The Laws Regarding Confidential HR Files

close-up of files in a filing cabinet in an office
••• Ciaran Griffin/Stockbyte/Getty Images

HR serves as the gatekeeper of employee information -- sensitive personal data, performance and compensation history, and health-related records. Not everything kept in HR's personnel files is confidential, but to comply with the Sarbanes-Oxley Act, control and access to all personnel files should be limited. Several other federal laws dictate that HR keep business-related employee information separate from medical information to prevent discrimination, ensure confidentiality and guard employee privacy.

Americans With Disabilities Act

The Americans with Disabilities Act polices the distribution of employee medical information. To comply with ADA, human resources must keep separate, secure files to store documents about workers' health histories and conditions. Another ADA stipulation limits access to those files. Office first aid or medical staff called to attend an employee at work may see the files. Direct supervisors of employees with disabilities can access them if the employee requires reasonable accommodation or restricted duties. The only others granted access by ADA are government officials, when required by law, and insurance companies that require a medical exam.

Genetic Information and Non-Disclosure Act of 2008

The Genetic Information Non-Disclosure Act disallows employers with at least 15 employees from ever obtaining or requesting genetic information about job candidates, workers or their relatives with a few exceptions. If an employee's or family member's genetics are acquired under an exception, GINA mandates that it be kept separate from the employment-related personnel file for confidentiality. According to the Bernstein Shur law firm, HR can file genetic information in the employee's ADA medical file.

Family and Medical Leave Act

Although the Family and Medical Leave Act doesn't stipulate the format of leave and compensation records used to support an employee's absence under its provisions, it does specify that they must be considered confidential and kept separate from the personnel file.

Health Insurance Portability and Accountability Act

According to Ohio law firm Coolidge Wall, the Health Insurance Portability and Accountability Act does not cover HR personnel files containing employee health information unless the employer is a group health plan sponsor. However, HIPAA's standards for guarding the confidentiality of employee health information should be respected by HR professionals. For example, identifiers such as social security number, birth date, name and address should not be shared.

Other Confidentiality Concerns

State law may place an additional record-keeping burden on HR for confidential information such as background checks or credit reports. Other kinds of information, such as work-related investigations on theft or complaints, have no state or federal legal filing requirement. By maintaining separate files, HR can control access and minimize the risk associated with breaches of privacy.

Related Articles