Skip Header

Federal Deposit
Insurance Corporation

Each depositor insured to at least $250,000 per insured bank

Home > News & Events > Inactive Financial Institution Letters

Inactive Financial Institution Letters

Medical Privacy Regulations Under the Fair and Accurate Credit Transactions Act of 2003

April 28, 2004

TO: CHIEF EXECUTIVE OFFICER (also of interest to Compliance Officer)
SUBJECT: Notice of Proposed Rulemaking Regarding Medical Privacy (Part 334 of the FDIC's Rules and Regulations)
Summary: The FDIC and other financial institution regulatory agencies are soliciting comment on proposed rules that implement section 411 of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act). Except as permitted by the appropriate regulators, section 411 prohibits creditors from obtaining or using medical information to make credit determinations. Except as permitted by the regulators or the FACT Act itself, section 411 treats medical information as a credit report when a creditor shares it with an affiliate. The attached notice of proposed rulemaking proposes the exceptions to section 411 that will be permitted by the regulatory agencies. The agencies are seeking comment on all aspects of the exceptions proposed. Comments are due by May 28, 2004.

The Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, the Office of Thrift Supervision, and the National Credit Union Administration are seeking comment on the attached proposed rules that implement section 411 of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act). Comments are due by May 28, 2004.

The FACT Act was signed into law on December 4, 2003. In general, the FACT Act amends the Fair Credit Reporting Act (FCRA) to enhance the ability of consumers to combat identity theft, increase the accuracy of consumer reports, and allow consumers to exercise greater control regarding the type and number of marketing solicitations they receive. To promote increasingly efficient national credit markets, the FACT Act establishes uniform national standards in key areas of regulation regarding consumer report information. The FACT Act authorizes a number of regulations on a variety of measures covered in the Act. The attached notice of proposed rulemaking (NPR) is authorized by section 411 of that Act.

The NPR addresses two distinct issues. First, section 411 states that a creditor may not obtain or use a consumer's medical information, as defined in the Act, in connection with a determination of a consumer's eligibility, or continued eligibility, for credit. The statute itself contains no exceptions to the prohibition, but requires that the regulatory agencies publish rules setting forth those exceptions "determined to be necessary and appropriate to protect legitimate operational, transactional, risk, consumer, and other needs." Second, section 411 states that when affiliates share certain medical information, that information will be considered a consumer report under the FCRA. Section 411 sets forth certain exceptions, but authorizes the regulatory agencies to draft additional exceptions for entities under their respective jurisdictions.

The agencies request comment on all aspects of the proposed exceptions, in terms of whether the exceptions are sufficiently broad or, instead, overbroad; whether the examples provided for these exceptions are necessary and, if so, are sufficiently clear; and whether the definitions provided in the regulations assist in implementing the exceptions.

Written comments may be sent to Robert E. Feldman, Executive Secretary, Attention: Comments/Executive Secretary Section, Federal Deposit Insurance Corporation, 550 17th Street, NW, Washington, DC 20429. Comments also may be mailed electronically to Comments may be hand-delivered to the guard station at the rear of the 17th Street building (located on F Street) on business days between 7 a.m. and 5 p.m. Comments also may be faxed to (202) 898-3838. For more information, please contact Patricia Cashman, Senior Policy Analyst, Division of Supervision and Consumer Protection (DSC), on (202) 898-6534; David Lafleur, Policy Analyst, DSC, on (202) 898-6569; or Robert Patrick on (202) 898-3757 or Richard Schwartz on (202) 898-7424, Counsels in the Legal Division.

For your reference, FDIC Financial Institution Letters may be accessed on the FDIC's Web site at To learn how to automatically receive FDIC Financial Institution Letters through e-mail, please visit

Michael J. Zamorski
Division of Supervision and Consumer Protection

# # #


Distribution: FDIC-Supervised Banks (Commercial and Savings)

NOTE: Paper copies of FDIC financial institution letters may be obtained through the FDIC’s Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (1-877-275-3342 or (703) 562-2200).

Last Updated 4/28/2004

Skip Footer back to content