This year has seen a substantial increase in the number of class action lawsuits filed against employers under the Illinois Genetic Information Privacy Act (GIPA). More than 20 suits have been filed this year, a stark contrast to zero filed in 2022 and only two in 2021.
Like its federal counterpart the Genetic Information Nondiscrimination Act (GINA), GIPA prohibits employers, and agents acting on their behalf, from “directly or indirectly” soliciting, requesting, requiring or purchasing genetic information from a person as a condition of employment or from using genetic information in a discriminatory manner against an employee or applicant. Genetic information is defined to include information from genetic tests or the manifestation of a disease or disorder of an individual or their family members.
Under the claims filed, plaintiffs allege that during the hiring process prospective employers collected family medical history and required pre-employment physicals or health interviews, which sought the protected information. These exams and interviews were often conducted by third-party occupational health services providers. The damages sought included “statutory damages” under the Act of $15,000 for each intentional and/or reckless violation and $2,500 for each negligent violation. In addition, GIPA has no statutory cap on punitive or compensatory damages and no statute of limitations, exposing employers to potentially massive damage awards.
Because these cases are in their infancy and currently only in Illinois, there is little guidance on the scope of GIPA and any exceptions that may exist. This means that we will need to wait and see how courts will interpret the Act and what impact the cases will have beyond Illinois.
In light of these developments, all employers should consider the following:
- Disclaimer Use on Authorizations and Information Packets: Consider adding a written disclaimer to any authorization and pre-employment questionnaires that requests applicants not to provide any genetic information when responding to requests for medical information. The disclaimer should be provided to the applicant/employee for their information.
- Review Third-party Provider Practices: Evaluate the practices of third-party medical providers, including documents provided to applicants/employees in their evaluation process, and request that family medical history not be obtained.
- Assess Contracts/Indemnification Obligations: Review and assess the indemnification provisions of contracts with third-party medical providers. It is important that the hold harmless and indemnification obligations of the provider include reference to GIPA obligations in the scope of protection for the employer.