Dresser & Associates is Now Part of Net@Work!
X
Net@Work | Dresser & Associates
We are extremely pleased to announce that Dresser & Associates has joined Net@Work, one of the most respected Sage Software Partners in North America and an award-winning end-to-end technology solutions provider. You will see very little change relative to your Sage Software support, really just a name change.

Our existing staff will all be joining Net@Work and will continue to provide the excellent level of service and support our customers have come to expect. Our entire team is very excited about joining Net@Work and the ability to bring even more knowledge and resources to all of our clients.

Thank you for your continued business and we look forward to our ongoing relationship.

Mark F. Dresser, Dresser & Associates, Inc | mfdresser@dresserassociates.com
Read Message from Mark Dresser | Read the Full Press Release | Visit Us at www.netatwork.com

Dresser & Associates

Personnel Records: Audit: Why audit personnel files and records maintenance procedures?

There are many company liability issues that can result from improper employment records maintenance procedures. Regular review of personnel files and relevant maintenance, retention and destruction practices can reduce the number of lawsuits and penalties regarding violations of laws relevant to medical privacy, nondiscrimination, I-9s, identity theft, record retention and record destruction.

Medical privacy. HIPAA Privacy, HIPAA Security, HITECH Act and ADA all protect the privacy of an employee's medical information. If private health information (PHI) is shared without the employee's consent, it can be a HIPAA privacy violation. If proper security measures are not put into place to protect PHI, then there may be HIPAA security violations. Unauthorized access to PHI may trigger the HIPAA breach notification requirements under the HITECH Act. HIPAA laws require employers to establish specific policies and procedures for maintaining PHI. Medical information, regardless of whether it is protected under HIPAA, should be maintained confidentially and separate from an employee personnel file. Strictly limiting access to medical information on a need-to-know basis will also reduce the opportunities for an ADA violation.

Nondiscrimination. Supervisors should have access to employee personnel files when they are making employment decisions. Therefore, only information relevant to an employment decisions should be kept in the personnel file. Anything that is not relevant to the job or includes any information that distinguishes an employee's protected class should be kept confidential and separate from the personnel file.

Identity theft. Employers obtain employee personal information, including employee Social Security numbers, for payroll and other employment purposes. Security and maintenance of these employment records is imperative to avoid company liability if these records are accessed and used for identity theft purposes.

Record retention. Employers must follow state and federal record retention laws. Record retention requirements can be met by maintaining employment records in an electronic format as well as in hard copy, but electronic systems will need ongoing evaluation to ensure new technology and viruses do not make them easy targets for unauthorized access, viruses, etc. If you maintain electronic employee files, you must ensure your system has effective security protocols and backup systems in place.

Record destruction. Every organization should have a policy to govern retention and destruction processes for employment records. Federal regulations require specific methods of destruction of reports received under the Fair Credit Reporting Act. You will want to obtain advice from legal counsel on establishing your purging and destruction schedule to limit liability. Under discovery and e-discovery laws, it is illegal to destroy documents related to a current or potential lawsuit. The laws allow for records to be subpoenaed back farther than the record retention laws require, and if those records are not destroyed, they are discoverable.

I-9 Audits. An unexpected I-9 audit can bring with it a multitude of penalties if I-9 forms are not in compliance. It is in the employer's best interest to take proactive steps to review, document and correct I-9 form mistakes prior to an outside audit in order to reduce assessed fees and penalties.

Take the time to double check even the mundane tasks of personnel filing and retention practices. Are your employment records kept locked and confidential? Are personnel files up to date? Are documents getting filed in a timely manner? Are documents going into the correct files? Are security procedures for maintaining medical and other protected information continually updated to be in compliance with new laws and best practices and to avoid new risks? The best way to keep your company in compliance with employment documentation is to conduct periodic personnel filing and maintenance procedures audits.

The information provided on this page is from shrm.org.