In a notable decision issued on November 30, 2023, the Illinois Supreme Court addressed a certified question over the protection of biometric information collected from health care workers under the Illinois Biometric Information Privacy Act (BIPA). The case, Mosby v. The Ingalls Memorial Hospital, revolved around whether biometric data used for health care treatment, payment, or operations is protected under BIPA if it is covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
The case centered on the broader issue of the lawful collection and use of biometric information, an area that has seen increasing regulatory scrutiny as more businesses turn to biometric technology for a range of applications, from timekeeping to security.
The court ruled that the collection of such biometric information is exempt from BIPA’s requirements when it is used for health care treatment, payment or operations, bringing clarity to a significant aspect of the intersection between HIPAA and BIPA.
The ruling could have far-reaching implications. Healthcare organizations regularly collect biometric data as part of treatment, payment, and operations. Consequently, the decision may provide guidance to other jurisdictions grappling with the balance of privacy, technology, and regulatory compliance in relation to the use of biometric information.
The decision is also likely to influence how law firms and businesses manage and advise on the collection, sharing, and use of biometric data going forward.