Biometrics in Nursing Homes. Huh?

To be honest, when I first thought of biometrics, images of flying cars and killer robots popped into my head. As it turns out, none of my imaginations had anything to do with biometrics. However, if there’s anything I did get right, it’s that biometrics are a wave of the future. In fact, biometrics are being used right now in long-term post-acute care (LTPAC) centers to keep track of employee hours.

Biometrics simply refers to measuring and authenticating unique human features. Biometric scanners can capture the unique data associated with features such as fingerprints and facial structure. One Illinois nursing home used this technology to record the attendance of their employees. Each employee was required to scan their fingers when beginning and ending their shifts.

The State of Illinois has instituted some of the most strict restrictions on the use of biometrics in the United States. Known as the Biometric Information Privacy Act (BIPA), the state statute was enacted to protect an individual’s sensitive data.

To comply with the BIPA, private employers in Illinois “must develop a written policy, [that is] made available to the public, establish a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within three years of the individual’s last interaction with the private entity, whichever occurs first.”

The Illinois nursing home mentioned previously is now facing a lawsuit brought by an employee alleging that her BIPA was violated due to the facility’s unauthorized use of fingerprint scanners for employees to sign in and out of shifts. Under the BIPA, private companies must provide clear notification of the collection of biometric data. Moreover, employees subject to the biometric collection practices must first approve the data collections via written approval.

Should it be found that the Illinois nursing home violated the BIPA, hefty fines may be imposed. Under the BIPA, private employers may be required to pay up to $5,000 in fines for each violation. Furthermore, transfers of the data to out-of-state entities would also qualify as fineable offenses under the BIPA. It has yet to be determined whether the Illinois LTPAC center has committed this particular violation.

For those in LTPAC centers considering the use of biometrics to collect and store employee data, the best course of action would be to proceed with great caution. Private employers should take significant time to analyze state and federal statutes pertaining to biometric data-gathering. Although Illinois appears to be leading the pack in regulating the use of biometrics, other states may well follow suit in adopting variations of the BIPA.

Innovation and technology can do wonders when it comes to improving life for healthcare employees, patients, and residents. However, with the emergence of ground-breaking technology comes the need for new laws to protect the public. Frequently, the law is far behind society, especially where technology is concerned. So, it would seem advisable to tread the biometric waters with caution and careful preparation before diving in.

Sources:

http://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3004&ChapterID=57

https://www.law360.com/illinois/articles/975935