Managing  Sensi*ve  Employee  Informa*on  

Bri6any  Cullison,  PHR  

What  to  expect  

•  Types  of  sensi*ve  informa*on  and  when  we  commonly  encounter  it  •  Confiden*ality  and  informa*on  management  best  prac*ces    

No*ce  

•  I’m  not  an  a6orney  •  This  is  not  legal  advice,  nor  should  the  presenta*on  be  subs*tuted  for  experienced  legal  counsel.  

 

POLL  QUESTION  

Medical  and  Health  Informa*on  

• Medical  and  health  informa*on  comes  in  many  forms:  •  Doctor’s  notes  with  men*on  of  diagnosis  •  Worker’s  Compensa*on  informa*on  •  ADA  reasonable  accommoda*on  requests  or  ADA  covered  informa*on  

•  FMLA  requests  or  documenta*on  •  HIPAA  covered  informa*on*  

ADA    

•  Protects  qualified  individuals  with  disabili*es  •  Has  a  physical  or  mental  condi*on  that  substan*ally  limits  one  or  more  major  life  ac*vi*es    

•  Has  a  record  of  such  an  impairment  •  Is  regarded  as  having  such  an  impairment  

 

•  Requires  employer  to  make  reasonable  accommoda*ons  UNLESS  doing  so  would  impose  undue  hardship  

FMLA  

•  Leave  permi6ed  for:  •  Birth,  adop*on,  foster  care  •  Employee’s  own  medical  condi*on  •  Immediate  family  member’s  medical  condi*on  •  To  handle  qualifying  exigencies  •  Care  for  family  member  injured  in  ac*ve  military    •  service  

 

FMLA  

•  Leave  permi6ed  for  •  Birth,  adop*on,  foster  care  •  Employee’s  own  medical  condi*on  •  Immediate  family  member’s  medical  condi*on  •  Care  for  family  member  injured  in  ac*ve  military  service  

HIPAA  

•  Provides  rights  and  protec*ons  for  pa*ents,  along  with  par*cipants  and  beneficiaries  in  group  health  plans    

 •  Prohibits  release  of  PHI  without  consent  

•  Typically  only  applies  to  self-­‐insured        

Medical  and  Health  Informa*on  

•  You  receive  medical  informa*on  from  an  employee—  •  Evaluate  the  informa*on  •  Ask  follow  up  ques*ons,  if  necessary  •  Determine  next  steps  •  Keep  confiden*ality  in  mind  throughout  the  process  

•  Document  

Medical  and  Health  Informa*on  

Confiden*ality  best  prac*ces  with  medical  informa*on  •  Medical  informa*on  in  separate,  confiden*al  file  •  Medical  informa*on  released  on  a  need-­‐to-­‐know  basis:  •  Supervisors  or  managers  that  need  to  be  aware  of  

accommoda*ons  •  Safety  personnel  •  State  Worker’s  Comp  office  •  Insurance  purposes  

Inves*ga*ons  

•  Inves*ga*ons  can  be  for  a  variety  of  reasons,  including:  •  Discrimina*on  or  harassment  claims  •  Violence  in  the  workplace  reports  •  Other  policy  or  procedural  viola*on  

Inves*ga*on  Best  Prac*ces  

•  Receiving  the  complaint/report  •  Get  wri6en,  signed  statements  when  possible  •  Ask  for  witnesses  or  suppor*ng  documents  •  Clarify  that  retalia*on  is  not  tolerated  

Inves*ga*on  Best  Prac*ces  

•  Prepara*on  •  Review  informa*on  sources  •  Determine  who  needs  to  be  interviewed  •  Determine  ques*ons  •  Evaluate  if  interim  ac*on  is  necessary  

Inves*ga*on  Best  Prac*ces  

•  Conduc*ng  the  Inves*ga*on  •  Keep  thorough  documenta*on  •  Introduc*on  •  Listen  •  Talk  to  everyone  with  relevant  informa*on  

Inves*ga*on  Best  Prac*ces  

•  Inves*ga*on  Wrap  up  •  Review  the  gathered  informa*on  •  Make  determina*on  and  develop  ac*on  plan  •  Communicate  decision  •  Prepare  report  

Inves*ga*on  Best  Prac*ces  

•  Inves*ga*ons  should  be:  •  Prompt  •  Complete  •  Consistent  •  Objec*ve  •  Credible  •  and  handled  with  confiden*ality  best  prac*ces!  

Employee  Discipline/Termina*on  

• Use  discre*on  when  preparing  for  or  conduc*ng  disciplinary/termina*on  mee*ngs  •  Informa*on  shared  on  a  need-­‐to-­‐know  basis  • Mee*ngs  held  with  privacy  and  security  in  mind  

Employee  Personal  Informa*on    

• HR  and  administra*ve  offices  encounter  personal  informa*on  on  employees  in  many  different  forms:  •  I-­‐9  Documenta*on  •  New  Hire  paperwork  containing  personal  data  •  Direct  Deposit  •  Payroll  files  •  Includes  customer  informa*on  as  well  •  ID  thea  preven*on  is  cri*cal!  

POLL  QUESTION  

ID  Thea  Preven*on  

•  Evaluate  informa*on  security  and  disposal  •  How  easy  is  it  for  someone  to  access  your  office  during  business  hours?    

•  How  long  documents  stay  at  the  printer  before  some  one  retrieves  them?  

•  Are  documents  that  contain  personal  informa*on  lea  out  una6ended?      

•  Are  computer  screens  being  locked  every  *me  someone  leaves  there  desk?  

ID  Thea  Preven*on  

•  Are  cabinets  and  drawers  being  locked?  •  Are  emails  that  contain  personal  informa*on  being  sent  securely?  

•  Are  documents  properly  shredded  when  no  longer  needed?  

•  Who  in  the  office  has  access  to  sensi*ve  informa*on?  

ID  Thea  Preven*on  

• Develop  a  protec*on  plan  •  Conduct  a  “walk  through”  •  Iden*fy  poten*al  risks  •  Create  easy  to  follow  guidelines  and  procedures  •  Educate  your  employees  •  The  importance  of  protec*ng  personal  informa*on.  

•  Measure  that  the  company  will  take  to  began  this  process.  

•  How  the  process  will  be  enforced.  

ID  Thea  Preven*on  

• Have  a  Breach  Plan  •  No*fy  employee,  law  enforcement  and  possibly  FTC  

•  No*fy  credit  bureaus  •  Conduct  internal  inves*ga*on  •  Take  steps  to  minimize  or  prevent  addi*onal  loss  

Company  Informa*on    

•  Employees  will  oaen  come  to  HR  or  Managers  with  ques*on  of  upcoming  changes  •  Be  very  careful  of  what  you  pass  to  employees    

Employee  Files    

• Do  you  maintain  a  separate  employee  file  for  confiden*al  informa*on?  •  Medical  records  •  Pre-­‐employment  medical  exam  and/or  drug  screen  results  •  Applica*on  for  Employee  Assistance  Program  •  Any  Private  Health  Informa*on  (PHI)  as  defined  by  HIPAA  •  Any  medical  records  with  personally  iden*fiable  informa*on  

(FMLA  requests  forms  if  the  employee  has  disclosed  the  nature  of  his/her  illness)  

•  Return  to  work  releases  •  Workers  compensa*on  records  including  First  Report  of  Injury    

Employee  Files  

•  Inves*ga*on  Records  •  Discrimina*on  or  harassment  complaints,  including  inves*ga*on  

reports  •  Legal  case  informa*on  •  Complaints  of  conduct/policy  viola*ons,  including  inves*ga*on  notes  

and/  or  reports  

•  Security  Clearance  and  Inves*ga*on  Records  •  Background  check  results,  including  any  arrest  and/or  convic*on  

records  and  reports  of  criminal  history  •  Personal  credit  history  

Employee  File  Best  Prac*ces    

•  All  personnel  data  should  be  maintained  securely  • Have  a  locked  file  cabinet  • Manager  access  only  for  normal  file  • Upper  level  manager/HR  access  for  confiden*al  file  

General  guidelines    

•  Employee  informa*on  should  always  be  treated  as  sensi*ve  informa*on  • Use  the  “need-­‐to-­‐know”  rule  when  other  guidelines  are  absent  •  Keep  company  confiden*ality  policies  in  mind  •  The  best  approach  is  the  ethical  approach  

Ques*ons?  

•  Please  send  all  ques*ons  to:    

info@gnapartners.com