Building compliant employee files –
Includes items that are designated as confidential within an employee file or kept in a separate file and not shared outside of HR, payroll, and benefits administration include benefits, PHI, drug, background, and leave data, as noted above.
Access to Employee files
Although employee files and their content are the property of the company, many states have laws requiring the employer to allow the employee a right to view particular essential employment and payroll documents contained in their employee file within a reasonable amount of time upon request. Such materials may include their application, payroll authorization and tax forms, benefit enrollment forms, discipline and performance reviews, attendance records, garnishment, and leave documents. Employers should make sure they review state-specific employment record laws when setting up their employee file access policy.
Access by other employees should be limited to the information necessary and applicable to their position and function within the business and only when there is a legitimate business need to access. For example, payroll personnel should have access to payroll-specific items like deduction authorizations, garnishments, pay data, and hours and days of work. Supervisors and managers should only have access to performance-related documents, and the benefits administrator should have access to items specific to benefits like enrollment or waiver forms and beneficiary forms.
Identify retention requirements for each employee document and record, and create a policy to ensure compliance. There are specific retention requirements for those items stored in an employee file. For example, upon the termination of employment, I-9s are required to be kept for at least three years from the date of hire or one year from the date of termination, whichever is longer. Electronic documents should be retained as if they were paper documents. If an employee has sufficient reason to keep an email message, the message should either be printed in hard copy and kept in the appropriate file or moved to an “archive” computer file folder. Computer backup and recovery methods should be tested regularly.
Also, the company should designate an individual to be responsible for the ongoing process of identifying which records have met the required retention period and then overseeing their destruction.
Employee File System
Whichever employee file system employers choose to implement, they must make sure it is consistent, organized, and protects the documents that are confidential in nature.