Paubox News | HIPAA Compliance, Email Security and Healthcare Tech

Illinois court rules healthcare workers exempt from biometric privacy law

Written by Abby Grifno | December 06, 2023

The Illinois Supreme Court recently ruled that the state’s biometric information privacy law would not apply to healthcare workers if used in a HIPAA compliant capacity. 

 

What happened

In a case that went to the Illinois Supreme Court, two nurses sued their employer, the Ingalls Memorial Hospital, alleging that the hospitals’ use of fingerprint-enabled medication storage violated the Illinois Biometric Information Privacy Act (BIPA). BIPA, which requires individuals to be notified if their fingerprints are collected or stored, is one of the strictest laws regarding biometric information. 

The hospital, however, argued that they were exempt from BIPA because the biometric information stored was required for healthcare treatment, operations, or payment and therefore protected under HIPAA, a federal act superseding state provisions. 

While an appellate court sided with the nurses, the Illinois Supreme Court reversed the decision. It ruled in favor of the hospital, stating that HIPAA allowed the hospital to collect employee biometric data without notifying employees. 

 

What was said

According to one report, the nurses’ attorney, Jim Zouras, claimed that the ruling would negatively impact many in the workforce: “The General Assembly decided that as much as 10 percent of the Illinois workforce should have no biometric privacy protection whatsoever simply by virtue of working in the healthcare field.” 

In the Court's Opinion, Justice David K. Overstreet wrote that “the nurses’ biometric information, as alleged in the complaints, was collected, used, and stored to access medications and medical supplies for patient healthcare treatment and is excluded from coverage under the Act because it is ‘information collected, used, or stored for healthcare treatment, payment, or operations under [HIPAA].’”

The Illinois Health and Hospital Association was pleased with the court’s findings. Spokesperson Paris Ervin said, “Today’s decision correctly interprets that the legislature intended an exemption for biometric information…We are pleased that today’s decision will allow hospitals and healthcare providers to focus on what they do best–care for their patients and communities.”

 

Why it matters

As biotechnology continues to develop, lawsuits have also become rampant. Few states have adopted as specific laws as Illinois, which also grants individuals the right to sue non-compliant companies. 

In healthcare, biotechnology is frequently used to monitor access to medication and supplies. While some claim it violates BIPA, the technology has been steadily used in the medical field for around 15 years.   

 

The big picture

Cases like this are a reminder that HIPAA takes precedence over state laws. As new technology emerges or continues to be rolled out, companies must ensure that technology is used in a HIPAA compliant capacity. 

Related: HIPAA Compliant Email: The Definitive Guide