How to Safeguard Confidential Employee Information
From social security numbers to medical history, employers must abide by confidentiality laws to keep employee information protected.
Identity theft. Data breaches. Privacy laws. These aren’t things you want to hear or talk about it, but unfortunately, they are top of mind for employers and HR professionals. Given the amount of personal employee information employers receive, it makes sense.
Let’s think about it: In terms of hiring and onboarding alone, employers already have the following sensitive employee information in their hands:
- Social Security Number
- Birthday
- Salary
- Address
- Email address
- Telephone number
- Disability
- Background check
That’s a lot of personal identifiable information – just on day one, and it’s information that can do a lot of damage if it gets into the wrong hands. And that’s just the tip of the iceberg. Employee medical information, specifically, has strict rules around how it’s safeguarded.
Medical Information
There are a number of federal and state laws that have specific mandates around how employers maintain and safeguard employee information.
In fact, the U.S. Equal Employment Opportunity Commission (EEOC) recommends the following:
“Do not place medical information in regular personnel files. Rather, keep medical information in a separate medical file that is accessible only to designated officials. Medical information stored electronically must be similarly protected (e.g., by storing it on a separate database).”
So, if you’re still keeping employee personnel files in a locked filing cabinet, you may want to rethink your trust in that form of security.
Not surprisingly, there are also limitations around who can view medical files. According to the EEOC, employee medical information may only be disclosed under the following circumstances:
- To supervisors and managers who need access to medical information in order to accommodate an employee’s work restrictions
- To first aid and safety personnel when an employee requires emergency medical treatment or assistance
- To individuals investigating compliance with the ADA or other health laws
- When required for workers’ compensation laws or for insurance purposes
What are Employers Allowed to Disclose?
Of course, there’s certain employee information that is okay to disclose without fear of breaking confidentiality laws or a potential lawsuit.
According to the Society for Human Resource Management (SHRM), the following employee information can be shared – when and where appropriate:
- Partial birth dates (i.e., day and month)
- Telephone numbers or e-mail addresses may be distributed to department heads
- Identifying information can be shared with department heads for salary or budget planning, review processes, and for timekeeping purposes
- Employee’s company anniversary or service recognition information
- Employee and dependent information may be shared for open enrollment processes for periodic benefit plan changes or benefits statement updates
The Takeaway
Employers have a huge responsibility when it comes to protecting employees’ personal information. Even seemingly harmless actions – like sharing someone’s full birth date to a coworker who wants to plan a birthday party for them – can be a breach of confidentiality.
What’s more, it’s up to employers to ensure that personal identifiable information is stored securely and doesn’t get in the wrong hands. One great way to do this? With reliable HR software that can help you easily and securely store and organize employee documents.
