation, and
have the application considered under the creditor's otherwise
applicable underwriting criteria.
(v) If a consumer completes and signs a credit application that is
not for medical purpose credit and the application contains boilerplate
language that routinely requests medical information from the consumer
or that indicates that by applying for credit the consumer authorizes
or consents to the creditor obtaining and using medical information in
connection with a determination of the consumer's eligibility, or
continued eligibility, for credit, the consumer has not specifically
requested that the creditor obtain and use medical information to
accommodate the consumer's particular circumstances.
(5) Example of a forbearance practice or program. After an
appropriate safety and soundness review, a creditor institutes a
program that allows consumers who are or will be hospitalized to defer
payments as needed for up to three months, without penalty, if the
credit account has been open for more than one year and has not
previously been in default, and the consumer provides confirming
documentation at an appropriate time. A consumer is hospitalized and
does not pay her bill for a particular month. This consumer has had a
credit account with the creditor for more than one year and has not
previously been in default. The creditor attempts to contact the
consumer and speaks with the consumer's adult child, who is not the
consumer's legal representative. The adult child informs the creditor
that the consumer is hospitalized and is unable to pay the bill at that
time. The creditor defers payments for up to three months, without
penalty, for the hospitalized consumer and sends the consumer a letter
confirming this practice and the date on which the next payment will be
due.
Sec. 222.31 Limits on redisclosure of information.
(a) Scope. This section applies to banks that are members of the
Federal Reserve System (other than national banks) and their respective
operating subsidiaries, branches and agencies of foreign banks (other
than Federal branches, Federal Agencies, and insured State branches of
foreign banks), commercial lending companies owned or controlled by
foreign banks, organizations operating under section 25 or 25A of the
Federal Reserve Act (12 U.S.C. 601 et seq., and 611 et seq.), and bank
holding companies and affiliates of such holding companies (other than
depository institutions and consumer reporting agencies).
(b) Limits on redisclosure. If a person described in paragraph (a)
of this section receives medical information about a consumer from a
consumer reporting agency or its affiliate, the person must not
disclose that information to any other person, except as necessary to
carry out the purpose for which the information was initially
disclosed, or as otherwise permitted by statute, regulation, or order.
Sec. 222.32 Sharing medical information with affiliates.
(a) Scope. This section applies to banks that are members of the
Federal Reserve System (other than national banks) and their respective
operating subsidiaries, branches and agencies of foreign banks (other
than Federal branches, Federal Agencies, and insured State branches of
foreign banks), commercial lending companies owned or controlled by
foreign banks, organizations operating under section 25 or 25A of the
Federal Reserve Act (12 U.S.C. 601 et seq., and 611 et seq.).
(b) In general. The exclusions from the term ``consumer report'' in
section 603(d)(2) of the Act that allow the sharing of information with
affiliates do not apply to a person described in paragraph (a) of this
section if that person communicates to an affiliate--
(1) Medical information;
(2) An individualized list or description based on the payment
transactions of the consumer for medical products or services; or
(3) An aggregate list of identified consumers based on payment
transactions for medical products or services.
(c) Exceptions. A person described in paragraph (a) of this section
may rely on the exclusions from the term ``consumer report'' in section
603(d)(2) of the Act to communicate the information in paragraph (b) of
this section to an affiliate--
(1) In connection with the business of insurance or annuities
(including the activities described in section 18B of the model Privacy
of Consumer Financial and Health Information Regulation issued by the
National Association of Insurance Commissioners, as in effect on
January 1, 2003);
(2) For any purpose permitted without authorization under the
regulations promulgated by the Department of Health and Human Services
pursuant to the Health Insurance Portability and Accountability Act of
1996 (HIPAA);
(3) For any purpose referred to in section 1179 of HIPAA;
(4) For any purpose described in section 502(e) of the Gramm-Leach-
Bliley Act;
(5) In connection with a determination of the consumer's
eligibility, or continued eligibility, for credit consistent with Sec.
222.30 of this part; or
(6) As otherwise permitted by order of the Board.
0
4. A new part 232 is added to read as follows:
PART 232--OBTAINING AND USING MEDICAL INFORMATION IN CONNECTION
WITH CREDIT (REGULATION FF)
Sec.
232.1 Scope, general prohibition and definitions.
232.2 Rule of construction for obtaining and using unsolicited
medical information.
232.3 Financial information exception for obtaining and using
medical information.
232.4 Specific exceptions for obtaining and using medical
information.
Authority: 15 U.S.C. 1681b.
Sec. 232.1 Scope, general prohibition and definitions.
(a) Scope. This part applies to creditors, as defined in paragraph
(c)(3) of this section, except for creditors that are subject to
Sec. Sec. 41.30, 222.30, 334.30, 571.30, or 717.30.
(b) In general. A creditor may not obtain or use medical
information pertaining to a consumer in connection with any
determination of the consumer's eligibility, or continued eligibility,
for credit, except as provided in this section.
(c) Definitions. (1) Consumer means an individual.
(2) Credit has the same meaning as in section 702 of the Equal
Credit Opportunity Act, 15 U.S.C. 1691a.
[[Page 33983]]
(3) Creditor has the same meaning as in section 702 of the Equal
Credit Opportunity Act, 15 U.S.C. 1691a.
(4) Eligibility, or continued eligibility, for credit means the
consumer's qualification or fitness to receive, or continue to receive,
credit, including the terms on which credit is offered. The term does
not include:
(i) Any determination of the consumer's qualification or fitness
for employment, insurance (other than a credit insurance product), or
other non-credit products or services;
(ii) Authorizing, processing, or documenting a payment or
transaction on behalf of the consumer in a manner that does not involve
a determination of the consumer's eligibility, or continued
eligibility, for credit; or
(iii) Maintaining or servicing the consumer's account in a manner
that does not involve a determination of the consumer's eligibility, or
continued eligibility, for credit.
(5) Medical information means:
(i) Information or data, whether oral or recorded, in any form or
medium, created by or derived from a health care provider or the
consumer, that relates to--
(A) The past, present, or future physical, mental, or behavioral
health or condition of an individual;
(B) The provision of health care to an individual; or
(C) The payment for the provision of health care to an individual.
(ii) The term does not include:
(A) The age or gender of a consumer;
(B) Demographic information about the consumer, including a
consumer's residence address or e-mail address;
(C) Any other information about a consumer that does not relate to
the physical, mental, or behavioral health or condition of a consumer,
including the existence or value of any insurance policy; or
(D) Information that does not identify a specific consumer.
(6) Person means any individual, partnership, corporation, trust,
estate cooperative, association, government or governmental subdivision
or agency, or other entity.
Sec. 232.2 Rule of construction for obtaining and using unsolicited
medical information.
(a) In general. A creditor does not obtain medical information in
violation of the prohibition if it receives medical information
pertaining to a consumer in connection with any determination of the
consumer's eligibility, or continued eligibility, for credit without
specifically requesting medical information.
(b) Use of unsolicited medical information. A creditor that
receives unsolicited medical information in the manner described in
paragraph (a) of this section may use that information in connection
with any determination of the consumer's eligibility, or continued
eligibility, for credit to the extent the creditor can rely on at least
one of the exceptions in Sec. 232.3 or Sec. 232.4.
(c) Examples. A creditor does not obtain medical information in
violation of the prohibition if, for example:
(1) In response to a general question regarding a consumer's debts
or expenses, the creditor receives information that the consumer owes a
debt to a hospital.
(2) In a conversation with the creditor's loan officer, the
consumer informs the creditor that the consumer has a particular
medical condition.
(3) In connection with a consumer's application for an extension of
credit, the creditor requests a consumer report from a consumer
reporting agency and receives medical information in the consumer
report furnished by the agency even though the creditor did not
specifically request medical information from the consumer reporting
agency.
Sec. 232.3 Financial information exception for obtaining and using
medical information.
(a) In general. A creditor may obtain and use medical information
pertaining to a consumer in connection with any determination of the
consumer's eligibility, or continued eligibility, for credit so long
as:
(1) The information is the type of information routinely used in
making credit eligibility determinations, such as information relating
to debts, expenses, income, benefits, assets, collateral, or the
purpose of the loan, including the use of proceeds;
(2) The creditor uses the medical information in a manner and to an
extent that is no less favorable than it would use comparable
information that is not medical information in a credit transaction;
and
(3) The creditor does not take the consumer's physical, mental, or
behavioral health, condition or history, type of treatment, or
prognosis into account as part of any such determination.
(b) Examples. (1) Examples of the types of information routinely
used in making credit eligibility determinations. Paragraph (a)(1) of
this section permits a creditor, for example, to obtain and use
information about:
(i) The dollar amount, repayment terms, repayment history, and
similar information regarding medical debts to calculate, measure, or
verify the repayment ability of the consumer, the use of proceeds, or
the terms for granting credit;
(ii) The value, condition, and lien status of a medical device that
may serve as collateral to secure a loan;
(iii) The dollar amount and continued eligibility for disability
income or benefits related to health or a medical condition that is
relied on as a source of repayment; or
(iv) The identity of creditors to whom outstanding medical debts
are owed in connection with an application for credit, including but
not limited to, a transaction involving the consolidation of medical
debts.
(2) Examples of uses of medical information consistent with the
exception. (i) A consumer includes on an application for credit
information about two $20,000 debts. One debt is to a hospital; the
other debt is to a retailer. The creditor contacts the hospital and the
retailer to verify the amount and payment status of the debts. The
creditor learns that both debts are more than 90 days past due. Any two
debts of this size that are more than 90 days past due would disqualify
the consumer under the creditor's established underwriting criteria.
The creditor denies the application on the basis that the consumer has
a poor repayment history on outstanding debts. The creditor has used
medical information in a manner and to an extent no less favorable than
it would use comparable non-medical information.
(ii) A consumer indicates on an application for a $200,000 mortgage
loan that she receives $15,000 in long-term disability income each year
from her former employer and has no other income. Annual income of
$15,000, regardless of source, would not be sufficient to support the
requested amount of credit. The creditor denies the application on the
basis that the projected debt-to-income ratio of the consumer does not
meet the creditor's underwriting criteria. The creditor has used
medical information in a manner and to an extent that is no less
favorable than it would use comparable non-medical information.
(iii) A consumer includes on an application for a $10,000 home
equity loan that he has a $50,000 debt to a medical facility that
specializes in treating a potentially terminal disease. The creditor
contacts the medical facility to verify the debt and obtain the
repayment history and current status of the loan. The creditor learns
that the debt is current. The applicant meets the income and other
requirements of the creditor's underwriting guidelines. The creditor
grants the application. The
[[Page 33984]]
creditor has used medical information in accordance with the exception.
(3) Examples of uses of medical information inconsistent with the
exception. (i) A consumer applies for $25,000 of credit and includes on
the application information about a $50,000 debt to a hospital. The
creditor contacts the hospital to verify the amount and payment status
of the debt, and learns that the debt is current and that the consumer
has no delinquencies in her repayment history. If the existing debt
were instead owed to a retail department store, the creditor would
approve the application and extend credit based on the amount and
repayment history of the outstanding debt. The creditor, however,
denies the application because the consumer is indebted to a hospital.
The creditor has used medical information, here the identity of the
medical creditor, in a manner and to an extent that is less favorable
than it would use comparable non-medical information.
(ii) A consumer meets with a loan officer of a creditor to apply
for a mortgage loan. While filling out the loan application, the
consumer informs the loan officer orally that she has a potentially
terminal disease. The consumer meets the creditor's established
requirements for the requested mortgage loan. The loan officer
recommends to the credit committee that the consumer be denied credit
because the consumer has that disease. The credit committee follows the
loan officer's recommendation and denies the application because the
consumer has a potentially terminal disease. The creditor has used
medical information in a manner inconsistent with the exception by
taking into account the consumer's physical, mental, or behavioral
health, condition, or history, type of treatment, or prognosis as part
of a determination of eligibility or continued eligibility for credit.
(iii) A consumer who has an apparent medical condition, such as a
consumer who uses a wheelchair or an oxygen tank, meets with a loan
officer to apply for a home equity loan. The consumer meets the
creditor's established requirements for the requested home equity loan
and the creditor typically does not require consumers to obtain a debt
cancellation contract, debt suspension agreement, or credit insurance
product in connection with such loans. However, based on the consumer's
apparent medical condition, the loan officer recommends to the credit
committee that credit be extended to the consumer only if the consumer
obtains a debt cancellation contract, debt suspension agreement, or
credit insurance product. The credit committee agrees with the loan
officer's recommendation. The loan officer informs the consumer that
the consumer must obtain a debt cancellation contract, debt suspension
agreement, or credit insurance product to qualify for the loan. The
consumer obtains one of these products from a third party and the
creditor approves the loan. The creditor has used medical information
in a manner inconsistent with the exception by taking into account the
consumer's physical, mental, or behavioral health, condition, or
history, type of treatment, or prognosis in setting conditions on the
consumer's eligibility for credit.
Sec. 232.4 Specific exceptions for obtaining and using medical
information.
(a) In general. A creditor may obtain and use medical information
pertaining to a consumer in connection with any determination of the
consumer's eligibility, or continued eligibility, for credit--
(1) To determine whether the use of a power of attorney or legal
representative that is triggered by a medical event or condition is
necessary and appropriate or whether the consumer has the legal
capacity to contract when a person seeks to exercise a power of
attorney or act as legal representative for a consumer based on an
asserted medical event or condition;
(2) To comply with applicable requirements of local, State, or
Federal laws;
(3) To determine, at the consumer's request, whether the consumer
qualifies for a legally permissible special credit program or credit-
related assistance program that is--
(i) Designed to meet the special needs of consumers with medical
conditions; and
(ii) Established and administered pursuant to a written plan that--
(A) Identifies the class of persons that the program is designed to
benefit; and
(B) Sets forth the procedures and standards for extending credit or
providing other credit-related assistance under the program.
(4) To the extent necessary for purposes of fraud prevention or
detection;
(5) In the case of credit for the purpose of financing medical
products or services, to determine and verify the medical purpose of a
loan and the use of proceeds;
(6) Consistent with safe and sound practices, if the consumer or
the consumer's legal representative specifically requests that the
creditor use medical information in determining the consumer's
eligibility, or continued eligibility, for credit, to accommodate the
consumer's particular circumstances, and such request is documented by
the creditor;
(7) Consistent with safe and sound practices, to determine whether
the provisions of a forbearance practice or program that is triggered
by a medical event or condition apply to a consumer;
(8) To determine the consumer's eligibility for, the triggering of,
or the reactivation of a debt cancellation contract or debt suspension
agreement if a medical condition or event is a triggering event for the
provision of benefits under the contract or agreement; or
(9) To determine the consumer's eligibility for, the triggering of,
or the reactivation of a credit insurance product if a medical
condition or event is a triggering event for the provision of benefits
under the product.
(b) Example of determining eligibility for a special credit program
or credit assistance program. A not-for-profit organization establishes
a credit assistance program pursuant to a written plan that is designed
to assist disabled veterans in purchasing homes by subsidizing the down
payment for the home purchase mortgage loans of qualifying veterans.
The organization works through mortgage lenders and requires mortgage
lenders to obtain medical information about the disability of any
consumer that seeks to qualify for the program, use that information to
verify the consumer's eligibility for the program, and forward that
information to the organization. A consumer who is a veteran applies to
a creditor for a home purchase mortgage loan. The creditor informs the
consumer about the credit assistance program for disabled veterans and
the consumer seeks to qualify for the program. Assuming that the
program complies with all applicable law, including applicable fair
lending laws, the creditor may obtain and use medical information about
the medical condition and disability, if any, of the consumer to
determine whether the consumer qualifies for the credit assistance
program.
(c) Examples of verifying the medical purpose of the loan or the
use of proceeds. (1) If a consumer applies for $10,000 of credit for
the purpose of financing vision correction surgery, the creditor may
verify with the surgeon that the procedure will be performed. If the
surgeon reports that surgery will not be performed on the consumer, the
creditor may use that medical information to deny the consumer's
application for credit, because the loan
[[Page 33985]]
would not be used for the stated purpose.
(2) If a consumer applies for $10,000 of credit for the purpose of
financing cosmetic surgery, the creditor may confirm the cost of the
procedure with the surgeon. If the surgeon reports that the cost of the
procedure is $5,000, the creditor may use that medical information to
offer the consumer only $5,000 of credit.
(3) A creditor has an established medical loan program for
financing particular elective surgical procedures. The creditor
receives a loan application from a consumer requesting $10,000 of
credit under the established loan program for an elective surgical
procedure. The consumer indicates on the application that the purpose
of the loan is to finance an elective surgical procedure not eligible
for funding under the guidelines of the established loan program. The
creditor may deny the consumer's application because the purpose of the
loan is not for a particular procedure funded by the established loan
program.
(d) Examples of obtaining and using medical information at the
request of the consumer. (1) If a consumer applies for a loan and
specifically requests that the creditor consider the consumer's medical
disability at the relevant time as an explanation for adverse payment
history information in his credit report, the creditor may consider
such medical information in evaluating the consumer's willingness and
ability to repay the requested loan to accommodate the consumer's
particular circumstances, consistent with safe and sound practices. The
creditor may also decline to consider such medical information to
accommodate the consumer, but may evaluate the consumer's application
in accordance with its otherwise applicable underwriting criteria. The
creditor may not deny the consumer's application or otherwise treat the
consumer less favorably because the consumer specifically requested a
medical accommodation, if the creditor would have extended the credit
or treated the consumer more favorably under the creditor's otherwise
applicable underwriting criteria.
(2) If a consumer applies for a loan by telephone and explains that
his income has been and will continue to be interrupted on account of a
medical condition and that he expects to repay the loan liquidating
assets, the creditor may, but is not required to, evaluate the
application using the sale of assets as the primary source of
repayment, consistent with safe and sound practices, provided that the
creditor documents the consumer's request by recording the oral
conversation or making a notation of the request in the consumer's
file.
(3) If a consumer applies for a loan and the application form
provides a space where the consumer may provide any other information
or special circumstances, whether medical or non-medical, that the
consumer would like the creditor to consider in evaluating the
consumer's application, the creditor may use medical information
provided by the consumer in that space on that application to
accommodate the consumer's application for credit, consistent with safe
and sound practices, or may disregard that information.
(4) If a consumer specifically requests that the creditor use
medical information in determining the consumer's eligibility, or
continued eligibility, for credit and provides the creditor with
medical information for that purpose, and the creditor determines that
it needs additional information regarding the consumer's circumstances,
the creditor may request, obtain, and use additional medical
information about the consumer as necessary to verify the information
provided by the consumer or to determine whether to make an
accommodation for the consumer. The consumer may decline to provide
additional information, withdraw the request for an accommodation, and
have the application considered under the creditor's otherwise
applicable underwriting criteria.
(5) If a consumer completes and signs a credit application that is
not for medical purpose credit and the application contains boilerplate
language that routinely requests medical information from the consumer
or that indicates that by applying for credit the consumer authorizes
or consents to the creditor obtaining and using medical information in
connection with a determination of the consumer's eligibility, or
continued eligibility, for credit, the consumer has not specifically
requested that the creditor obtain and use medical information to
accommodate the consumer's particular circumstances.
(e) Example of a forbearance practice or program. After an
appropriate safety and soundness review, a creditor institutes a
program that allows consumers who are or will be hospitalized to defer
payments as needed for up to three months, without penalty, if the
credit account has been open for more than one year and has not
previously been in default, and the consumer provides confirming
documentation at an appropriate time. A consumer is hospitalized and
does not pay her bill for a particular month. This consumer has had a
credit account with the creditor for more than one year and has not
previously been in default. The creditor attempts to contact the
consumer and speaks with the consumer's adult child, who is not the
consumer's legal representative. The adult child informs the creditor
that the consumer is hospitalized and is unable to pay the bill at that
time. The creditor defers payments for up to three months, without
penalty, for the hospitalized consumer and sends the consumer a letter
confirming this practice and the date on which the next payment will be
due.
Federal Deposit Insurance Corporation
12 CFR Chapter III.
Authority and Issuance
0
For the reasons set forth in the joint preamble, the Federal Deposit
Insurance Corporation amends part 334 of chapter III of title 12 of the
Code of Federal Regulations as follows:
PART 334--FAIR CREDIT REPORTING
0
1. The authority citation for part 334 is revised to read as follows:
Authority: 12 U.S.C. 1819 (Tenth) and 1818; 15 U.S.C. 1681b and
1681s.
0
2. Subpart A is added to part 334 to read as follows:
Subpart A--General Provisions
Sec.
334.1 [Reserved]
334.2 Examples.
334.3 Definitions.
Subpart A--General Provisions
Sec. 334.1 [Reserved]
Sec. 334.2 Examples.
The examples in this part are not exclusive. Compliance with an
example, to the extent applicable, constitutes compliance with this
part. Examples in a paragraph illustrate only the issue described in
the paragraph and do not illustrate any other issue that may arise in
this part.
Sec. 334.3 Definitions.
As used in this part, unless the context requires otherwise:
(a) Act means the Fair Credit Reporting Act (15 U.S.C. 1681 et
seq.).
(b) Affiliate means any company that is related by common ownership
or common corporate control with another company.
(c) [Reserved]
(d) Company means any corporation, limited liability company,
business
[[Page 33986]]
trust, general or limited partnership, association, or similar
organization.
(e) Consumer means an individual.
(f) [Reserved]
(g) [Reserved]
(h) [Reserved]
(i) Common ownership or common corporate control means a
relationship between two companies under which:
(1) One company has, with respect to the other company:
(i) Ownership, control, or power to vote 25 percent or more of the
outstanding shares of any class of voting security of a company,
directly or indirectly, or acting through one or more other persons;
(ii) Control in any manner over the election of a majority of the
directors, trustees, or general partners (or individuals exercising
similar functions) of a company; or
(iii) The power to exercise, directly or indirectly, a controlling
influence over the management or policies of a company, as the FDIC
determines; or
(2) Any other person has, with respect to both companies, a
relationship described in paragraphs (i)(1)(i)-(i)(1)(iii) of this
section.
(j) [Reserved]
(k) Medical information means:
(1) Information or data, whether oral or recorded, in any form or
medium, created by or derived from a health care provider or the
consumer, that relates to--
(i) The past, present, or future physical, mental, or behavioral
health or condition of an individual;
(ii) The provision of health care to an individual; or
(iii) The payment for the provision of health care to an
individual.
(2) The term does not include:
(i) The age or gender of a consumer;
(ii) Demographic information about the consumer, including a
consumer's residence address or e-mail address;
(iii) Any other information about a consumer that does not relate
to the physical, mental, or behavioral health or condition of a
consumer, including the existence or value of any insurance policy; or
(iv) Information that does not identify a specific consumer.
(l) Person means any individual, partnership, corporation, trust,
estate cooperative, association, government or governmental subdivision
or agency, or other entity.
0
3. Subpart D is added to part 334 to read as follows:
Subpart D--Medical Information
Sec. 334.30 Obtaining or using medical information in connection with
a determination of eligibility for credit.
(a) Scope. This section applies to:
(1) Any of the following that participates as a creditor in a
transaction--
(i) A State bank insured by the FDIC (other than members of the
Federal Reserve System);
(ii) An insured State branch of a foreign bank; or
(2) Any other person that participates as a creditor in a
transaction involving a person described in paragraph (a)(1) of this
section.
(b) General prohibition on obtaining or using medical information.
(1) In general. A creditor may not obtain or use medical information
pertaining to a consumer in connection with any determination of the
consumer's eligibility, or continued eligibility, for credit, except as
provided in this section.
(2) Definitions. (i) Credit has the same meaning as in section 702
of the Equal Credit Opportunity Act, 15 U.S.C. 1691a.
(ii) Creditor has the same meaning as in section 702 of the Equal
Credit Opportunity Act, 15 U.S.C. 1691a.
(iii) Eligibility, or continued eligibility, for credit means the
consumer's qualification or fitness to receive, or continue to receive,
credit, including the terms on which credit is offered. The term does
not include:
(A) Any determination of the consumer's qualification or fitness
for employment, insurance (other than a credit insurance product), or
other non-credit products or services;
(B) Authorizing, processing, or documenting a payment or
transaction on behalf of the consumer in a manner that does not involve
a determination of the consumer's eligibility, or continued
eligibility, for credit; or
(C) Maintaining or servicing the consumer's account in a manner
that does not involve a determination of the consumer's eligibility, or
continued eligibility, for credit.
(c) Rule of construction for obtaining and using unsolicited
medical information. (1) In general. A creditor does not obtain medical
information in violation of the prohibition if it receives medical
information pertaining to a consumer in connection with any
determination of the consumer's eligibility, or continued eligibility,
for credit without specifically requesting medical information.
(2) Use of unsolicited medical information. A creditor that
receives unsolicited medical information in the manner described in
paragraph (c)(1) of this section may use that information in connection
with any determination of the consumer's eligibility, or continued
eligibility, for credit to the extent the creditor can rely on at least
one of the exceptions in Sec. 334.30(d) or (e).
(3) Examples. A creditor does not obtain medical information in
violation of the prohibition if, for example:
(i) In response to a general question regarding a consumer's debts
or expenses, the creditor receives information that the consumer owes a
debt to a hospital.
(ii) In a conversation with the creditor's loan officer, the
consumer informs the creditor that the consumer has a particular
medical condition.
(iii) In connection with a consumer's application for an extension
of credit, the creditor requests a consumer report from a consumer
reporting agency and receives medical information in the consumer
report furnished by the agency even though the creditor did not
specifically request medical information from the consumer reporting
agency.
(d) Financial information exception for obtaining and using medical
information. (1) In general. A creditor may obtain and use medical
information pertaining to a consumer in connection with any
determination of the consumer's eligibility, or continued eligibility,
for credit so long as:
(i) The information is the type of information routinely used in
making credit eligibility determinations, such as information relating
to debts, expenses, income, benefits, assets, collateral, or the
purpose of the loan, including the use of proceeds;
(ii) The creditor uses the medical information in a manner and to
an extent that is no less favorable than it would use comparable
information that is not medical information in a credit transaction;
and
(iii) The creditor does not take the consumer's physical, mental,
or behavioral health, condition or history, type of treatment, or
prognosis into account as part of any such determination.
(2) Examples. (i) Examples of the types of information routinely
used in making credit eligibility determinations. Paragraph (d)(1)(i)
of this section permits a creditor, for example, to obtain and use
information about:
(A) The dollar amount, repayment terms, repayment history, and
similar information regarding medical debts to calculate, measure, or
verify the repayment ability of the consumer, the use of proceeds, or
the terms for granting credit;
[[Page 33987]]
(B) The value, condition, and lien status of a medical device that
may serve as collateral to secure a loan;
(C) The dollar amount and continued eligibility for disability
income or benefits related to health or a medical condition that is
relied on as a source of repayment; or
(D) The identity of creditors to whom outstanding medical debts are
owed in connection with an application for credit, including but not
limited to, a transaction involving the consolidation of medical debts.
(ii) Examples of uses of medical information consistent with the
exception. (A) A consumer includes on an application for credit
information about two $20,000 debts. One debt is to a hospital; the
other debt is to a retailer. The creditor contacts the hospital and the
retailer to verify the amount and payment status of the debts. The
creditor learns that both debts are more than 90 days past due. Any two
debts of this size that are more than 90 days past due would disqualify
the consumer under the creditor's established underwriting criteria.
The creditor denies the application on the basis that the consumer has
a poor repayment history on outstanding debts. The creditor has used
medical information in a manner and to an extent no less favorable than
it would use comparable non-medical information.
(B) A consumer indicates on an application for a $200,000 mortgage
loan that she receives $15,000 in long-term disability income each year
from her former employer and has no other income. Annual income of
$15,000, regardless of source, would not be sufficient to support the
requested amount of credit. The creditor denies the application on the
basis that the projected debt-to-income ratio of the consumer does not
meet the creditor's underwriting criteria. The creditor has used
medical information in a manner and to an extent that is no less
favorable than it would use comparable non-medical information.
(C) A consumer includes on an application for a $10,000 home equity
loan that he has a $50,000 debt to a medical facility that specializes
in treating a potentially terminal disease. The creditor contacts the
medical facility to verify the debt and obtain the repayment history
and current status of the loan. The creditor learns that the debt is
current. The applicant meets the income and other requirements of the
creditor's underwriting guidelines. The creditor grants the
application. The creditor has used medical information in accordance
with the exception.
(iii) Examples of uses of medical information inconsistent with the
exception. (A) A consumer applies for $25,000 of credit and includes on
the application information about a $50,000 debt to a hospital. The
creditor contacts the hospital to verify the amount and payment status
of the debt, and learns that the debt is current and that the consumer
has no delinquencies in her repayment history. If the existing debt
were instead owed to a retail department store, the creditor would
approve the application and extend credit based on the amount and
repayment history of the outstanding debt. The creditor, however,
denies the application because the consumer is indebted to a hospital.
The creditor has used medical information, here the identity of the
medical creditor, in a manner and to an extent that is less favorable
than it would use comparable non-medical information.
(B) A consumer meets with a loan officer of a creditor to apply for
a mortgage loan. While filling out the loan application, the consumer
informs the loan officer orally that she has a potentially terminal
disease. The consumer meets the creditor's established requirements for
the requested mortgage loan. The loan officer recommends to the credit
committee that the consumer be denied credit because the consumer has
that disease. The credit committee follows the loan officer's
recommendation and denies the application because the consumer has a
potentially terminal disease. The creditor has used medical information
in a manner inconsistent with the exception by taking into account the
consumer's physical, mental, or behavioral health, condition, or
history, type of treatment, or prognosis as part of a determination of
eligibility or continued eligibility for credit.
(C) A consumer who has an apparent medical condition, such as a
consumer who uses a wheelchair or an oxygen tank, meets with a loan
officer to apply for a home equity loan. The consumer meets the
creditor's established requirements for the requested home equity loan
and the creditor typically does not require consumers to obtain a debt
cancellation contract, debt suspension agreement, or credit insurance
product in connection with such loans. However, based on the consumer's
apparent medical condition, the loan officer recommends to the credit
committee that credit be extended to the consumer only if the consumer
obtains a debt cancellation contract, debt suspension agreement, or
credit insurance product. The credit committee agrees with the loan
officer's recommendation. The loan officer informs the consumer that
the consumer must obtain a debt cancellation contract, debt suspension
agreement, or credit insurance product to qualify for the loan. The
consumer obtains one of these products from a third party and the
creditor approves the loan. The creditor has used medical information
in a manner inconsistent with the exception by taking into account the
consumer's physical, mental, or behavioral health, condition, or
history, type of treatment, or prognosis in setting conditions on the
consumer's eligibility for credit.
(e) Specific exceptions for obtaining and using medical
information. (1) In general. A creditor may obtain and use medical
information pertaining to a consumer in connection with any
determination of the consumer's eligibility, or continued eligibility,
for credit--
(i) To determine whether the use of a power of attorney or legal
representative that is triggered by a medical event or condition is
necessary and appropriate or whether the consumer has the legal
capacity to contract when a person seeks to exercise a power of
attorney or act as legal representative for a consumer based on an
asserted medical event or condition;
(ii) To comply with applicable requirements of local, State, or
Federal laws;
(iii) To determine, at the consumer's request, whether the consumer
qualifies for a legally permissible special credit program or credit-
related assistance program that is--
(A) Designed to meet the special needs of consumers with medical
conditions; and
(B) Established and administered pursuant to a written plan that--
(1) Identifies the class of persons that the program is designed to
benefit; and
(2) Sets forth the procedures and standards for extending credit or
providing other credit-related assistance under the program.
(iv) To the extent necessary for purposes of fraud prevention or
detection;
(v) In the case of credit for the purpose of financing medical
products or services, to determine and verify the medical purpose of a
loan and the use of proceeds;
(vi) Consistent with safe and sound practices, if the consumer or
the consumer's legal representative specifically requests that the
creditor use medical information in determining the consumer's
eligibility, or continued eligibility, for credit, to accommodate the
consumer's particular
[[Page 33988]]
circumstances, and such request is documented by the creditor;
(vii) Consistent with safe and sound practices, to determine
whether the provisions of a forbearance practice or program that is
triggered by a medical event or condition apply to a consumer;
(viii) To determine the consumer's eligibility for, the triggering
of, or the reactivation of a debt cancellation contract or debt
suspension agreement if a medical condition or event is a triggering
event for the provision of benefits under the contract or agreement; or
(ix) To determine the consumer's eligibility for, the triggering
of, or the reactivation of a credit insurance product if a medical
condition or event is a triggering event for the provision of benefits
under the product.
(2) Example of determining eligibility for a special credit program
or credit assistance program. A not-for-profit organization establishes
a credit assistance program pursuant to a written plan that is designed
to assist disabled veterans in purchasing homes by subsidizing the down
payment for the home purchase mortgage loans of qualifying veterans.
The organization works through mortgage lenders and requires mortgage
lenders to obtain medical information about the disability of any
consumer that seeks to qualify for the program, use that information to
verify the consumer's eligibility for the program, and forward that
information to the organization. A consumer who is a veteran applies to
a creditor for a home purchase mortgage loan. The creditor informs the
consumer about the credit assistance program for disabled veterans and
the consumer seeks to qualify for the program. Assuming that the
program complies with all applicable law, including applicable fair
lending laws, the creditor may obtain and use medical information about
the medical condition and disability, if any, of the consumer to
determine whether the consumer qualifies for the credit assistance
program.
(3) Examples of verifying the medical purpose of the loan or the
use of proceeds. (i) If a consumer applies for $10,000 of credit for
the purpose of financing vision correction surgery, the creditor may
verify with the surgeon that the procedure will be performed. If the
surgeon reports that surgery will not be performed on the consumer, the
creditor may use that medical information to deny the consumer's
application for credit, because the loan would not be used for the
stated purpose.
(ii) If a consumer applies for $10,000 of credit for the purpose of
financing cosmetic surgery, the creditor may confirm the cost of the
procedure with the surgeon. If the surgeon reports that the cost of the
procedure is $5,000, the creditor may use that medical information to
offer the consumer only $5,000 of credit.
(iii) A creditor has an established medical loan program for
financing particular elective surgical procedures. The creditor
receives a loan application from a consumer requesting $10,000 of
credit under the established loan program for an elective surgical
procedure. The consumer indicates on the application that the purpose
of the loan is to finance an elective surgical procedure not eligible
for funding under the guidelines of the established loan program. The
creditor may deny the consumer's application because the purpose of the
loan is not for a particular procedure funded by the established loan
program.
(4) Examples of obtaining and using medical information at the
request of the consumer. (i) If a consumer applies for a loan and
specifically requests that the creditor consider the consumer's medical
disability at the relevant time as an explanation for adverse payment
history information in his credit report, the creditor may consider
such medical information in evaluating the consumer's willingness and
ability to repay the requested loan to accommodate the consumer's
particular circumstances, consistent with safe and sound practices. The
creditor may also decline to consider such medical information to
accommodate the consumer, but may evaluate the consumer's application
in accordance with its otherwise applicable underwriting criteria. The
creditor may not deny the consumer's application or otherwise treat the
consumer less favorably because the consumer specifically requested a
medical accommodation, if the creditor would have extended the credit
or treated the consumer more favorably under the creditor's otherwise
applicable underwriting criteria.
(ii) If a consumer applies for a loan by telephone and explains
that his income has been and will continue to be interrupted on account
of a medical condition and that he expects to repay the loan by
liquidating assets, the creditor may, but is not required to, evaluate
the application using the sale of assets as the primary source of
repayment, consistent with safe and sound practices, provided that the
creditor documents the consumer's request by recording the oral
conversation or making a notation of the request in the consumer's
file.
(iii) If a consumer applies for a loan and the application form
provides a space where the consumer may provide any other information
or special circumstances, whether medical or non-medical, that the
consumer would like the creditor to consider in evaluating the
consumer's application, the creditor may use medical information
provided by the consumer in that space on that application to
accommodate the consumer's application for credit, consistent with safe
and sound practices, or may disregard that information.
(iv) If a consumer specifically requests that the creditor use
medical information in determining the consumer's eligibility, or
continued eligibility, for credit and provides the creditor with
medical information for that purpose, and the creditor determines that
it needs additional information regarding the consumer's circumstances,
the creditor may request, obtain, and use additional medical
information about the consumer as necessary to verify the information
provided by the consumer or to determine whether to make an
accommodation for the consumer. The consumer may decline to provide
additional information, withdraw the request for an accommodation, and
have the application considered under the creditor's otherwise
applicable underwriting criteria.
(v) If a consumer completes and signs a credit application that is
not for medical purpose credit and the application contains boilerplate
language that routinely requests medical information from the consumer
or that indicates that by applying for credit the consumer authorizes
or consents to the creditor obtaining and using medical information in
connection with a determination of the consumer's eligibility, or
continued eligibility, for credit, the consumer has not specifically
requested that the creditor obtain and use medical information to
accommodate the consumer's particular circumstances.
(5) Example of a forbearance practice or program. After an
appropriate safety and soundness review, a creditor institutes a
program that allows consumers who are or will be hospitalized to defer
payments as needed for up to three months, without penalty, if the
credit account has been open for more than one year and has not
previously been in default, and the consumer provides confirming
documentation at an appropriate time. A consumer is hospitalized and
does not pay her bill for a particular month. This consumer has had a
credit account
[[Page 33989]]
with the creditor for more than one year and has not previously been in
default. The creditor attempts to contact the consumer and speaks with
the consumer's adult child, who is not the consumer's legal
representative. The adult child informs the creditor that the consumer
is hospitalized and is unable to pay the bill at that time. The
creditor defers payments for up to three months, without penalty, for
the hospitalized consumer and sends the consumer a letter confirming
this practice and the date on which the next payment will be due.
Sec. 334.31 Limits on redisclosure of information.
(a) Scope. This section applies to State banks insured by the FDIC
(other than members of the Federal Reserve System) and insured State
branches of foreign banks.
(b) Limits on redisclosure. If a person described in paragraph (a)
of this section receives medical information about a consumer from a
consumer reporting agency or its affiliate, the person must not
disclose that information to any other person, except as necessary to
carry out the purpose for which the information was initially
disclosed, or as otherwise permitted by statute, regulation, or order.
Sec. 334.32 Sharing medical information with affiliates.
(a) Scope. This section applies to State banks insured by the FDIC
(other than members of the Federal Reserve System) and insured State
branches of foreign banks.
(b) In general. The exclusions from the term ``consumer report'' in
section 603(d)(2) of the Act that allow the sharing of information with
affiliates do not apply if a person described in paragraph (a) of this
section communicates to an affiliate--
(1) Medical information;
(2) An individualized list or description based on the payment
transactions of the consumer for medical products or services; or
(3) An aggregate list of identified consumers based on payment
transactions for medical products or services.
(c) Exceptions. A person described in paragraph (a) of this section
may rely on the exclusions from the term ``consumer report'' in section
603(d)(2) of the Act to communicate the information in paragraph (b) of
this section to an affiliate--
(1) In connection with the business of insurance or annuities
(including the activities described in section 18B of the model Privacy
of Consumer Financial and Health Information Regulation issued by the
National Association of Insurance Commissioners, as in effect on
January 1, 2003);
(2) For any purpose permitted without authorization under the
regulations promulgated by the Department of Health and Human Services
pursuant to the Health Insurance Portability and Accountability Act of
1996 (HIPAA);
(3) For any purpose referred to in section 1179 of HIPAA;
(4) For any purpose described in section 502(e) of the Gramm-Leach-
Bliley Act;
(5) In connection with a determination of the consumer's
eligibility, or continued eligibility, for credit consistent with Sec.
334.30; or
(6) As otherwise permitted by order of the FDIC.
Office of Thrift Supervision
12 CFR Chapter V.
Authority and Issuance
0
For the reasons set forth in the joint preamble, the Office of Thrift
Supervision amends chapter V of title 12 of the Code of Federal
Regulations as follows:
PART 571--FAIR CREDIT REPORTING
0
1. The authority citation for part 571 is revised to read as follows:
Authority: 12 U.S.C. 1462a, 1463, 1464, 1467a, 1828, 1831p-1,
and 1881-1884; 15 U.S.C. 1681b, 1681s, and 1681w; 15 U.S.C. 6801 and
6805(b)(1).
Subpart A--General Provisions
0
2. Revise Sec. 571.1(b)(2) to read as follows:
Sec. 571.1 Purpose and Scope.
* * * * *
(b) * * *
(2) Scope in general. Except as otherwise provided in this part,
this part applies to savings associations whose deposits are insured by
the Federal Deposit Insurance Corporation (and Federal savings
association operating subsidiaries in accordance with Sec. 559.3(h)(1)
of this chapter).
0
3. Add Sec. 571.2 to read as follows:
Sec. 571.2 Examples.
The examples in this part are not exclusive. Compliance with an
example, to the extent applicable, constitutes compliance with this
part. Examples in a paragraph illustrate only the issue described in
the paragraph and do not illustrate any other issue that may arise in
this part.
0
4. Amend Sec. 571.3 by revising the introductory text and paragraphs
(a) through (n) to read as follows:
Sec. 571.3 Definitions.
As used in this part, unless the context requires otherwise:
(a) Act means the Fair Credit Reporting Act (15 U.S.C. 1681 et
seq.).
(b) Affiliate means any company that is related by common ownership
or common corporate control with another company.
(c) [Reserved]
(d) Company means any corporation, limited liability company,
business trust, general or limited partnership, association, or similar
organization.
(e) Consumer means an individual.
(f)-(h) [Reserved]
(i) Common ownership or common corporate control means a
relationship between two companies under which:
(1) One company has, with respect to the other company:
(i) Ownership, control, or power to vote 25 percent or more of the
outstanding shares of any class of voting security of a company,
directly or indirectly, or acting through one or more other persons;
(ii) Control in any manner over the election of a majority of the
directors, trustees, or general partners (or individuals exercising
similar functions) of a company; or
(iii) The power to exercise, directly or indirectly, a controlling
influence over the management or policies of a company, as the OTS
determines; or
(2) Any other person has, with respect to both companies, a
relationship described in paragraphs (i)(1)(i)-(i)(1)(iii) of this
section.
(j) [Reserved]
(k) Medical information means:
(1) Information or data, whether oral or recorded, in any form or
medium, created by or derived from a health care provider or the
consumer, that relates to--
(i) The past, present, or future physical, mental, or behavioral
health or condition of an individual;
(ii) The provision of health care to an individual; or
(iii) The payment for the provision of health care to an
individual.
(2) The term does not include:
(i) The age or gender of a consumer;
(ii) Demographic information about the consumer, including a
consumer's residence address or e-mail address;
(iii) Any other information about a consumer that does not relate
to the physical, mental, or behavioral health or condition of a
consumer, including the existence or value of any insurance policy; or
(iv) Information that does not identify a specific consumer.
(l) Person means any individual, partnership, corporation, trust,
estate
[[Page 33990]]
cooperative, association, government or governmental subdivision or
agency, or other entity.
(m)-(n) [Reserved]
* * * * *
0
5. Add subpart D to part 571 to read as follows:
Subpart D--Medical Information
Sec. 571.30 Obtaining or using medical information in connection with
a determination of eligibility for credit.
(a) Scope. This section applies to:
(1) Any of the following that participates as a creditor in a
transaction--
(i) A savings association;
(ii) A subsidiary owned in whole or in part by a savings
association;
(iii) A savings and loan holding company;
(iv) A subsidiary of a savings and loan holding company other than
a bank or subsidiary of a bank; or
(v) A service corporation owned in whole or in part by a savings
association; or
(2) Any other person that participates as a creditor in a
transaction involving a person described in paragraph (a)(1) of this
section.
(b) General prohibition on obtaining or using medical information.
(1) In general. A creditor may not obtain or use medical information
pertaining to a consumer in connection with any determination of the
consumer's eligibility, or continued eligibility, for credit, except as
provided in this section.
(2) Definitions. (i) Credit has the same meaning as in section 702
of the Equal Credit Opportunity Act, 15 U.S.C. 1691a.
(ii) Creditor has the same meaning as in section 702 of the Equal
Credit Opportunity Act, 15 U.S.C. 1691a.
(iii) Eligibility, or continued eligibility, for credit means the
consumer's qualification or fitness to receive, or continue to receive,
credit, including the terms on which credit is offered. The term does
not include:
(A) Any determination of the consumer's qualification or fitness
for employment, insurance (other than a credit insurance product), or
other non-credit products or services;
(B) Authorizing, processing, or documenting a payment or
transaction on behalf of the consumer in a manner that does not involve
a determination of the consumer's eligibility, or continued
eligibility, for credit; or
(C) Maintaining or servicing the consumer's account in a manner
that does not involve a determination of the consumer's eligibility, or
continued eligibility, for credit.
(c) Rule of construction for obtaining and using unsolicited
medical information. (1) In general. A creditor does not obtain medical
information in violation of the prohibition if it receives medical
information pertaining to a consumer in connection with any
determination of the consumer's eligibility, or continued eligibility,
for credit without specifically requesting medical information.
(2) Use of unsolicited medical information. A creditor that
receives unsolicited medical information in the manner described in
paragraph (c)(1) of this section may use that information in connection
with any determination of the consumer's eligibility, or continued
eligibility, for credit to the extent the creditor can rely on at least
one of the exceptions in Sec. 571.30(d) or (e).
(3) Examples. A creditor does not obtain medical information in
violation of the prohibition if, for example:
(i) In response to a general question regarding a consumer's debts
or expenses, the creditor receives information that the consumer owes a
debt to a hospital;
(ii) In a conversation with the creditor's loan officer, the
consumer informs the creditor that the consumer has a particular
medical condition; or
(iii) In connection with a consumer's application for an extension
of credit, the creditor requests a consumer report from a consumer
reporting agency and receives medical information in the consumer
report furnished by the agency even though the creditor did not
specifically request medical information from the consumer reporting
agency.
(d) Financial information exception for obtaining and using medical
information. (1) In general. A creditor may obtain and use medical
information pertaining to a consumer in connection with any
determination of the consumer's eligibility, or continued eligibility,
for credit so long as:
(i) The information is the type of information routinely used in
making credit eligibility determinations, such as information relating
to debts, expenses, income, benefits, assets, collateral, or the
purpose of the loan, including the use of proceeds;
(ii) The creditor uses the medical information in a manner and to
an extent that is no less favorable than it would use comparable
information that is not medical information in a credit transaction;
and
(iii) The creditor does not take the consumer's physical, mental,
or behavioral health, condition or history, type of treatment, or
prognosis into account as part of any such determination.
(2) Examples. (i) Examples of the types of information routinely
used in making credit eligibility determinations. Paragraph (d)(1)(i)
of this section permits a creditor, for example, to obtain and use
information about:
(A) The dollar amount, repayment terms, repayment history, and
similar information regarding medical debts to calculate, measure, or
verify the repayment ability of the consumer, the use of proceeds, or
the terms for granting credit;
(B) The value, condition, and lien status of a medical device that
may serve as collateral to secure a loan;
(C) The dollar amount and continued eligibility for disability
income or benefits related to health or a medical condition that is
relied on as a source of repayment; or
(D) The identity of creditors to whom outstanding medical debts are
owed in connection with an application for credit, including but not
limited to, a transaction involving the consolidation of medical debts.
(ii) Examples of uses of medical information consistent with the
exception. (A) A consumer includes on an application for credit
information about two $20,000 debts. One debt is to a hospital; the
other debt is to a retailer. The creditor contacts the hospital and the
retailer to verify the amount and payment status of the debts. The
creditor learns that both debts are more than 90 days past due. Any two
debts of this size that are more than 90 days past due would disqualify
the consumer under the creditor's established underwriting criteria.
The creditor denies the application on the basis that the consumer has
a poor repayment history on outstanding debts. The creditor has used
medical information in a manner and to an extent no less favorable than
it would use comparable non-medical information.
(B) A consumer indicates on an application for a $200,000 mortgage
loan that she receives $15,000 in long-term disability income each year
from her former employer and has no other income. Annual income of
$15,000, regardless of source, would not be sufficient to support the
requested amount of credit. The creditor denies the application on the
basis that the projected debt-to-income ratio of the consumer does not
meet the creditor's underwriting criteria. The creditor has used
medical information in a manner and to an extent that is no less
favorable than it would use comparable non-medical information.
(C) A consumer includes on an application for a $10,000 home equity
loan that he has a $50,000 debt to a
[[Page 33991]]
medical facility that specializes in treating a potentially terminal
disease. The creditor contacts the medical facility to verify the debt
and obtain the repayment history and current status of the loan. The
creditor learns that the debt is current. The applicant meets the
income and other requirements of the creditor's underwriting
guidelines. The creditor grants the application. The creditor has used
medical information in accordance with the exception.
(iii) Examples of uses of medical information inconsistent with the
exception. (A) A consumer applies for $25,000 of credit and includes on
the application information about a $50,000 debt to a hospital. The
creditor contacts the hospital to verify the amount and payment status
of the debt, and learns that the debt is current and that the consumer
has no delinquencies in her repayment history. If the existing debt
were instead owed to a retail department store, the creditor would
approve the application and extend credit based on the amount and
repayment history of the outstanding debt. The creditor, however,
denies the application because the consumer is indebted to a hospital.
The creditor has used medical information, here the identity of the
medical creditor, in a manner and to an extent that is less favorable
than it would use comparable non-medical information.
(B) A consumer meets with a loan officer of a creditor to apply for
a mortgage loan. While filling out the loan application, the consumer
informs the loan officer orally that she has a potentially terminal
disease. The consumer meets the creditor's established requirements for
the requested mortgage loan. The loan officer recommends to the credit
committee that the consumer be denied credit because the consumer has
that disease. The credit committee follows the loan officer's
recommendation and denies the application because the consumer has a
potentially terminal disease. The creditor has used medical information
in a manner inconsistent with the exception by taking into account the
consumer's physical, mental, or behavioral health, condition, or
history, type of treatment, or prognosis as part of a determination of
eligibility or continued eligibility for credit.
(C) A consumer who has an apparent medical condition, such as a
consumer who uses a wheelchair or an oxygen tank, meets with a loan
officer to apply for a home equity loan. The consumer meets the
creditor's established requirements for the requested home equity loan
and the creditor typically does not require consumers to obtain a debt
cancellation contract, debt suspension agreement, or credit insurance
product in connection with such loans. However, based on the consumer's
apparent medical condition, the loan officer recommends to the credit
committee that credit be extended to the consumer only if the consumer
obtains a debt cancellation contract, debt suspension agreement, or
credit insurance product. The credit committee agrees with the loan
officer's recommendation. The loan officer informs the consumer that
the consumer must obtain a debt cancellation contract, debt suspension
agreement, or credit insurance product to qualify for the loan. The
consumer obtains one of these products from a third party and the
creditor approves the loan. The creditor has used medical information
in a manner inconsistent with the exception by taking into account the
consumer's physical, mental, or behavioral health, condition, or
history, type of treatment, or prognosis in setting conditions on the
consumer's eligibility for credit.
(e) Specific exceptions for obtaining and using medical
information. (1) In general. A creditor may obtain and use medical
information pertaining to a consumer in connection with any
determination of the consumer's eligibility, or continued eligibility,
for credit--
(i) To determine whether the use of a power of attorney or legal
representative that is triggered by a medical event or condition is
necessary and appropriate or whether the consumer has the legal
capacity to contract when a person seeks to exercise a power of
attorney or act as legal representative for a consumer based on an
asserted medical event or condition;
(ii) To comply with applicable requirements of local, State, or
Federal laws;
(iii) To determine, at the consumer's request, whether the consumer
qualifies for a legally permissible special credit program or credit-
related assistance program that is--
(A) Designed to meet the special needs of consumers with medical
conditions; and
(B) Established and administered pursuant to a written plan that--
(1) Identifies the class of persons that the program is designed to
benefit; and
(2) Sets forth the procedures and standards for extending credit or
providing other credit-related assistance under the program.
(iv) To the extent necessary for purposes of fraud prevention or
detection;
(v) In the case of credit for the purpose of financing medical
products or services, to determine and verify the medical purpose of a
loan and the use of proceeds;
(vi) Consistent with safe and sound practices, if the consumer or
the consumer's legal representative specifically requests that the
creditor use medical information in determining the consumer's
eligibility, or continued eligibility, for credit, to accommodate the
consumer's particular circumstances, and such request is documented by
the creditor;
(vii) Consistent with safe and sound practices, to determine
whether the provisions of a forbearance practice or program that is
triggered by a medical event or condition apply to a consumer;
(viii) To determine the consumer's eligibility for, the triggering
of, or the reactivation of a debt cancellation contract or debt
suspension agreement if a medical condition or event is a triggering
event for the provision of benefits under the contract or agreement; or
(ix) To determine the consumer's eligibility for, the triggering
of, or the reactivation of a credit insurance product if a medical
condition or event is a triggering event for the provision of benefits
under the product.
(2) Example of determining eligibility for a special credit program
or credit assistance program. A not-for-profit organization establishes
a credit assistance program pursuant to a written plan that is designed
to assist disabled veterans in purchasing homes by subsidizing the down
payment for the home purchase mortgage loans of qualifying veterans.
The organization works through mortgage lenders and requires mortgage
lenders to obtain medical information about the disability of any
consumer that seeks to qualify for the program, use that information to
verify the consumer's eligibility for the program, and forward that
information to the organization. A consumer who is a veteran applies to
a creditor for a home purchase mortgage loan. The creditor informs the
consumer about the credit assistance program for disabled veterans and
the consumer seeks to qualify for the program. Assuming that the
program complies with all applicable law, including applicable fair
lending laws, the creditor may obtain and use medical information about
the medical condition and disability, if any, of the consumer to
determine whether the consumer qualifies for the credit assistance
program.
(3) Examples of verifying the medical purpose of the loan or the
use of proceeds. (i) If a consumer applies for
[[Page 33992]]
$10,000 of credit for the purpose of financing vision correction
surgery, the creditor may verify with the surgeon that the procedure
will be performed. If the surgeon reports that surgery will not be
performed on the consumer, the creditor may use that medical
information to deny the consumer's application for credit, because the
loan would not be used for the stated purpose.
(ii) If a consumer applies for $10,000 of credit for the purpose of
financing cosmetic surgery, the creditor may confirm the cost of the
procedure with the surgeon. If the surgeon reports that the cost of the
procedure is $5,000, the creditor may use that medical information to
offer the consumer only $5,000 of credit.
(iii) A creditor has an established medical loan program for
financing particular elective surgical procedures. The creditor
receives a loan application from a consumer requesting $10,000 of
credit under the established loan program for an elective surgical
procedure. The consumer indicates on the application that the purpose
of the loan is to finance an elective surgical procedure not eligible
for funding under the guidelines of the established loan program. The
creditor may deny the consumer's application because the purpose of the
loan is not for a particular procedure funded by the established loan
program.
(4) Examples of obtaining and using medical information at the
request of the consumer. (i) If a consumer applies for a loan and
specifically requests that the creditor consider the consumer's medical
disability at the relevant time as an explanation for adverse payment
history information in his credit report, the creditor may consider
such medical information in evaluating the consumer's willingness and
ability to repay the requested loan to accommodate the consumer's
particular circumstances, consistent with safe and sound practices. The
creditor may also decline to consider such medical information to
accommodate the consumer, but may evaluate the consumer's application
in accordance with its otherwise applicable underwriting criteria. The
creditor may not deny the consumer's application or otherwise treat the
consumer less favorably because the consumer specifically requested a
medical accommodation, if the creditor would have extended the credit
or treated the consumer more favorably under the creditor's otherwise
applicable underwriting criteria.
(ii) If a consumer applies for a loan by telephone and explains
that his income has been and will continue to be interrupted on account
of a medical condition and that he expects to repay the loan by
liquidating assets, the creditor may, but is not required to, evaluate
the application using the sale of assets as the primary source of
repayment, consistent with safe and sound practices, provided that the
creditor documents the consumer's request by recording the oral
conversation or making a notation of the request in the consumer's
file.
(iii) If a consumer applies for a loan and the application form
provides a space where the consumer may provide any other information
or special circumstances, whether medical or non-medical, that the
consumer would like the creditor to consider in evaluating the
consumer's application, the creditor may use medical information
provided by the consumer in that space on that application to
accommodate the consumer's application for credit, consistent with safe
and sound practices, or may disregard that information.
(iv) If a consumer specifically requests that the creditor use
medical information in determining the consumer's eligibility, or
continued eligibility, for credit and provides the creditor with
medical information for that purpose, and the creditor determines that
it needs additional information regarding the consumer's circumstances,
the creditor may request, obtain, and use additional medical
information about the consumer as necessary to verify the information
provided by the consumer or to determine whether to make an
accommodation for the consumer. The consumer may decline to provide
additional information, withdraw the request for an accommodation, and
have the application considered under the creditor's otherwise
applicable underwriting criteria.
(v) If a consumer completes and signs a credit application that is
not for medical purpose credit and the application contains boilerplate
language that routinely requests medical information from the consumer
or that indicates that by applying for credit the consumer authorizes
or consents to the creditor obtaining and using medical information in
connection with a determination of the consumer's eligibility, or
continued eligibility, for credit, the consumer has not specifically
requested that the creditor obtain and use medical information to
accommodate the consumer's particular circumstances.
(5) Example of a forbearance practice or program. After an
appropriate safety and soundness review, a creditor institutes a
program that allows consumers who are or will be hospitalized to defer
payments as needed for up to three months, without penalty, if the
credit account has been open for more than one year and has not
previously been in default, and the consumer provides confirming
documentation at an appropriate time. A consumer is hospitalized and
does not pay her bill for a particular month. This consumer has had a
credit account with the creditor for more than one year and has not
previously been in default. The creditor attempts to contact the
consumer and speaks with the consumer's spouse, who is not the
consumer's legal representative. The spouse informs the creditor that
the consumer is hospitalized and is unable to pay the bill at that
time. The creditor defers payments for up to three months, without
penalty, for the hospitalized consumer and sends the consumer a letter
confirming this practice and the date on which the next payment will be
due.
Sec. 571.31 Limits on redisclosure of information.
(a) Scope. This section applies to savings associations and federal
savings association operating subsidiaries.
(b) Limits on redisclosure. If a person described in paragraph (a)
of this section receives medical information about a consumer from a
consumer reporting agency or its affiliate, the person must not
disclose that information to any other person, except as necessary to
carry out the purpose for which the information was initially
disclosed, or as otherwise permitted by statute, regulation, or order.
Sec. 571.32 Sharing medical information with affiliates.
(a) Scope. This section applies to savings associations and Federal
savings association operating subsidiaries.
(b) In general. The exclusions from the term ``consumer report'' in
section 603(d)(2) of the Act that allow the sharing of information with
affiliates do not apply if a person described in paragraph (a) of this
section communicates to an affiliate--
(1) Medical information;
(2) An individualized list or description based on the payment
transactions of the consumer for medical products or services; or
(3) An aggregate list of identified consumers based on payment
transactions for medical products or services.
(c) Exceptions. A person described in paragraph (a) of this section
may rely on
[[Page 33993]]
the exclusions from the term ``consumer report'' in section 603(d)(2)
of the Act to communicate the information in paragraph (b) of this
section to an affiliate--
(1) In connection with the business of insurance or annuities
(including the activities described in section 18B of the model Privacy
of Consumer Financial and Health Information Regulation issued by the
National Association of Insurance Commissioners, as in effect on
January 1, 2003);
(2) For any purpose permitted without authorization under the
regulations promulgated by the Department of Health and Human Services
pursuant to the Health Insurance Portability and Accountability Act of
1996 (HIPAA);
(3) For any purpose referred to in section 1179 of HIPAA;
(4) For any purpose described in section 502(e) of the Gramm-Leach-
Bliley Act;
(5) In connection with a determination of the consumer's
eligibility, or continued eligibility, for credit consistent with Sec.
571.30; or
(6) As otherwise permitted by order of the OTS.
National Credit Union Administration
0
For the reasons set out in the preamble, 12 CFR chapter VII is amended
as follows:
PART 717--FAIR CREDIT REPORTING
0
1. Revise the authority citation for part 717 to read as follows:
Authority: 15 U.S.C. 1681a, 1681b, 1681s, 1681w, 6801 and 6805.
0
2. Amend part 717 by revising subpart A to read as follows:
Subpart A--General Provisions
Sec.
717.1 Purpose.
717.2 Examples.
717.3 Definitions.
Subpart A--General Provisions
Sec. 717.1 Purpose.
(a) Purpose. The purpose of this part is to establish standards for
Federal credit unions regarding consumer report information. In
addition, the purpose of this part is to specify the extent to which
Federal credit unions may obtain, use or share certain information.
This part also contains a number of measures Federal credit unions must
take to combat consumer fraud and related crimes, including identity
theft.
(b) [Reserved]
Sec. 717.2 Examples.
The examples in this part are not exclusive. Compliance with an
example, to the extent applicable, constitutes compliance with this
part. Examples in a paragraph illustrate only the issue described in
the paragraph and do not illustrate any other issue that may arise in
this part.
Sec. 717.3 Definitions.
As used in this part, unless the context requires otherwise:
(a) Act means the Fair Credit Reporting Act (15 U.S.C. 1681 et
seq.).
(b) Affiliate means any company that is related by common ownership
or common corporate control with another company. For example, an
affiliate of a Federal credit union is a credit union service
corporation (CUSO), as provided in 12 CFR part 712, that is controlled
by the Federal credit union.
(c) [Reserved]
(d) Company means any corporation, limited liability company,
business trust, general or limited partnership, association, or similar
organization.
(e) Consumer means an individual.
(f) [Reserved]
(g) [Reserved]
(h) [Reserved]
(i) Common ownership or common corporate control means a
relationship between two companies under which:
(1) One company has, with respect to the other company:
(i) Ownership, control, or power to vote 25 percent or more of the
outstanding shares of any class of voting security of a company,
directly or indirectly, or acting through one or more other persons;
(ii) Control in any manner over the election of a majority of the
directors, trustees, or general partners (or individuals exercising
similar functions) of a company; or
(iii) The power to exercise, directly or indirectly, a controlling
influence over the management or policies of a company, as the NCUA
determines; or
(iv) Example. NCUA will presume a credit union has a controlling
influence over the management or policies of a CUSO, if the CUSO is 67%
owned by credit unions.
(2) Any other person has, with respect to both companies, a
relationship described in paragraphs (i)(1)(i)-(i)(1)(iii) of this
section.
(j) [Reserved]
(k) Medical information means:
(l) Information or data, whether oral or recorded, in any form or
medium, created by or derived from a health care provider or the
consumer, that relates to--
(i) The past, present, or future physical, mental, or behavioral
health or condition of an individual;
(ii) The provision of health care to an individual; or
(iii) The payment for the provision of health care to an
individual.
(2) The term does not include:
(i) The age or gender of a consumer;
(ii) Demographic information about the consumer, including a
consumer's residence address or e-mail address;
(iii) Any other information about a consumer that does not relate
to the physical, mental, or behavioral health or condition of a
consumer, including the existence or value of any insurance policy; or
(iv) Information that does not identify a specific consumer.
(l) Person means any individual, partnership, corporation, trust,
estate cooperative, association, government or governmental subdivision
or agency, or other entity.
0
3. Subpart D is added to part 717 to read as follows:
Subpart D--Medical Information
Sec. 717.30 Obtaining or using medical information in connection with
a determination of eligibility for credit.
(a) Scope. This section applies to:
(1) A Federal credit union that participates as a creditor in a
transaction; or
(2) Any other person that participates as a creditor in a
transaction involving a person described in paragraph (1).
(b) General prohibition on obtaining or using medical information.
(1) In general. A creditor may not obtain or use medical information
pertaining to a consumer in connection with any determination of the
consumer's eligibility, or continued eligibility, for credit, except as
provided in this section.
(2) Definitions. (i) Credit has the same meaning as in section 702
of the Equal Credit Opportunity Act, 15 U.S.C. 1691a.
(ii) Creditor has the same meaning as in section 702 of the Equal
Credit Opportunity Act, 15 U.S.C. 1691a.
(iii) Eligibility, or continued eligibility, for credit means the
consumer's qualification or fitness to receive, or continue to receive,
credit, including the terms on which credit is offered. The term does
not include:
(A) Any determination of the consumer's qualification or fitness
for employment, insurance (other than a credit insurance product), or
other non-credit products or services;
(B) Authorizing, processing, or documenting a payment or
transaction on behalf of the consumer in a manner that does not involve
a determination of the consumer's eligibility, or continued
eligibility, for credit; or
(C) Maintaining or servicing the consumer's account in a manner
that
[[Page 33994]]
does not involve a determination of the consumer's eligibility, or
continued eligibility, for credit.
(c) Rule of construction for obtaining and using unsolicited
medical information. (1) In general. A creditor does not obtain medical
information in violation of the prohibition if it receives medical
information pertaining to a consumer in connection with any
determination of the consumer's eligibility, or continued eligibility,
for credit without specifically requesting medical information.
(2) Use of unsolicited medical information. A creditor that
receives unsolicited medical information in the manner described in
paragraph (1) may use that information in connection with any
determination of the consumer's eligibility, or continued eligibility,
for credit to the extent the creditor can rely on at least one of the
exceptions in Sec. 717.30(d) or (e).
(3) Examples. A creditor does not obtain medical information in
violation of the prohibition if, for example:
(i) In response to a general question regarding a consumer's debts
or expenses, the creditor receives information that the consumer owes a
debt to a hospital.
(ii) In a conversation with the creditor's loan officer, the
consumer informs the creditor that the consumer has a particular
medical condition.
(iii) In connection with a consumer's application for an extension
of credit, the creditor requests a consumer report from a consumer
reporting agency and receives medical information in the consumer
report furnished by the agency even though the creditor did not
specifically request medical information from the consumer reporting
agency.
(d) Financial information exception for obtaining and using medical
information.
(1) In general. A creditor may obtain and use medical information
pertaining to a consumer in connection with any determination of the
consumer's eligibility, or continued eligibility, for credit so long
as:
(i) The information is the type of information routinely used in
making credit eligibility determinations, such as information relating
to debts, expenses, income, benefits, assets, collateral, or the
purpose of the loan, including the use of proceeds;
(ii) The creditor uses the medical information in a manner and to
an extent that is no less favorable than it would use comparable
information that is not medical information in a credit transaction;
and
(iii) The creditor does not take the consumer's physical, mental,
or behavioral health, condition or history, type of treatment, or
prognosis into account as part of any such determination.
(2) Examples. (i) Examples of the types of information routinely
used in making credit eligibility determinations. Paragraph (d)(1)(i)
of this section permits a creditor, for example, to obtain and use
information about:
(A) The dollar amount, repayment terms, repayment history, and
similar information regarding medical debts to calculate, measure, or
verify the repayment ability of the consumer, the use of proceeds, or
the terms for granting credit;
(B) The value, condition, and lien status of a medical device that
may serve as collateral to secure a loan;
(C) The dollar amount and continued eligibility for disability
income or benefits related to health or a medical condition that is
relied on as a source of repayment; or
(D) The identity of creditors to whom outstanding medical debts are
owed in connection with an application for credit, including but not
limited to, a transaction involving the consolidation of medical debts.
(ii) Examples of uses of medical information consistent with the
exception. (A) A consumer includes on an application for credit
information about two $20,000 debts. One debt is to a hospital; the
other debt is to a retailer. The creditor contacts the hospital and the
retailer to verify the amount and payment status of the debts. The
creditor learns that both debts are more than 90 days past due. Any two
debts of this size that are more than 90 days past due would disqualify
the consumer under the creditor's established underwriting criteria.
The creditor denies the application on the basis that the consumer has
a poor repayment history on outstanding debts. The creditor has used
medical information in a manner and to an extent no less favorable than
it would use comparable non-medical information.
(B) A consumer indicates on an application for a $200,000 mortgage
loan that she receives $15,000 in long-term disability income each year
from her former employer and has no other income. Annual income of
$15,000, regardless of source, would not be sufficient to support the
requested amount of credit. The creditor denies the application on the
basis that the projected debt-to-income ratio of the consumer does not
meet the creditor's underwriting criteria. The creditor has used
medical information in a manner and to an extent that is no less
favorable than it would use comparable non-medical information.
(C) A consumer includes on an application for a $10,000 home equity
loan that he has a $50,000 debt to a medical facility that specializes
in treating a potentially terminal disease. The creditor contacts the
medical facility to verify the debt and obtain the repayment history
and current status of the loan. The creditor learns that the debt is
current. The applicant meets the income and other requirements of the
creditor's underwriting guidelines. The creditor grants the
application. The creditor has used medical information in accordance
with the exception.
(iii) Examples of uses of medical information inconsistent with the
exception. (A) A consumer applies for $25,000 of credit and includes on
the application information about a $50,000 debt to a hospital. The
creditor contacts the hospital to verify the amount and payment status
of the debt, and learns that the debt is current and that the consumer
has no delinquencies in her repayment history. If the existing debt
were instead owed to a retail department store, the creditor would
approve the application and extend credit based on the amount and
repayment history of the outstanding debt. The creditor, however,
denies the application because the consumer is indebted to a hospital.
The creditor has used medical information, here the identity of the
medical creditor, in a manner and to an extent that is less favorable
than it would use comparable non-medical information.
(B) A consumer meets with a loan officer of a creditor to apply for
a mortgage loan. While filling out the loan application, the consumer
informs the loan officer orally that she has a potentially terminal
disease. The consumer meets the creditor's established requirements for
the requested mortgage loan. The loan officer recommends to the credit
committee that the consumer be denied credit because the consumer has
that disease. The credit committee follows the loan officer's
recommendation and denies the application because the consumer has a
potentially terminal disease. The creditor has used medical information
in a manner inconsistent with the exception by taking into account the
consumer's physical, mental, or behavioral health, condition, or
history, type of treatment, or prognosis as part of a determination of
eligibility or continued eligibility for credit.
(C) A consumer who has an apparent medical condition, such as a
consumer who uses a wheelchair or an oxygen
[[Page 33995]]
tank, meets with a loan officer to apply for a home equity loan. The
consumer meets the creditor's established requirements for the
requested home equity loan and the creditor typically does not require
consumers to obtain a debt cancellation contract, debt suspension
agreement, or credit insurance product in connection with such loans.
However, based on the consumer's apparent medical condition, the loan
officer recommends to the credit committee that credit be extended to
the consumer only if the consumer obtains a debt cancellation contract,
debt suspension agreement, or credit insurance product. The credit
committee agrees with the loan officer's recommendation. The loan
officer informs the consumer that the consumer must obtain a debt
cancellation contract, debt suspension agreement, or credit insurance
product to qualify for the loan. The consumer obtains one of these
products from a third party and the creditor approves the loan. The
creditor has used medical information in a manner inconsistent with the
exception by taking into account the consumer's physical, mental, or
behavioral health, condition, or history, type of treatment, or
prognosis in setting conditions on the consumer's eligibility for
credit.
(e) Specific exceptions for obtaining and using medical
information. (1) In general. A creditor may obtain and use medical
information pertaining to a consumer in connection with any
determination of the consumer's eligibility, or continued eligibility,
for credit--
(i) To determine whether the use of a power of attorney or legal
representative that is triggered by a medical event or condition is
necessary and appropriate or whether the consumer has the legal
capacity to contract when a person seeks to exercise a power of
attorney or act as legal representative for a consumer based on an
asserted medical event or condition;
(ii) To comply with applicable requirements of local, State, or
Federal laws;
(iii) To determine, at the consumer's request, whether the consumer
qualifies for a legally permissible special credit program or credit-
related assistance program that is--
(A) Designed to meet the special needs of consumers with medical
conditions; and
(B) Established and administered pursuant to a written plan that--
(1) Identifies the class of persons that the program is designed to
benefit; and
(2) Sets forth the procedures and standards for extending credit or
providing other credit-related assistance under the program.
(iv) To the extent necessary for purposes of fraud prevention or
detection;
(v) In the case of credit for the purpose of financing medical
products or services, to determine and verify the medical purpose of a
loan and the use of proceeds;
(vi) Consistent with safe and sound practices, if the consumer or
the consumer's legal representative specifically requests that the
creditor use medical information in determining the consumer's
eligibility, or continued eligibility, for credit, to accommodate the
consumer's particular circumstances, and such request is documented by
the creditor;
(vii) Consistent with safe and sound practices, to determine
whether the provisions of a forbearance practice or program that is
triggered by a medical event or condition apply to a consumer;
(viii) To determine the consumer's eligibility for, the triggering
of, or the reactivation of a debt cancellation contract or debt
suspension agreement if a medical condition or event is a triggering
event for the provision of benefits under the contract or agreement; or
(ix) To determine the consumer's eligibility for, the triggering
of, or the reactivation of a credit insurance product if a medical
condition or event is a triggering event for the provision of benefits
under the product.
(2) Example of determining eligibility for a special credit program
or credit assistance program. A not-for-profit organization establishes
a credit assistance program pursuant to a written plan that is designed
to assist disabled veterans in purchasing homes by subsidizing the down
payment for the home purchase mortgage loans of qualifying veterans.
The organization works through mortgage lenders and requires mortgage
lenders to obtain medical information about the disability of any
consumer that seeks to qualify for the program, use that information to
verify the consumer's eligibility for the program, and forward that
information to the organization. A consumer who is a veteran applies to
a creditor for a home purchase mortgage loan. The creditor informs the
consumer about the credit assistance program for disabled veterans and
the consumer seeks to qualify for the program. Assuming that the
program complies with all applicable law, including applicable fair
lending laws, the creditor may obtain and use medical information about
the medical condition and disability, if any, of the consumer to
determine whether the consumer qualifies for the credit assistance
program.
(3) Examples of verifying the medical purpose of the loan or the
use of proceeds. (i) If a consumer applies for $10,000 of credit for
the purpose of financing vision correction surgery, the creditor may
verify with the surgeon that the procedure will be performed. If the
surgeon reports that surgery will not be performed on the consumer, the
creditor may use that medical information to deny the consumer's
application for credit, because the loan would not be used for the
stated purpose.
(ii) If a consumer applies for $10,000 of credit for the purpose of
financing cosmetic surgery, the creditor may confirm the cost of the
procedure with the surgeon. If the surgeon reports that the cost of the
procedure is $5,000, the creditor may use that medical information to
offer the consumer only $5,000 of credit.
(iii) A creditor has an established medical loan program for
financing particular elective surgical procedures. The creditor
receives a loan application from a consumer requesting $10,000 of
credit under the established loan program for an elective surgical
procedure. The consumer indicates on the application that the purpose
of the loan is to finance an elective surgical procedure not eligible
for funding under the guidelines of the established loan program. The
creditor may deny the consumer's application because the purpose of the
loan is not for a particular procedure funded by the established loan
program.
(4) Examples of obtaining and using medical information at the
request of the consumer. (i) If a consumer applies for a loan and
specifically requests that the creditor consider the consumer's medical
disability at the relevant time as an explanation for adverse payment
history information in his credit report, the creditor may consider
such medical information in evaluating the consumer's willingness and
ability to repay the requested loan to accommodate the consumer's
particular circumstances, consistent with safe and sound practices. The
creditor may also decline to consider such medical information to
accommodate the consumer, but may evaluate the consumer's application
in accordance with its otherwise applicable underwriting criteria. The
creditor may not deny the consumer's application or otherwise treat the
consumer less favorably because the consumer specifically requested a
medical accommodation, if the creditor would have extended the credit
or treated the
[[Page 33996]]
consumer more favorably under the creditor's otherwise applicable
underwriting criteria.
(ii) If a consumer applies for a loan by telephone and explains
that his income has been and will continue to be interrupted on account
of a medical condition and that he expects to repay the loan by
liquidating assets, the creditor may, but is not required to, evaluate
the application using the sale of assets as the primary source of
repayment, consistent with safe and sound practices, provided that the
creditor documents the consumer's request by recording the oral
conversation or making a notation of the request in the consumer's
file.
(iii) If a consumer applies for a loan and the application form
provides a space where the consumer may provide any other information
or special circumstances, whether medical or non-medical, that the
consumer would like the creditor to consider in evaluating the
consumer's application, the creditor may use medical information
provided by the consumer in that space on that application to
accommodate the consumer's application for credit, consistent with safe
and sound practices, or may disregard that information.
(iv) If a consumer specifically requests that the creditor use
medical information in determining the consumer's eligibility, or
continued eligibility, for credit and provides the creditor with
medical information for that purpose, and the creditor determines that
it needs additional information regarding the consumer's circumstances,
the creditor may request, obtain, and use additional medical
information about the consumer as necessary to verify the information
provided by the consumer or to determine whether to make an
accommodation for the consumer. The consumer may decline to provide
additional information, withdraw the request for an accommodation, and
have the application considered under the creditor's otherwise
applicable underwriting criteria.
(v) If a consumer completes and signs a credit application that is
not for medical purpose credit and the application contains boilerplate
language that routinely requests medical information from the consumer
or that indicates that by applying for credit the consumer authorizes
or consents to the creditor obtaining and using medical information in
connection with a determination of the consumer's eligibility, or
continued eligibility, for credit, the consumer has not specifically
requested that the creditor obtain and use medical information to
accommodate the consumer's particular circumstances.
(5) Example of a forbearance practice or program. After an
appropriate safety and soundness review, a creditor institutes a
program that allows consumers who are or will be hospitalized to defer
payments as needed for up to three months, without penalty, if the
credit account has been open for more than one year and has not
previously been in default, and the consumer provides confirming
documentation at an appropriate time. A consumer is hospitalized and
does not pay her bill for a particular month. This consumer has had a
credit account with the creditor for more than one year and has not
previously been in default. The creditor attempts to contact the
consumer and speaks with the consumer's adult child, who is not the
consumer's legal representative. The adult child informs the creditor
that the consumer is hospitalized and is unable to pay the bill at that
time. The creditor defers payments for up to three months, without
penalty, for the hospitalized consumer and sends the consumer a letter
confirming this practice and the date on which the next payment will be
due.
Sec. 717.31 Limits on redisclosure of information.
(a) Scope. This section applies to Federal credit unions.
(b) Limits on redisclosure. If a Federal credit union receives
medical information about a consumer from a consumer reporting agency
or its affiliate, the person must not disclose that information to any
other person, except as necessary to carry out the purpose for which
the information was initially disclosed, or as otherwise permitted by
statute, regulation, or order.
Sec. 717.32 Sharing medical information with affiliates.
(a) Scope. This section applies to Federal credit unions.
(b) In general. The exclusions from the term ``consumer report'' in
section 603(d)(2) of the Act that allow the sharing of information with
affiliates do not apply if a Federal credit union communicates to an
affiliate--
(1) Medical information;
(2) An individualized list or description based on the payment
transactions of the consumer for medical products or services; or
(3) An aggregate list of identified consumers based on payment
transactions for medical products or services.
(c) Exceptions. A Federal credit union may rely on the exclusions
from the term ``consumer report'' in section 603(d)(2) of the Act to
communicate the information in paragraph (b) to an affiliate--
(1) In connection with the business of insurance or annuities
(including the activities described in section 18B of the model Privacy
of Consumer Financial and Health Information Regulation issued by the
National Association of Insurance Commissioners, as in effect on
January 1, 2003);
(2) For any purpose permitted without authorization under the
regulations promulgated by the Department of Health and Human Services
pursuant to the Health Insurance Portability and Accountability Act of
1996 (HIPAA);
(3) For any purpose referred to in section 1179 of HIPAA;
(4) For any purpose described in section 502(e) of the Gramm-Leach-
Bliley Act;
(5) In connection with a determination of the consumer's
eligibility, or continued eligibility, for credit consistent with Sec.
717.30; or
(6) As otherwise permitted by order of the NCUA.
By order of the Board of Governors of the Federal Reserve
System, June 2, 2005.
Jennifer J. Johnson,
Secretary of the Board.
Dated: May 25, 2005.
Julie L. Williams,
Acting Comptroller of the Currency.
Dated at Washington, DC, this 16th day of May, 2005.
By order of the Board of Directors.
Federal Deposit Insurance Corporation.
Robert E. Feldman,
Executive Secretary.
Dated: May 19, 2005.
By the Office of Thrift Supervision.
Richard M. Riccobono,
Acting Director.
By the National Credit Union Administration Board on June 1,
2005.
Mary F. Rupp,
Secretary of the Board.
[FR Doc. 05-11356 Filed 6-9-05; 8:45 am]
BILLING CODE 4810-33-P