SPRINGFIELD, Ill. (IRN) — The health care industry is exempt from Illinois’ strict Biometric Information Privacy Act because of the Health Insurance Portability and Accountability Act, also known as HIPAA, according to a unanimous Illinois Supreme Court decision.
BIPA was enacted in 2008 and prohibits the use of anyone’s biometric information like a face scan or fingerprint without the individuals’ explicit permission. The law has been used in class action settlements against social media companies like Facebook. White Castle employees used the law to challenge that company’s policy of using fingerprints in the workplace.
In September, the Illinois Supreme Court heard from health care staff suing hospitals as represented by Attorney James Zouras, who argued HIPAA has nothing to do with BIPA.
“If the defendant is correct, that means that the General Assembly decided as much as 10% of the Illinois workforce should not have biometric privacy protections whatsoever simply by working in the health care field,” Zouras said.
Attorney Bonnie DelGobbo, representing a health care system, said BIPA excludes health care workers because of HIPAA.
“Health care providers’ use of automated dispensing cabinets to access medications and medical supplies to treat patients is unquestionably health care treatment under HIPAA,” she said.
In a unanimous decision released Thursday, the Illinois Supreme Court agreed.
“A health care worker’s biometric information, used to permit access to medication dispensing stations for patient care, falls under ‘information collected, used, or stored for health care treatment, payment, or operations under [HIPAA]’ and is exempt from the Act’s protections pursuant to section 10 of the Act,” the decision said.
The Illinois Supreme Court reversed a lower court’s ruling and remanded the case back to the circuit court for further proceedings.
By GREG BISHOP for the Illinois Radio Network