On November 30, 2023, the Illinois Supreme Court issued a much-anticipated decision in Mosby v. The Ingalls Memorial Hospital, answering a certified question about whether biometric information collected from health care workers is protected by the Illinois Biometric Information Privacy Act (BIPA) if that information is used for purposes related to health care treatment, payment, or operations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Court ruled that when health care worker data is collected for purposes of health care treatment, payment, or operations under HIPAA, the information is excluded from protection under BIPA.
Mosby involved a putative class action claim brought by nurses whose biometric information allegedly was collected to identify them before dispensing medication to patients. The trial court and Illinois Appellate Court had ruled that these collections were covered by BIPA because BIPA’s exclusions for “health care treatment, payment, or operations under HIPAA” were directed at protecting patient data, not health care worker data.
Continue Reading Illinois Supreme Court: Collection of Biometric Data for Health Care Treatment, Payment, or Operations Is Exempt from BIPA