What to keep in employee files (personnel, medical, etc.)

I know that medical information should be kept in a separate file from the employee’s ‘personnel’ file, but how do other companies divide up the forms? For example: if an employee’s attendance form indicated they were gone due to personal illness, can that still be kept in their personnel file? If they bring in a doctor’s note I usually staple it to the attendance form. Or should I simply note on the form that a doctor’s excuse was received, then file the attendance form in personnel file, and the doctor’s note in their separate medical file?

It makes sense that FMLA forms should be kept in their separate medical file, but what about work comp information? Can the separate medical file contain work comp info AND other medical info such as FMLA, STD claims, etc.?

It seems that even for a company with about 150 employees, 3 different files in the personnel office for each employee can be cumbersome. How do other companies separate their files?


  • 11 Comments sorted by Votes Date Added
  • Separate files in separate secured cabinets.
  • We maintain 2 files. One for "all" medical information, including doctors notes, disability forms, worker's comp records, etc. The other for all other personnel records, such as attendance records, salary history, 401K forms, training records, etc. The files are kept in separate rooms.
  • We maintain separate files in separate secured cabinets.
  • My old rule is 'The only reason to file things in the first place is to facilitate retrieval'. File things so they can readily be retrieved. Anything med related must be separate from the standard personnel file. But, file medical related things so that you can retrieve them easily. Attach doctor's notes to the related attendance summary sheet or the document showing their absence. If you have to retrieve it, it's all together in the medical file, not separated out with part in med and part in personnel.

    But, there's nothing wrong with having an attendance chart or time summary or time card in a personnel file with a notation on it indicating illness or sick day. Those by law are not medical documents and do not tend to identify a disability, which is the basis for that portion of the ADA requiring separate files in the first place. Regarding FMLA, its the medical information on the forms that is restricted, not the mere mention of their being on FMLA. Although its wise not to even mention a person's being out on medical leave, the law addresses the restriction to medical information or documentation that could identify a handicap or medical condition. (And then there are companies who publish all of this in the company newsletter anyway).

    Whatever size your company is, you should have at least two files, totally apart from each other and you must monitor access to the files and tightly control that.
  • I have another question? We are in the process of re-drafting our retention policy. One of the things we are looking at is creating 4 seperate personnel records for each employee. One of the folders would contain medical information and benefit information. Our reason is that at one of the 5 HIPAA trainings I attended over the last 3 years said that enrollment forms (including FSA) were considered PHI and should be kept with other medical records. This does not make sense to me. Does anyone else know if this information is accurate. Is it even legal to keep enrollment forms in the same file as medical records? Our legal department is looking into it so that means they will have an answer some time next year.
  • Here's another question - what about 401(k) information? I currently keep this in the employee's personnel file but I have just received a request from our Controller for several employees' personnel files due to our annual 401(k) audit. At a former employer I kept this information separate and it made things alot easier during audit time. I'm also concerned about the other information in these files.
  • I don't think you are required to sperate them but we are going to start seperating ours. We are going to have a performance review folder, a benefits/medical file, a 401K and Pension file and a general file for everything else.
  • When a controller or any other department requests records for audit, no matter what type audit it is, they should only be given access to the records relevant to the audit, never the personnel file. Few controllers and absolutely no auditors should have access to personnel files, ever. I always tell the auditor to give me a list of what records he needs to audit and I limit the production to that. And they never can leave the audit room with them, certainly not overnight.
  • When it comes to financial audits, the controller comes to my office, I show him what he needs to see, then put the file back. It never leaves my office.
  • It is my understanding that health enrollment forms is not PHI in that it does not state anything regarding their health. We keep that form in their personnel file. Our personnel files and medical files are in separate, locked cabinets in my office which is locked in my absence.
Sign In or Register to comment.