Human Resource Blog

Where HR Professionals Seek Answers

A Practical Source For Your Daily HR Needs.Lets Build An HR Blog Community Together! Want To Share Your HR Knowledge Or Gain Knowledge Through Other Professionals?Lets Discuss HR!


Access to HR Files

Is this problem? Is it legal to see all employee info including possible medical info? I am the IT manager at our company and this request was made to me. I questioned the validity of this and possible danger of it. My boss was not happy that I questioned this order from our COO. I said this could lead to legal issues. I just want to know if I was right to question this action of full/unlimited access.

Usually, our site is reserved for HR/Employers but since your question is regarding the security of HR files we’ll provide our feedback.

You’re absolutely right in questioning the request. Hopefully, the HR Manager or whoever oversees the HR files is aware of the request and questions it too.

There may be a legitimate reason for the COO to have access to the records but even so it’s best for only HR to have full unlimited access. Upper management is often privy to some of the information retained in employees’ files. Still, their access should be limited and any request to view additional information should be approved and supervised by HR.

You have good cause to be concerned about medical information being shared inappropriately. Medical information retained in employee files is usually limited to health insurance elections, and non-FMLA/ADA related doctor’s notes. More detailed medical information such as medical questionnaires, reimbursement claims, drug test results, accommodation requests under the ADA, and leave requests under the FMLA must be maintained in a separate confidential file with secured access. Federal laws including HIPAA, FMLA, and ADA restrict the accessibility of covered information. A COO usually doesn’t fit the criteria of needing unrestricted access to this type of information about every employee.

You’re best course of action is to make sure HR is aware of the request from the COO. You should have some type of approval procedure in place for when anyone requests access to the HRIS (or however employee files are stored). Let your boss know that there are federal laws (any maybe some state laws) that restrict access to certain employee information and these laws apply even to the COO and any other C-level. Insist that you were just trying to protect the company from the significant expense they would incur by violating these laws.


This entry was posted on Friday, March 10th, 2017 at 8:44 pm and is filed under
Human Resources Management.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.

Leave a Reply

  • [ Back ]
  • WP-SpamFree by Pole Position Marketing

Home Ask a Question Archives

© 2008, All Rights Reserved