Article

Employee Records

By Joshua H. Viau

9 minutes

paper shredderOffices receive, generate and maintain an inordinate volume of documents related to employees, such as job postings, employment applications, resumes, reference checks, testing data, wage and hour records, and medical information.

At the same time, office managers, supervisors and human resource professionals are always looking for ways to clear the clutter in what are often overcrowded human resource offices, administrative desks and records areas.

While most financial managers are well-versed in the various legal requirements concerning maintenance and destruction of customer financial records and information, there also are myriad laws covering confidential employee information and records, including what are traditionally considered “personnel files,” payroll and benefits records and documents related to various forms of leave.

It is important for those in charge of maintaining such records to know what to keep, where to keep it and for how long. Importantly, this includes both paper and electronic information.

What Is Included in an Employee’s Personnel File?

In terms of what employee records employers need to keep, the basic rule of thumb is that all documents relating to actual employment should be kept in the same “personnel” file. Although supervisors are not normally responsible for maintaining personnel files, they create and, at least for a short time, maintain the majority of these documents.

Generally speaking, supervisors should not, without checking with HR or the office manager first, discard files that belong in the personnel file, including documents related to the employment application, the hiring process, performance, promotions and demotions, discipline, work hours, leave requests, accommodation requests, selection for training opportunities, and safety and health.

Do not include medical files, communications between HR and supervisors regarding performance or other issues, or correspondence with outside consultants or attorneys in personnel files.

It important to resist the temptation to keep everything in one place for the sake of convenience. Doing so may not only violate certain legal requirements, but also can lead to the inadvertent production of irrelevant or privileged documents and communications in the unfortunate event of litigation. 

What Should I Do With Employee Medical Records?

An employee’s medical records should be kept separate and apart from the general personnel file.

When deciding where to keep these records, an employer should first consider why it has the information. Employers collect employees’ medical information for many reasons—including processing health and life benefits, evaluating fitness for duty, addressing disability and workers’ compensation issues and considering a leave of absence—and each purpose can inject different record-keeping obligations.   

For example, employers should never maintain information submitted to their health benefits plans inside the employee’s personnel file or “benefits files” that may contain information related to other benefits, such as life insurance, to avoid accidentally sharing confidential information with someone who is not authorized to see it.

In fact, most such information is rarely in the hands of the employer because it should be provided directly to the plan itself through a third-party administrator or insurance company. In the unusual circumstance in which an employer finds itself in possession of such information, it must be kept confidential (in a locked cabinet or password protected) and separate from other employee information. 

Employers often collect information regarding their obligations under the Americans With Disabilities Act. The ADA requires that employers implement reasonable workplace accommodations for qualified employees with disabilities. To meet this obligation, an employer must have an understanding of the physical or mental limitations that may affect the employee’s ability to perform the job duties. Often, this includes gathering medical histories and job-related medical examinations. 

The ADA requires employers to keep medical records separately and confidentially—in separate, locked or password-protected, confidential files with access limited to those with a legitimate need to know.

Although courts have limited this requirement to medical exams or specific inquiries into an employee’s ability to perform the job, the Equal Employment Opportunity Commission, the federal agency tasked with enforcing the ADA and other discrimination laws, takes the position that the ADA’s requirements apply to all medical information an employer collects. Accordingly, employers should create and maintain a separate, confidential, “medical file” for each employee for whom the employer collects medical information. 

Employees seeking leave under the Family Medical Leave Act or state leave laws may also submit medical information to substantiate requests for leave. This also can include medical information regarding family members when the leave request is to care for a family member.

Like the ADA, the FMLA requires that employers maintain employee and family member medical records separately and confidentially. These requirements apply to certifications, re-certifications and medical histories. These records also should be kept in a separate file in a locked cabinet or password-protected electronic file. 

How Many Files Do I Have to Keep?

Complying with these rules might require you to keep at least three separate employee files, depending on the circumstances: 

  • a personnel file (for every employee),
  • a medical personnel file (for employees who have submitted medical information);
  • and health plan benefits claim file (for employees for whom you have received medical information related to health benefits).

Prior to developing a filing system, employers should consider the following to ensure compliance: 

  1. What are the permissible contents of each kind of file?
  2. Who will have access to each type of file?
  3. How and where will each file be stored?
  4. How and when will each file be destroyed? 

If medical information already is intermingled with personnel information, the employer first may need to designate an individual with the task of auditing the files and appropriately separating the contents before giving access to others.

How Long Do I Keep the Records?

Regarding how long to maintain employment related documents, various state and federal laws, regulations and agencies have different record retention requirements, often covering the same documents. Indeed, different record retention requirements can apply to different types of businesses. For example, staffing agencies have different record retention requirements under certain laws.

When you also consider that many states have their own laws regarding record retention, employers can be understandably nervous, or even frustrated, when trying to implement the proper procedures. Nonetheless, employers must resist the temptation to simply purge these documents when the file cabinet gets crowded.  

For example, the aforementioned ADA and Title VII of the Civil Rights Act require that employers keep records for one year from the date the record was created or from when an employment action (discipline, demotion, termination) was taken.

The Age Discrimination in Employment Act has separate retention standards, which also are one year after creation of the document or the decision. This requirement is two years under all three statutes for federal contractors.

The Fair Labor Standards Act and Family and Medical Leave Act also have separate, rigid requirements for certain documents related to employment, such as time slips, payroll records, and employee benefits related documents.

The Lilly Ledbetter Fair Pay Act, which changed the statute of limitations on when an employee can file a pay discrimination claim, retains some limits on employer liability by restricting back pay awards to two years. But this could create record retention issues and questions for employers, given that the act gives viability to claims that could have arisen years earlier. 

Generally, an employer could establish the following retention periods for both electronic and paper-based records and be in compliance with federal law:

  • Personnel: seven years after termination;
  • Medical/benefits: six years after the plan year;
  • I-9 forms: Not more than three years after termination; and
  • Hiring records: two years after hiring decision.

If the employer is involved in an employment-related dispute with an employee or anticipates such a dispute, retain all documents relating to that employee until final resolution of the dispute.

There also are record retention requirements for documents such as EEO-1 reports and tax records. State employment laws, including workers’ compensation laws, also may have record retention requirements or statutes of limitations that are different from federal requirements.   

While maintaining these records, employers also have an obligation to protect confidential employee information. As with patient information, this can be especially tricky when it comes to electronically stored information.

Exposure of personal identifying information from unauthorized access to employment records can hurt employee productivity, morale and good will.

In addition, an employer could face a negligence action. In some states, employers can be held legally responsible if they do not properly secure and dispose of confidential employee information.

How Do I Get Rid of the Documents?

Once you decide it’s the appropriate time to rid yourself of some employee records, how do you do it? Before the physical act of destroying the records, make sure you track what you are destroying, the basis for destruction (legally required retention time has passed) and the method of destruction.

This often is referred to as a document destruction log and will at least record your legitimate reasons for destroying the documents should any issues arise down the road. 

As for actual physical destruction of the documents, many mistakenly believe the law requires a particular technique for destroying confidential records. Although there is no specific requirement, custodians of records, i.e. employers, have an obligation to prevent confidential records from being used by unauthorized individuals or for an unauthorized purpose.

Realistically, any technique can be used to destroy confidential information if it at least sufficiently obliterates the records from being used for any purpose. For physical documents, shredding usually does the trick. For electronic records, use an electronic document destruction agency. 

If you contract with an outside document destruction agency, make sure the outside vendor posts an adequate bond to protect you in the case of inadvertent disclosure.

If the firm does not properly destroy the records and confidential information is obtained and used, you could be found liable. If the firm is bonded, you at least will be compensated for your losses in the unlikely occurrence that the documents are not properly destroyed.  

Draft and Implement Policies and Procedures!

To prevent mistakes and inconsistencies, office managers or human resource personnel should establish and maintain a clear policy on record retention and destruction, specifically tailored to employee records.

The policy should include a schedule, file location and methods of destruction. Once the required retention time frames have been met, employers should create a document destruction log and make sure disposal is completed with finality and security to minimize the risk of a breach.

Josh Viau is of counsel in the Atlanta office of the national labor and employment law firm Fisher & Phillips LLP. He can be reached at 404.240.4269 or mjviau@laborlawyers.com.

©2015. All Rights Reserved. Published Under License By CUES.

Compass Subscription