(205 ILCS 5/48.1) (from Ch. 17, par. 360)
    Sec. 48.1. Customer financial records; confidentiality.
    (a) For the purpose of this Section, the term "financial records" means any original, any copy, or any summary of:
        (1) a document granting signature authority over a
    
deposit or account;
        (2) a statement, ledger card or other record on any
    
deposit or account, which shows each transaction in or with respect to that account;
        (3) a check, draft or money order drawn on a bank or
    
issued and payable by a bank; or
        (4) any other item containing information pertaining
    
to any relationship established in the ordinary course of a bank's business between a bank and its customer, including financial statements or other financial information provided by the customer.
    (b) This Section does not prohibit:
        (1) The preparation, examination, handling or
    
maintenance of any financial records by any officer, employee or agent of a bank having custody of the records, or the examination of the records by a certified public accountant engaged by the bank to perform an independent audit.
        (2) The examination of any financial records by, or
    
the furnishing of financial records by a bank to, any officer, employee or agent of (i) the Commissioner of Banks and Real Estate, (ii) after May 31, 1997, a state regulatory authority authorized to examine a branch of a State bank located in another state, (iii) the Comptroller of the Currency, (iv) the Federal Reserve Board, or (v) the Federal Deposit Insurance Corporation for use solely in the exercise of his duties as an officer, employee, or agent.
        (3) The publication of data furnished from financial
    
records relating to customers where the data cannot be identified to any particular customer or account.
        (4) The making of reports or returns required under
    
Chapter 61 of the Internal Revenue Code of 1986.
        (5) Furnishing information concerning the dishonor of
    
any negotiable instrument permitted to be disclosed under the Uniform Commercial Code.
        (6) The exchange in the regular course of business of
    
(i) credit information between a bank and other banks or financial institutions or commercial enterprises, directly or through a consumer reporting agency or (ii) financial records or information derived from financial records between a bank and other banks or financial institutions or commercial enterprises for the purpose of conducting due diligence pursuant to a purchase or sale involving the bank or assets or liabilities of the bank.
        (7) The furnishing of information to the appropriate
    
law enforcement authorities where the bank reasonably believes it has been the victim of a crime.
        (8) The furnishing of information under the Revised
    
Uniform Unclaimed Property Act.
        (9) The furnishing of information under the Illinois
    
Income Tax Act and the Illinois Estate and Generation-Skipping Transfer Tax Act.
        (10) The furnishing of information under the federal
    
Currency and Foreign Transactions Reporting Act Title 31, United States Code, Section 1051 et seq.
        (11) The furnishing of information under any other
    
statute that by its terms or by regulations promulgated thereunder requires the disclosure of financial records other than by subpoena, summons, warrant, or court order.
        (12) The furnishing of information about the
    
existence of an account of a person to a judgment creditor of that person who has made a written request for that information.
        (13) The exchange in the regular course of business
    
of information between commonly owned banks in connection with a transaction authorized under paragraph (23) of Section 5 and conducted at an affiliate facility.
        (14) The furnishing of information in accordance with
    
the federal Personal Responsibility and Work Opportunity Reconciliation Act of 1996. Any bank governed by this Act shall enter into an agreement for data exchanges with a State agency provided the State agency pays to the bank a reasonable fee not to exceed its actual cost incurred. A bank providing information in accordance with this item shall not be liable to any account holder or other person for any disclosure of information to a State agency, for encumbering or surrendering any assets held by the bank in response to a lien or order to withhold and deliver issued by a State agency, or for any other action taken pursuant to this item, including individual or mechanical errors, provided the action does not constitute gross negligence or willful misconduct. A bank shall have no obligation to hold, encumber, or surrender assets until it has been served with a subpoena, summons, warrant, court or administrative order, lien, or levy.
        (15) The exchange in the regular course of business
    
of information between a bank and any commonly owned affiliate of the bank, subject to the provisions of the Financial Institutions Insurance Sales Law.
        (16) The furnishing of information to law enforcement
    
authorities, the Illinois Department on Aging and its regional administrative and provider agencies, the Department of Human Services Office of Inspector General, or public guardians: (i) upon subpoena by the investigatory entity or the guardian, or (ii) if there is suspicion by the bank that a customer who is an elderly person or person with a disability has been or may become the victim of financial exploitation. For the purposes of this item (16), the term: (i) "elderly person" means a person who is 60 or more years of age, (ii) "disabled person" means a person who has or reasonably appears to the bank to have a physical or mental disability that impairs his or her ability to seek or obtain protection from or prevent financial exploitation, and (iii) "financial exploitation" means tortious or illegal use of the assets or resources of an elderly or disabled person, and includes, without limitation, misappropriation of the elderly or disabled person's assets or resources by undue influence, breach of fiduciary relationship, intimidation, fraud, deception, extortion, or the use of assets or resources in any manner contrary to law. A bank or person furnishing information pursuant to this item (16) shall be entitled to the same rights and protections as a person furnishing information under the Adult Protective Services Act and the Illinois Domestic Violence Act of 1986.
        (17) The disclosure of financial records or
    
information as necessary to effect, administer, or enforce a transaction requested or authorized by the customer, or in connection with:
            (A) servicing or processing a financial product
        
or service requested or authorized by the customer;
            (B) maintaining or servicing a customer's account
        
with the bank; or
            (C) a proposed or actual securitization or
        
secondary market sale (including sales of servicing rights) related to a transaction of a customer.
        Nothing in this item (17), however, authorizes the
    
sale of the financial records or information of a customer without the consent of the customer.
        (18) The disclosure of financial records or
    
information as necessary to protect against actual or potential fraud, unauthorized transactions, claims, or other liability.
        (19)(A) The disclosure of financial records or
    
information related to a private label credit program between a financial institution and a private label party in connection with that private label credit program. Such information is limited to outstanding balance, available credit, payment and performance and account history, product references, purchase information, and information related to the identity of the customer.
        (B)(1) For purposes of this paragraph (19) of
    
subsection (b) of Section 48.1, a "private label credit program" means a credit program involving a financial institution and a private label party that is used by a customer of the financial institution and the private label party primarily for payment for goods or services sold, manufactured, or distributed by a private label party.
        (2) For purposes of this paragraph (19) of subsection
    
(b) of Section 48.1, a "private label party" means, with respect to a private label credit program, any of the following: a retailer, a merchant, a manufacturer, a trade group, or any such person's affiliate, subsidiary, member, agent, or service provider.
        (20)(A) The furnishing of financial records of a
    
customer to the Department to aid the Department's initial determination or subsequent re-determination of the customer's eligibility for Medicaid and Medicaid long-term care benefits for long-term care services, provided that the bank receives the written consent and authorization of the customer, which shall:
            (1) have the customer's signature notarized;
            (2) be signed by at least one witness who
        
certifies that he or she believes the customer to be of sound mind and memory;
            (3) be tendered to the bank at the earliest
        
practicable time following its execution, certification, and notarization;
            (4) specifically limit the disclosure of the
        
customer's financial records to the Department; and
            (5) be in substantially the following form:
 
CUSTOMER CONSENT AND AUTHORIZATION
FOR RELEASE OF FINANCIAL RECORDS

I, ........................................, hereby authorize 
       (Name of Customer) 
 
............................................................. 
(Name of Financial Institution)
 
............................................................. 
(Address of Financial Institution)
 
to disclose the following financial records:
 
any and all information concerning my deposit, savings, money market, certificate of deposit, individual retirement, retirement plan, 401(k) plan, incentive plan, employee benefit plan, mutual fund and loan accounts (including, but not limited to, any indebtedness or obligation for which I am a co-borrower, co-obligor, guarantor, or surety), and any and all other accounts in which I have an interest and any other information regarding me in the possession of the Financial Institution,
 
to the Illinois Department of Human Services or the Illinois Department of Healthcare and Family Services, or both ("the Department"), for the following purpose(s):
 
to aid in the initial determination or re-determination by the State of Illinois of my eligibility for Medicaid long-term care benefits, pursuant to applicable law.
 
I understand that this Consent and Authorization may be revoked by me in writing at any time before my financial records, as described above, are disclosed, and that this Consent and Authorization is valid until the Financial Institution receives my written revocation. This Consent and Authorization shall constitute valid authorization for the Department identified above to inspect all such financial records set forth above, and to request and receive copies of such financial records from the Financial Institution (subject to such records search and reproduction reimbursement policies as the Financial Institution may have in place). An executed copy of this Consent and Authorization shall be sufficient and as good as the original and permission is hereby granted to honor a photostatic or electronic copy of this Consent and Authorization. Disclosure is strictly limited to the Department identified above and no other person or entity shall receive my financial records pursuant to this Consent and Authorization. By signing this form, I agree to indemnify and hold the Financial Institution harmless from any and all claims, demands, and losses, including reasonable attorneys fees and expenses, arising from or incurred in its reliance on this Consent and Authorization. As used herein, "Customer" shall mean "Member" if the Financial Institution is a credit union.
 
....................... ...................... 
(Date)                  (Signature of Customer)             
 
                         ...................... 
                         ...................... 
                         (Address of Customer) 
 
                         ...................... 
                         (Customer's birth date) 
                         (month/day/year) 
 
The undersigned witness certifies that ................., known to me to be the same person whose name is subscribed as the customer to the foregoing Consent and Authorization, appeared before me and the notary public and acknowledged signing and delivering the instrument as his or her free and voluntary act for the uses and purposes therein set forth. I believe him or her to be of sound mind and memory. The undersigned witness also certifies that the witness is not an owner, operator, or relative of an owner or operator of a long-term care facility in which the customer is a patient or resident.
 
Dated: ................. ...................... 
                         (Signature of Witness) 
 
                         ...................... 
                         (Print Name of Witness) 
 
                         ...................... 
                         ...................... 
                         (Address of Witness) 
 
State of Illinois)
                 ) ss.
County of .......)
 
The undersigned, a notary public in and for the above county and state, certifies that .........., known to me to be the same person whose name is subscribed as the customer to the foregoing Consent and Authorization, appeared before me together with the witness, .........., in person and acknowledged signing and delivering the instrument as the free and voluntary act of the customer for the uses and purposes therein set forth.
 
Dated:........................................................
Notary Public:................................................
My commission expires:........................................
 
        (B) In no event shall the bank distribute the
    
customer's financial records to the long-term care facility from which the customer seeks initial or continuing residency or long-term care services.
        (C) A bank providing financial records of a
    
customer in good faith relying on a consent and authorization executed and tendered in accordance with this paragraph (20) shall not be liable to the customer or any other person in relation to the bank's disclosure of the customer's financial records to the Department. The customer signing the consent and authorization shall indemnify and hold the bank harmless that relies in good faith upon the consent and authorization and incurs a loss because of such reliance. The bank recovering under this indemnification provision shall also be entitled to reasonable attorney's fees and the expenses of recovery.
        (D) A bank shall be reimbursed by the customer for
    
all costs reasonably necessary and directly incurred in searching for, reproducing, and disclosing a customer's financial records required or requested to be produced pursuant to any consent and authorization executed under this paragraph (20). The requested financial records shall be delivered to the Department within 10 days after receiving a properly executed consent and authorization or at the earliest practicable time thereafter if the requested records cannot be delivered within 10 days, but delivery may be delayed until the final reimbursement of all costs is received by the bank. The bank may honor a photostatic or electronic copy of a properly executed consent and authorization.
        (E) Nothing in this paragraph (20) shall impair,
    
abridge, or abrogate the right of a customer to:
            (1) directly disclose his or her financial
        
records to the Department or any other person; or
            (2) authorize his or her attorney or duly
        
appointed agent to request and obtain the customer's financial records and disclose those financial records to the Department.
        (F) For purposes of this paragraph (20),
    
"Department" means the Department of Human Services and the Department of Healthcare and Family Services or any successor administrative agency of either agency.
    (c) Except as otherwise provided by this Act, a bank may not disclose to any person, except to the customer or his duly authorized agent, any financial records or financial information obtained from financial records relating to that customer of that bank unless:
        (1) the customer has authorized disclosure to the
    
person;
        (2) the financial records are disclosed in response
    
to a lawful subpoena, summons, warrant, citation to discover assets, or court order which meets the requirements of subsection (d) of this Section; or
        (3) the bank is attempting to collect an obligation
    
owed to the bank and the bank complies with the provisions of Section 2I of the Consumer Fraud and Deceptive Business Practices Act.
    (d) A bank shall disclose financial records under paragraph (2) of subsection (c) of this Section under a lawful subpoena, summons, warrant, citation to discover assets, or court order only after the bank sends a copy of the subpoena, summons, warrant, citation to discover assets, or court order to the person establishing the relationship with the bank, if living, and, otherwise the person's personal representative, if known, at the person's last known address by first class mail, postage prepaid, through a third-party commercial carrier or courier with delivery charge fully prepaid, by hand delivery, or by electronic delivery at an email address on file with the bank (if the person establishing the relationship with the bank has consented to receive electronic delivery and, if the person establishing the relationship with the bank is a consumer, the person has consented under the consumer consent provisions set forth in Section 7001 of Title 15 of the United States Code), unless the bank is specifically prohibited from notifying the person by order of court or by applicable State or federal law. A bank shall not mail a copy of a subpoena to any person pursuant to this subsection if the subpoena was issued by a grand jury under the Statewide Grand Jury Act.
    (e) Any officer or employee of a bank who knowingly and willfully furnishes financial records in violation of this Section is guilty of a business offense and, upon conviction, shall be fined not more than $1,000.
    (f) Any person who knowingly and willfully induces or attempts to induce any officer or employee of a bank to disclose financial records in violation of this Section is guilty of a business offense and, upon conviction, shall be fined not more than $1,000.
    (g) A bank shall be reimbursed for costs that are reasonably necessary and that have been directly incurred in searching for, reproducing, or transporting books, papers, records, or other data required or requested to be produced pursuant to a lawful subpoena, summons, warrant, citation to discover assets, or court order. The Commissioner shall determine the rates and conditions under which payment may be made.
(Source: P.A. 101-81, eff. 7-12-19; 102-873, eff. 5-13-22.)