PROCESSING PAYMENT TRANSACTIONS BY FINANCIAL INSTITUTIONS
Sec. 1179. [42 U.S.C. 1320d–8] To the extent that an entity is engaged in activities of a financial institution (as defined in section 1101 of the Right to Financial Privacy Act of 1978), or is engaged in authorizing, processing, clearing, settling, billing, transferring, reconciling, or collecting payments, for a financial institution, this part, and any standard adopted under this part, shall not apply to the entity with respect to such activities, including the following:
(1) The use or disclosure of information by the entity for authorizing, processing, clearing, settling, billing, transferring, reconciling or collecting, a payment for, or related to, health plan premiums or health care, where such payment is made by any means, including a credit, debit, or other payment card, an account, check, or electronic funds transfer.
(2) The request for, or the use of disclosure of, information by the entity with respect to a payment described in paragraph (1)—
(A) for transferring receivables;
(B) for auditing;
(C) in connection with—
(i) a customer dispute; or
(ii) an inquiry from, or to, a customer;
(D) in a communication to a customer of the entity regarding the customer’s transactions, payment card, account, check, or electronic funds transfer;
(E) for reporting to consumer reporting agencies; or
(F) for complying with—
(i) a civil or criminal subpoena; or
(ii) a Federal or State law regulating the entity.