BIPA vs GIPA (Illinois)
BIPA is Illinois's biometric privacy statute — fingerprints, retina scans, voiceprints. GIPA is the state's genetic information privacy act. Both have private rights of action and have produced major class-action exposure.
Last reviewed May 24, 2026
Side by side
BIPA (Illinois)
Illinois Biometric Information Privacy Act — regulates collection, storage, and use of biometric identifiers (fingerprints, retina/iris scans, voiceprints, face geometry).
740 ILCS 14- 740 ILCS 14.
- Written informed consent required before collection.
- Private right of action — statutory damages of $1,000 per negligent violation, $5,000 per intentional.
- Source of large class-action verdicts.
GIPA (Illinois)
Illinois Genetic Information Privacy Act — regulates collection, use, and disclosure of genetic testing information by insurers, employers, and others.
410 ILCS 513- 410 ILCS 513.
- Written informed consent required.
- Private right of action — $2,500 per negligent, $15,000 per intentional violation.
When to use BIPA (Illinois)
- Any Illinois practice using biometric clock-in, biometric patient ID, or biometric workforce access controls.
When to use GIPA (Illinois)
- Any Illinois practice handling genetic test results, including BRCA/genomic panels.
Common mistakes
- Deploying biometric workforce timeclocks in Illinois without BIPA-compliant written consent — the lead source of class actions.
- Disclosing genetic test results without GIPA-compliant authorization, even for treatment coordination.
- Assuming HIPAA preempts BIPA/GIPA — it does not; both apply.
Sources
- Illinois General Assembly — 740 ILCS 14 (BIPA)https://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3004
- Illinois General Assembly — 410 ILCS 513 (GIPA)https://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=1535
Related
Document IL overlay in the SRA readiness check
Open sra studio →D3rx is a healthcare-billing and compliance research aid maintained by D3rx Inc. Articles are drafted by an LLM (Anthropic Claude) against primary HHS, OCR, CMS, eCFR, NIST, and state-regulator publications, and reviewed for restraint and source fidelity by the D3rx team.
Reviewer status: a named credentialed reviewer (CHC, CHPC, or healthcare attorney) is being engaged. Until that engagement is finalized, this page does not claim credentialed review.
This comparison is a research aid for billing and compliance staff. It does not provide legal, medical, or financial advice and does not replace counsel. References cited link to primary sources at CMS, HHS, OCR, eCFR, NIST, and the relevant payer or state regulator. Last reviewed May 24, 2026.