Scenario: David Jackson owns a three-location funeral business in the central United States. He employs more than 20 people. This past summer, David brought on a part-time employee to assist with administrative tasks. The priority was to file the large amount of paperwork that everyone at the primary location had neglected.
This part-time employee (Jessica) had worked for the funeral home part time during high school and her summer breaks from college. Jessica was very personable and didn’t seem to mind all the hours she spent filing.
At the end of summer, David was confronted by one of his female funeral directors wanting to know why she wasn’t paid as much as another male funeral director. During their conversation, David was made aware of how this employee knew her male counterpart’s salary. Apparently one of the reasons Jessica didn’t mind filing was because she enjoyed reading everything she handled. In fact, she had gone into the employee filing cabinet to file some employee benefit information and read every employee’s file! She then shared what she learned with several other employees.
David was stunned by this revelation. He struggled with how to deal with both Jessica’s actions and his funeral director’s concern about her salary, so he reached out for HR assistance to resolve the issue. This case study will focus on the discovery of how one employee learned of another employee’s salary.
What are the rules? The Health Insurance Portability and Accountability Act is the first federal regulation that comes to mind. HIPAA establishes national standards to protect individuals’ medical records and other personal health information. This certainly may be applicable in this situation, as Jessica was clearly going through many different files.
Additionally, every individual has a reasonable and fundamental right to privacy. While there is no federal law that designates that employers must keep personnel records (other than those associated with medical files) confidential, employers may find themselves on the wrong side of a lawsuit should private information in their personnel file be accessed by another unauthorized individual.
Consider the fact that many employers gather a large amount of personal information about their employees in the normal course of employing them. Employers are likely to have employees’ social security numbers, personal phone numbers, addresses and a myriad of other personal information. Not properly protecting this information can be very costly for an employer.
It should also be stated here that there is no federal law that requires employers to make personnel files available to an employee who wants to see his or her own file. However, many states have enacted legislation that does give employees this right. Please check your individual states to determine what your obligations are as an employer. Additionally, employers are limited in their ability to stop employees from disclosing their salary themselves to whomever they want.
Did the employer make any mistakes? Yes. Unauthorized access to confidential information was gained and shared inappropriately. Further, information about medical benefits and claims were in the same files. Under HIPAA, this information must be closely protected.
Resolution of the issue: This was not a simple matter. It required several steps to address.
First, David had a meeting with Jessica where he discussed the overall requirement of confidentiality necessary within the business and required by HIPAA laws. Jessica was very apologetic over her actions. She admitted that she told a couple of employees about the salaries she had seen. She also stated that she wanted to continue to have an opportunity to work in the business. David told her that as the filing was completed, he did not need her any further and that he could not give her any guarantee of future employment.
Second, David met individually with the employees Jessica identified as those she revealed salary information to. He stressed the confidential nature of the information they received and expected that the information would not be circulated, as it was information that they should not have had. They were made aware that the improper use of the information could result in disciplinary action up to and including termination.
Third, he informed those employees whose salaries had been shared and assured them he was taking all actions necessary to address the situation and prevent it from reoccurring.
Fourth, David reiterated to all parties involved that a team atmosphere and strong positive morale were necessary in the workplace for their families to be served at the level of care the funeral home had set as a standard. His expectation was that no one would allow this incident to detrimentally impact how they served their families.
Preventive measures: David might have avoided this situation if he had either made certain that Jessica understood and agreed with the confidentiality required or ensured that no confidential employee information was within the scope of filing she was doing for the business.
Further, the filing cabinet or drawer where all employee personnel files are stored should be secured in a locked file. Then only those who are authorized and who understand the confidentiality requirements of dealing with those files should have access.
Additionally, all files regarding medical/health benefits and claims must be kept in a file separate from the main personnel files. If you are not certain what employee files you should have and what should be in the files, please reach out to The Foresight Companies for assistance.