Comparison · Privacy

BIPA vs GIPA (Illinois)

BIPA is Illinois's biometric privacy statute — fingerprints, retina scans, voiceprints. GIPA is the state's genetic information privacy act. Both have private rights of action and have produced major class-action exposure.

Last reviewed May 24, 2026

Side by side

Option A

BIPA (Illinois)

Illinois Biometric Information Privacy Act — regulates collection, storage, and use of biometric identifiers (fingerprints, retina/iris scans, voiceprints, face geometry).

740 ILCS 14
  • 740 ILCS 14.
  • Written informed consent required before collection.
  • Private right of action — statutory damages of $1,000 per negligent violation, $5,000 per intentional.
  • Source of large class-action verdicts.
Option B

GIPA (Illinois)

Illinois Genetic Information Privacy Act — regulates collection, use, and disclosure of genetic testing information by insurers, employers, and others.

410 ILCS 513
  • 410 ILCS 513.
  • Written informed consent required.
  • Private right of action — $2,500 per negligent, $15,000 per intentional violation.
What's covered
BIPABiometric identifiers (fingerprint, iris/retina, voiceprint, face geometry)
GIPAGenetic information from genetic testing
Statutory damages
BIPA$1K negligent / $5K intentional per violation
GIPA$2.5K negligent / $15K intentional per violation
Private right of action
BIPAYes
GIPAYes
Consent requirement
BIPAWritten informed consent before collection
GIPAWritten informed consent before disclosure

When to use BIPA (Illinois)

  • Any Illinois practice using biometric clock-in, biometric patient ID, or biometric workforce access controls.

When to use GIPA (Illinois)

  • Any Illinois practice handling genetic test results, including BRCA/genomic panels.

Common mistakes

  • Deploying biometric workforce timeclocks in Illinois without BIPA-compliant written consent — the lead source of class actions.
  • Disclosing genetic test results without GIPA-compliant authorization, even for treatment coordination.
  • Assuming HIPAA preempts BIPA/GIPA — it does not; both apply.

Sources

Take it into the workspace

Document IL overlay in the SRA readiness check

Open sra studio
Authored by D3rx

D3rx is a healthcare-billing and compliance research aid maintained by D3rx Inc. Articles are drafted by an LLM (Anthropic Claude) against primary HHS, OCR, CMS, eCFR, NIST, and state-regulator publications, and reviewed for restraint and source fidelity by the D3rx team.

Reviewer status: a named credentialed reviewer (CHC, CHPC, or healthcare attorney) is being engaged. Until that engagement is finalized, this page does not claim credentialed review.

This comparison is a research aid for billing and compliance staff. It does not provide legal, medical, or financial advice and does not replace counsel. References cited link to primary sources at CMS, HHS, OCR, eCFR, NIST, and the relevant payer or state regulator. Last reviewed May 24, 2026.