Illinois Biometric Information Privacy Act Compliance — Jackson LLP: Healthcare Lawyers, Attorneys, Consultants, Firm

Illinois maintains one of the nation’s strictest biometric collection laws, called the Illinois Biometric Information Privacy Act. Jackson LLP’s attorneys guide healthcare providers through the process of compliance with this law, including establishing stringent policies to govern their practice’s collection of this information.

The Illinois Biometric Information Privacy Act (BIPA) was enacted in 2008, and it governs all biometrics collection. Biometrics include fingerprints, DNA, gestures, gait, typing rhythm, voice prints, palm vein patterns, and facial features – just to name a few. For healthcare providers collecting identifiable data about their patients, this typically includes DNA data (for genetic counselors), gait patterns (for physical therapists or rehab centers), voice data (for speech therapists), palm vein patterns (for dermatologists), and facial features (for practices using patient photos to verify identity at check-in). Some healthcare entities also use biometrics like an employee’s fingerprint to handle clock-in and clock-out procedures, rather than the seemingly antiquated employee ID card. While these methods may improve the accuracy of your practice’s employee monitoring, they must be implemented within BIPA’s confines.

BIPA requires that entities collecting the biometric data of Illinois’ residents first obtain informed consent. The law also imposes strict restrictions upon a company’s disclosure, protection, and usage of that information. Most worrisome to our clients, BIPA has recently become a common source of class-action lawsuits in Illinois, and the law provides steep statutory damages for even accidental (negligent) violations.

At a minimum, companies are typically required to protect biometric information to the same degree that they protect other sensitive information in their possession. For healthcare providers, this may mean implementing biometric data protection policies that parallel their HIPAA policies, consider which third parties may also have access to the data, and create internal audit procedures to evaluate the adequacy of their protections. To read a recent discussion with a Chicago-based law professor about BIPA on NPR’s All Things Considered, click here.

Ready to schedule your free attorney consultation to discuss your biometric collection practices? Call our office at (847) 440-5028 or click the button below.

Free Attorney Consultation

Book Now