CLIA Lab Subject to HIPAA Not Necessarily Exempt from State Medical Privacy Law
Case: Plasma donors filed a class action claiming that a plasma donation company’s use of a donor-identification system based on a donor’s fingerprints and biometric information without consent violated Illinois medical privacy laws. The company, which happened to be a CLIA lab, claimed that the state law didn’t apply citing the definition of biometric identifiers as excluding “information collected, used, or stored for health care treatment, payment, or operations under” the federal HIPAA law. The exclusion applied, the company argued, because as a CLIA lab, it might have to disclose lab testing results of a donor subject to HIPAA. But the Illinois federal court would let the company use the defense. Significance: The defense failed not because the application of HIPAA would have exempted the company from the state law but because it didn’t adequately explain the connection between collecting a biometric template from donors on the front end and how that template is “collected, used, or stored for health care treatment, payment, or operations under [HIPAA].” The mere fact that the company was a lab subject to CLIA, which in turn made it subject to HIPAA wasn’t enough to establish such a connection, the court explained. [Crumpton […]
Case: Plasma donors filed a class action claiming that a plasma donation company’s use of a donor-identification system based on a donor’s fingerprints and biometric information without consent violated Illinois medical privacy laws. The company, which happened to be a CLIA lab, claimed that the state law didn’t apply citing the definition of biometric identifiers as excluding “information collected, used, or stored for health care treatment, payment, or operations under” the federal HIPAA law. The exclusion applied, the company argued, because as a CLIA lab, it might have to disclose lab testing results of a donor subject to HIPAA. But the Illinois federal court would let the company use the defense.
Significance: The defense failed not because the application of HIPAA would have exempted the company from the state law but because it didn’t adequately explain the connection between collecting a biometric template from donors on the front end and how that template is “collected, used, or stored for health care treatment, payment, or operations under [HIPAA].” The mere fact that the company was a lab subject to CLIA, which in turn made it subject to HIPAA wasn’t enough to establish such a connection, the court explained.
[Crumpton v. Octapharma Plasma, Inc., 2021 U.S. Dist. LEXIS 9520]
Subscribe to view Essential
Start a Free Trial for immediate access to this article