A Brief Overview of Employee Records Compliance



These days - well maybe every day throughout the history of business - record-keeping has ranked pretty low on employers' lists of priorities until they get audited or sued. For some, and certainly for those on a system like isolved, records maintenance is simplified, stored electronically in the Human Resource Information System (HRIS). For others, though, personnel files are almost certainly a royal mess.


The first thing CrescentHR does is a records audit, where we sample your Employee Records for Compliance and Risk. When we say compliance, we look for legal compliance with laws like HIPAA, ADA, and others. The Risk assessment has to do with the kinds of documentation you keep on each employee and your employee agreements - how they fit with your strategic vision and protect your business. Combined, you get an Audit Findings, Recommendations, and Compliance & Risk Scores. You are then prepared to comply and to think about employee records management in a practical, proactive, strategic manner.


Here are some precepts you should know about employee records:

  • There are different and separate files for different kinds of employee documents. Why? To protect employees. Private Health Information (PHI), for instance, information about a disability and accommodations shouldn't be available to anyone other than the HR contact to prevent discrimination. Your payroll processor shouldn't be privy to Performance records. Your Workers Comp carrier shouldn't see ethnic demographics, I-9 files, or WOTC designations.
  • Different kinds of records serve different employee needs and should be pulled only in response to very specific and authorized requests. "Needs to Know" is an important guiding principle for managing private employee information requests.
  • Federal Form I-9 must be stored separately, too, not in the Personnel record.  We have an I-9 storage guide ready to send you. I-9's can be stored electronically - almost all records can be stored electronically - but they'll need the same level of restricted access and separation as manual records.
  • There are at least five separate files that you should keep on every employee:
    Personnel, I-9, Payroll, Medical, and Injury files.  Take these distinct files very seriously and for goodness' sake, don't dump vaccine records in any file other than your Medical file.
  • Lock 'em up! Put employee records in locked cabinets, ideally in a locked room that is not the first to combust, in the case of a fire, or flood, in the case of a hurricane.
  • Finally - be sure you are not throwing away records prematurely or retaining records you don't need for longer than you need to retain them.

Let us help you get your messes ironed out.  We have a complete and proven Audit process for identifying glaring and subtle holes in your records maintenance process.


*Sign up for our June 23 Lunch-n-Learn on Employee Complaints and managing risk. Class is led by Kat Perez, an accomplished Labor Attorney.  Link below: Employee Complaints - When & How to Respond


**And call me for your free I-9 Guide (Book Time with Philip link below).

Back to Blog

Related Articles

Remote Workers on Endless Zoom Meetings Aren't More Engaged

This Week in HR, we are working remotely again as lock downs and COVID-19 continue to wreak havoc...

Empower Smart Workers with Good Systems and Tools

This week in HR, we published a podcast where we interviewed Chad Perrier, MBA, VP of Operations at...

Be the Culture You Need to Produce the Results You Want - Know Resistors

This week in HR, I’m thinking about resistors and how they impact the organization, especially in...