Does US privacy regulation trump a state’s biometrics law? Supreme Court to decide
The U.S. state of Illinois’ Supreme Court is hearing another biometric privacy case, this one brought by health care workers who feel their employers forced them to use fingerprint sensors without consent.
The plaintiffs, who have worked for two Chicago-area hospitals, say that the state’s Biometric Information Privacy Act protects them from being forced to submit their biometric data the same as any private-sector employees in the state are protected.
The defendants include University of Chicago’s Ingalls Memorial Hospital, Northwestern Memorial Healthcare and medical device maker Becton, Dickinson.
They claim that they are not covered by BIPA because the law exempts health care workers. In this case, employees were required to use fingerprints to access automatic medicine-dispensing cabinets.
Lawmakers crafting BIPA created protection exclusions for some classes of biometric data, including data related to the federal Health Insurance Portability and Accountability Act. HIPPA is one of the very few U.S. laws protecting a broad and vital vein of information, a person’s health data.
The question is, does HIPPA allow a health care company to require employees’ fingerprints because doing so falls under the BIPA exclusion for health care data involved in treatment, payment or operations?
The plaintiffs say HIPPA protects patient data and health care workers as a class were not explicitly mentioned as being exempted from protection under BIPA. They argue that according to the defense’s logic, a hospital garage fee taker cannot be protected at work by BIPA, according to coverage by trade publication Law360.