Audit Your Records — Maintenance Procedures

There are many liability issues that can result from improper employment records maintenance procedures. Regular review of personnel files and relevant maintenance, retention, and destruction practices can reduce the risk of legal violations relevant to medical privacy, I-9s, identity theft, records retention, and records destruction.

Medical privacy HIPAA laws require employers to establish specific policies and procedures for maintaining Protected Health Information (PHI). Medical information, regardless of whether it is protected under HIPAA, should be maintained confidentially and separate from an employee's personnel file. Strictly limiting access to medical information on a need-to-know basis will also reduce the opportunities for a violation of the Americans with Disabilities Act.

Identity theft — Employers obtain employee personal information, including employee Social Security numbers, for payroll and other employment purposes. Security and maintenance of these employment records is imperative to avoid company liability,
if these records are accessed and used for identity theft purposes.

Record retention Employers must follow federal and state record retention regulations. Records may be retained in an electronic format as well as hard copy, but electronic systems will need ongoing evaluation to ensure that they are not easy targets for unauthorized access or viruses. If you maintain electronic employee files, you must ensure your system has effective security protocols and backup systems in place.

Record destruction — Every organization should have a policy to govern retention and destruction processes for employment records. Under discovery laws, it is illegal to destroy documents related to a current lawsuit.

I-9 audits An unexpected I-9 audit can bring a multitude of penalties if I-9 forms are not in compliance. I-9 forms should be retained the later of — one year after completion of employment with the organization or three years after the hire date.

The best way to keep your business in compliance with employment documentation is to conduct periodic audits of your personnel filing and maintenance procedures. Here are some things to consider:

Are employment records kept locked and confidential?
Are documents filed in a timely manner?
Are security measures in place to protect employees' medical information?
Is someone assigned to review the retention and destruction of employment documents?

SESCO Management Consultants is available to assist with workplace issues. You may contact us by phone at 423-764-4127 or by email at sesco@sescomgt.com .