From: Staffing
Self Auditing
The employment relationship and required documentation is governed by many different governmental regulatory agencies, each maintaining different priorities and compliance requirements. Many laws, covering such topics as discrimination, safety, and immigration, charge governmental regulatory agencies with specific objectives and require certain documents when regulating an employer’s compliance with these laws. Consequently, an effective plan for limiting an employer’s exposure to liability can protect employers from potentially devastating consequences resulting from either a governmental audit or the document request of a plaintiff’s attorney.
Periodic self-audits are an important tool in avoiding legal disputes. While numerous laws make a self-audit increasingly complicated, the potential benefit of identifying and proactively addressing potential claims cannot be understated. Employers who fail to conduct periodic evaluations of their policies, procedures, and practices may find themselves with a multitude of legal liability. When conducting a self-audit of personnel files, an employer should ask the following questions:
- Does the file reflect all of the employee’s raises, promotions, and commendations?
- Does the file contain every written evaluation of the employee?
- Does the file show every warning or other disciplinary action taken against the employee?
- If company policies provide that written warnings or other records of discipline will be removed from an employee’s file after a certain period, have they been removed?
- If the employee was on a performance improvement plan, a probationary or training period, or other temporary status, has it ended? Has the file been updated to reflect the employee’s current status?
- If the employee handbook has been updated since the employee started working for the organization, does the file contain a receipt or acknowledgement for the most recent version?
- Does the file contain current versions of every contract or other agreement between the employer and the employee?
In performing a self-audit, through asking the previous questions, an employer can be confident that personnel files will be the best defensive weapon against a discrimination claim.
Documents Not to Be Included in a Personnel File
Employers should carefully consider how to file each and every personnel document maintained. The law requires that employers keep a separate file for medical records, but a solid defensive strategy would also include separate files for other types of employee information.
Employment Eligibility Documents
As previously mentioned, employers should keep Forms I-9 in a separate file. While an employer is permitted to photocopy the documents offered by an employee as proof of work eligibility, such practice is not required. Employers who choose to photocopy and retain these documents should not retain the information in a personnel file. Such a practice can generate a resource of information for a plaintiff or regulatory agency seeking to investigate discriminatory employment practices.
Medical Records
Medical information, such as pre-employment physicals, medical surveillance information, injury reports, medical questionnaires, workers’ compensation reports, and drug-testing results, should be maintained separately from the employee personnel file. Employers must limit access to medical information due to privacy and confidentiality concerns and regulations. In fact, a great deal of governmental regulations exists for employers to consider in regard to the maintenance and retention of medical records.
The Americans with Disabilities Act
The Americans with Disabilities Act (ADA) enforces specific guidelines in regard to the gathering and maintenance of employee medical information. For example, prior to an employment offer, all disability related inquiries made by an employer must be job related.
The ADA has a narrow exception to the prohibition of pre-employment medical inquiries. An employer may condition an offer of employment on the results of a medical examination as long as the following criteria are met:
- The examination is given to all entering employees.
- The results are kept confidential.
- The examination is not used to discriminate against individuals with disabilities; however, results may prove that the individual is unqualified for the particular job.
Additionally, the ADA imposes very strict rules for handling medical information obtained during employment. The ADA prevents employers from practicing the following:
- Requiring a medical examination before making a job offer.
- Inquiring as to whether an employee has a disability.
- Inquiring as to the nature or severity of any disability unless the inquiry or examination is job related and consistent with business necessity.
The results of any medical examination must be kept confidential, and segregated from the personnel file. However, the ADA recognizes that employers may have a legitimate need to disseminate the results of medical tests or other medical information, and allows confidential medical information to be shared with the following persons:
- Supervisors who need to arrange necessary work restrictions and make necessary reasonable accommodations.
- First-aid and safety personnel, should emergency treatment be required.
- Government officials investigating compliance.
Employee medical information must be disseminated under the appropriate conditions. Moreover, it is important for employers to strictly limit the amount of information shared to only the amount of information required to answer an inquiry.
The Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act (HIPAA) was enacted to improve health insurance coverage in the group and individual markets; to combat waste, fraud, and abuse in health insurance and health care delivery; to simplify the administration of health insurance; and for other purposes. Under HIPAA, covered entities may not use or disclose an individual’s protected health information without the authorization of the individual unless specifically required or allowed by the privacy regulation.
While employers are not covered entities, they are affected by the privacy rules based on their sponsorship of health plans and procedures for dealing with the health information of 50 or more participants. If an employer does not have 50 participants in the company health plan, they generally need not be concerned with HIPAA restrictions. Effective April 14, 2004, HIPAA’s privacy rules became effective for sponsor small health plans. A small health plan is one that paid premiums or claims of $5 million or less in their most recent plan year.
For employers subject to the privacy provisions of HIPAA, the requirements are more stringent for self-funded plans than they are for fully insured plans. Self-funded plan requirements are more stringent because HIPAA assumes that if an employer has a fully insured plan, the employer generally does not have access to protected health information (PHI). In self-funded plans, employers who make initial or final claims determinations need PHI to make claims decisions. This protected health information is protected under HIPAA.
The Family and Medical Leave Act
The release of confidential medical information is also regulated under the federal Family and Medical Leave Act (FMLA), particularly if an employer requests medical certification or requires an employee to take a fitness-for-duty examination when returning from FMLA leave. It is crucial for employers to maintain any tests or results from a medical certification in a separate medical file, apart from the general personnel file.
Background Investigation Records
Every employer’s ultimate goal is to hire and retain hard working and productive employees. However, employers may have difficulty in effectively evaluating an individual’s capabilities based on an application form and one or two interviews. Employers may choose to further investigate an applicant through a background report. Background reports are sensitive and confidential by their very nature, and by law they must be restricted to those individuals who are directly involved in the hiring process. A thorough reference and background investigation may be able determine if the applicant will become a welcome addition to the team or a threat to the employer, employees, or customers. Additionally, courts may determine that an employer has a duty to conduct a background investigation, especially under circumstances where the failure to conduct a background check creates a liability for negligent hiring or retention.
Under the Fair Credit Reporting Act (FCRA), employers must comply as follows:
- Clearly disclose to the applicant, in a separate document, that a background check is being prepared by a third party.
- Acquire a signed release from the applicant before checking records such as criminal convictions, pending criminal cases, driving records, credit reports, or educational credentials.
- Provide the applicant with a copy of the report and a notice of legal rights if the employer intends to deny employment based on the information contained in the report.
The FCRA is designed to balance an employer’s interest in assessing a potential employee with the employee’s right of accuracy and privacy regarding their credentials.
Safety Records
The Occupational Safety and Health Administration (OSHA) regulates and monitors workplace safety. Employers should maintain all safety-related records in a separate file for the same reason all Forms I-9 should be maintained in a separate file, to allow an OSHA auditor to see only OSHA-related records during an OSHA audit. This safety record file might also contain documentation relating to an employee’s participation or involvement in an OSHA claim or investigation — limiting access to such documentation would make it easier to keep the information from influencing possible adverse decisions against the employee that could in turn result in retaliation claims under OSHA.
Access to Records
Approximately half of all states regulate the maintenance of and access to personnel records. For example, some states have placed restrictions upon the use and release of personnel information with regard to child care employees, sworn police officers, and employees of the state’s public and university school systems. Additionally, some state laws require employers to allow employees to inspect and /or to obtain a copy of their files. Access to personnel records is usually subject to some restrictions, for example, inspection only in the presence of management or a prohibition against removal of information.
Most public sector employees have the right under state laws to examine their personnel file. Some states permit public employees to have access at a reasonable time. Public employers should have a policy in place (or defer to an official department policy) that defines the parameters of a reasonable time so employees may enjoy their right of access, without unduly interfering with the employer’s mission.
The reasons for limiting employee access to their individual files are not so much legal as they are practical. In certain instances, management may not want an employee to view various types of test results or criticisms of performance. In other cases, a disgruntled or unhappy employee may request to see the file, and proceed to scrutinize the entire record for the purpose of finding a basis for a lawsuit against the employer. This is especially true of former employees. For this reason, granting access to former employees is not recommended unless legally required. In the event an employee asks a specific question about what is in a file, management should consider providing an answer or document relating to that specific question or read a document to the employee, rather than turn over the entire file.
Review of an employee’s personnel file by third parties should also be carefully controlled. Employees who feel damaged by improper disclosure or referral practices have filed defamation lawsuits. Thus, many employers have adopted strict nondisclosure rules or a policy of providing only “neutral references,” and thereby only releasing the former employee’s name, position, and dates of employment.
In light of the growing number of defamation lawsuits based on disclosure of personnel file information, some states have legislation providing that an employer will be immune from liability based on providing job performance information to a former employee’s prospective employer. However, an employer may incur liability if proven that the employer produced information that was knowingly false, provided with malicious purpose, or violated a civil right of the former employee under state law. Notwithstanding such laws, ample room remains for lawsuits based on employer-provided references. For employers who have a policy of providing references to other employers, it would be wise to obtain a waiver from a current employee prior to their departure from employment. Generally, however, a strict nondisclosure rule may still be the safest option. Often, human resources managers will receive a subpoena from a party in a lawsuit, requesting the production of documents (including personnel files) regarding a former employee. Because the subpoena requires compliance under authority of the court, producing the requested documents in this compelled manner will generally not subject the employer to defamation liability. In such a case, the other party in the lawsuit has the burden to object to an improper request.
Federal law requires that records be maintained for job applicants, current employees, and former workers for certain prescribed lengths of time, so that government agencies will have material to review during investigations. A table outlining the primary federal recordkeeping requirements with regard to what information must be kept and for how long is included at the end of this chapter.
In addition to personnel information normally retained in the course of business, the Equal Employment Opportunity Commission (EEOC), state and local EEO agencies, and other agencies require that once a complaint of an unlawful employment practice has been received, the employer must preserve all personnel records, production records and other evidence which may pertain to the complaint until the matter has been resolved. Similarly, the breadth of an investigation into a complaint may extend beyond records relating to the charging party, and include records regarding all employees holding positions similar to the one held or sought by the charging party.
Federal Recordkeeping Requirements
Documentation | Retention Requirements | |
Personnel records including application forms and records concerning hiring, promotion, demotion, transfer, layoffs, terminations, and terms of compensation. | 1 year from date of personnel action taken with respect to the particular record or date record was made — whichever is later (29 C.F.R. 1602.14). | |
Records relevant to complaint of unlawful employment practice. | Until final disposition of charge (29 C.F.R. 1602.14). | |
Employers with 100 or more employees: Copy of EEO-1 Report. | Copy of most recent report filed for each reporting unit must always be retained at unit or company/division headquarters (29 C.F.R. 1602.7). | |
Federal contractors, subcontractors: Affirmative Action Plans. | No period specified (2 years recommended). | |
Form I-9. | 1 year from date of termination or 3 years after creation — whichever is later. | |
Written employee benefit plans; merit or seniority systems. | While plan is in effect, plus 4 years after termination of plan (29 C.F.R. 1627.3). | |
Payroll or other records containing each employee’s name, address, date of birth, occupation, rate of pay, and compensation earned per week. | 3 years from date of creation (29 C.F.R. 1627.3). | |
Supplemental basic records, including wage rate tables, time schedules, and order and shipping records. | 2 years from date of creation (29 C.F.R. 1620.32). | |
Records pertaining to certification of leave as qualifying under the Family and Medical Leave Act (FMLA) and any disputes regarding such certification. | 3 years from date of creation. |