Employee Records

kvickers · October 2006

Can anyone tell me if there is a state/federal law/regulation on keeping employee files locked?
If so, where can I get proof?
Thanks for your help.

SMace · October 2006

HIPAA requires PHI to be kept secure. Not sure if it specifically speels out locked, but we keep it locked.

We lock up the files at night, but I'm not sure there is a reg. It the right thing to do, though.

pork1 · October 2006

KVICKERS: Welcome to the form; Private and confidental rules set-up for the secure of personal information is most likely not spelled out anywhere. The HR department takes the lead on this based on the gathering of personal information that is not normally known as public information. It is the nature of our business to safe-guard the private information contained our corporate records. Not only are they under lock and key, we also apply limited access into the room. Generally speaking "safeguard" is the termed used by most HRs and it is the lock and key method of safeguarding private and confidental to need to know personnel. We even go so far as to keep the information available through: "under eye sight" of HR personnel only. Lock and key is not the issue; it is the protection of personnal, confidental, and close hold information that is the key. If the HR can provide a night shift person, that person could be tasked to safeguard the files. No "lock and key" is not required.

We also subdivide personnel information into different categories: performance, medical (HIPAA), FMLA, W/C, insurance are quick topics that come to mind. This helps to secure information that is not required for management decisions from management that does not have a need to know.

We have a locked room that is only accessable with our HR keys. As long as the security procedures set up with the opening and closing of the room the information is considered safe and safe-guarded.

PORK

kvickers · October 2006

Thanks for the input. I understanding keeping things "safeguarded", it is trying to get others to understand. I was hoping I could have something in black and white to put under the noses of those that feel this is not an important issue. But who am I???

NaeNae55 · October 2006

Do some research on Identiy Theft. Several employers have been sued because employees had personal information taken. The information was easy to obtain, and the employer was held liable.

Good luck!

Nae

HR In NH · October 2006

[font size="1" color="#FF0000"]LAST EDITED ON 10-10-06 AT 02:52PM (CST)[/font][br][br][font size="1" color="#FF0000"]LAST EDITED ON 10-10-06 AT 02:09 PM (CST)[/font]

I have a very good presentation called, "10 Key Steps to Protecting HR Data". I can send it to you if you would like - just email me at [email]hrcontact@laars.com[/email]. You might also find some more info at [url]www.dol.gov[/url].

After reading this presentation above, I recently enacted additional measures - removed SSN from all paperwork and forms - insurance, workers' comp, pay stubs and blocked all bank account information off pay stubs. We are a three person HR office, so one of us is always here, but of course, we lock up at night. And of course, managers can only view personnel files (reviews, warnings, training, pay increases/history, work history), not the confidential files, no matter what. It's a major legal issue right now, plus we want our employees to have piece of mind.

E Wart · October 2006

This is interesting. I have never had anyone ask this. I guess it is just "common sense and common knowledge" (especially since salary and other confidential information is included)among HR folks. If anyone questions it, ask them if they would like to have their file sitting out when anyone could walk up and open it? I think that will close that discussion.

E Wart

kvickers · October 2006

You would think this would end the discussion, but they do not seem to be concern about their own records.

HR In NH · October 2006

That attitude is tough to deal with. Maybe a million dollar privacy violation lawsuit would shake them up. You can do a search for privacy violations and lawsuits - probably on HR Hero - to find some more convincing info. As far as I know, there is no law to actually lock files - as another reader said, it's just good common sense.

kvickers · October 2006

Thank you! I'll see what I can find under privacy violations and lawsuits. Great idea!!

Caroliso · October 2006

you mean someone in a position of authority is arguing with you over keeping personnel files under lock and key? Woah. This person doesn't have enough to do. This seems like such a no-brainer. Maybe HIPAA is your best bet. Unless you have enough space to keep your medical files in a separate cabinet, you best best is to keep them separate from other personnel record contents but in the same file cabinet, and keep the whole thing secure.

kvickers · October 2006

Yes and I'm afraid this is an argument that will not go away over night. I do have the medical records separated and locked up. My biggest concern is keeping other personal info like SS numbers. I'm still trying to prove my case. Thanks for your help.

marc · October 2006

It is a head shaker to think that folks in management are now aware of the issues caused by not maintaining confidentiality with respect to personnel records.

Raises, salaries, disciplinary actions, social security information, phone numbers , addresses, etc, etc are all hot potatoes for business when this information is not private.

When the AP clerk finds out that reception makes more money, get ready. When the company's disturbed stalker starts visiting the VP of Marketing's home looking for a date, get ready. When the tupperware saleslady starts sending marketing materials to all the staff, get ready. And, when the identify theives get all this private information and steal a couple of identities, get ready.

Get ready for the fact that all of you are now working for some lawyer and their clients, it's just a matter of time to find out who it is.

Employee Records

Comments