Many HR professionals and business coaches tell their clients that they need to check references on all new hires. The problem is that due to the fear of lawsuits, companies are told they should be cautious in giving references. Because of these two diverse thoughts, we are caught in an on-going conflict debating to give a reference or not.
Providing inaccurate or inappropriate information or asking inappropriate questions may provide grounds for discrimination, defamation, or invasion of privacy lawsuits. Employers may not ask about or give out information about any of the issues protected by state or federal law. These issues include age, race, religion, national origin, or disability. Also, employers may not give false statements that damage a former employee’s reputation; nor may they provide any embarrassing personal facts.
However, it is important that employers understand they have an obligation to provide information about harmful tendencies and failure to provide that type of information can lead to negligent hiring issues by the new company and lead to claims of misrepresentation.
Many companies skirt the issue by only providing “Name, Rank, and Serial Number”, which is only a verification of title, date of hire and salary or earnings. This approach cannot help the company seeking information and may, in fact, harm the chances of good employees finding a good job. If the employee cannot find a job, they may file for unemployment, which may affect the old company and add to their unemployment taxes.
What is the answer? Employers can limit their liability and still provide useful information by:
Develop and follow a written policy on checking references that specifies who may give references, what information may and may not be given, to whom may information be given.
Limit the number of people in your organization who may give references and make sure they are trained in how to give information to others.
Always make sure you have the written consent of the former employee to provide a reference, and if possible indicate that the reference could be based on past performance reviews.
Ask for a written release of liability from the employee (usually provided through the new company) before a reference is given.
Give only truthful, job-related information based on your documented facts.
Do not give references with prejudices or malice and never, ever, make statements about the character of an employee.
Make sure the person you are giving the reference to is authorized to receive it and has a legitimate need for it.
Train those who give and receive reference on how to do it legally and correctly.
Document all reference requests and what information you provided.
Finally, when in doubt, check with your state to see if you are immune to civil liability for good-faith references and if necessary, ask legal counsel for guidance. This would be especially true if there are issues that may seem to be “delicate”. No matter what side of the coin you are on, do your due diligence and check and give references when needed.
One reason you should be looking to increase your training dollars is that you want to retain your star employees and show them that the organization believes in them and is looking to develop their skills to be even more valuable to everyone.
Let’s look at the different types of training that may be important to your organization.
Job Skills Training - A responsible organization will take steps to provide employees with the means to improve their skills. This is especially true with new hires, who are not fully up to speed and may need a program to help them not only develop their skills but to reinforce the company policies and procedures. This type of training will help off-set the time to answer questions or to re-do a job because it was not finished to company standards.
Compliance Training - Employment compliance issues are constantly in the news and are always changing. Staying current on compliance issues may be critical to the liability of the company and may be crucial for new supervisors and current management to take. If your company is mandated under the Occupational Safety and Health Act (OSHA) to provide safety training, you may be at risk if you do not comply.
Employee Development - Helps a company place employees in the right position to reduce turnover and poor morale. Effective training will not only address the needs of the individual employee, but also communicate to the employee the needs of the organization.
Succession Planning - Training of your star employees into lower, middle, and upper management will give them the opportunity to learn new techniques and to develop new skills. This type of training helps the organization to plan for growth and retirement issues.
New Supervisor Training - All too often, a good, hard worker is promoted to a lead or first line supervisory role - without any training. By taking the time to analyze the capabilities of the employee and training them into this new role, will save the company time and money and the individual the peace of mind of knowing what is expected in this new role.
Training, just like other functions, is a process. If you plan ahead and put a good, solid program together, training will only benefit your organization.
Some businesses are unsure how to handle privacy compliance in regards to HIPAA regulations.
The Health Insurance Portability and Accountability Act of 1996 has created more work for businesses in that they have to spend endless hours researching HIPAA regulations, training employees, rewriting contracts, internal documents, patient forms and policy and procedure manuals. If office administrators, practice managers or physicians are unsure how to handle privacy compliance, then there could be consequences which can include hefty fines.
The types of business entities that are affected by the law include, health plans, health care clearing houses, and those health care providers who conduct financial and administrative transactions (e.g., electronic billing and funds transfers) electronically. In order to ensure the security of personal health information, there needs to be privacy safeguard standards in place.
Entities may have the flexibility to design their own policies and procedures to meet regulatory standards. The requirements are flexible and scalable to account for the nature of each entity’s business, and its size and resources. Covered entities generally will have to:
Adopt written privacy procedures. These include who has access to protected information, how it will be used within the entity, and when the information may be disclosed. Covered entities will also need to take steps to ensure that their business associates protect the privacy of health information.
Train employees and designate a privacy officer. Entities will need to train their employees in their privacy procedures and must designate an individual to be responsible for ensuring the procedures are followed.
There are specific boundaries to keep in mind, and with some help businesses can learn to comply. For example, there must be accountability for the use and release of medical records, and companies need to ensure that health information is not used for non-health purposes. Penalties for entities that misuse personal health information include:
Civil penalties. Civil penalties are $100 per violation, up to $25,000 per person, per year for each requirement or prohibition violated.
Federal criminal penalties. Under HIPAA, Congress also established criminal penalties for knowingly violating patient privacy. Criminal penalties are up to $50,000 and one year in prison for obtaining or disclosing protected health information; up to $100,000 and up to five years in prison for obtaining protected health information under “false pretenses”; and up to $250,000 and up to 10 years in prison for obtaining or disclosing protected health information with the intent to sell, transfer or use it for commercial advantage, personal gain or malicious harm.
Recordkeeping has been a major obstacle for many companies who don't know what to save, where to save the files, how long they need to save them, or what to do with them once they are created. More importantly, they don't know who has access to them or how to destroy them.
While there is no federal or state requirement that an employer maintain personnel files, employers are required to keep certain records to comply with various laws and regulations. The overriding concern is to balance employee privacy and the employer's need to know while still managing to keep good records.
According to the Society for Human Resource Management (SHRM) standard operating procedures, the following items should be kept in separate files:
Medical Records — the Americans with Disabilities Act requires employers to keep all medical records separate. Many states have privacy laws to protect employees. All medical records including physical examinations, medical leaves, workers' compensation claims, and drug and alcohol testing must be kept separate.
Equal Employment Opportunity — to minimize claims of discrimination, it is important to keep source documents that identify an individual's race and sex in a separate file. Additionally, if internal/external charges are investigated, it is also recommended that these files be maintained separately.
Immigration (I-9) Forms — it is recommended that these forms be maintained chronologically by year. Keeping this information in a separate file reduces the opportunity for an auditor to pursue and investigate unrelated information.
Invitation to Self-Identify Disability or Veterans Status — this information is required to be maintained by federal contractors. Laws prohibit employment decisions based on certain protected classes; however, managers have the right to access an employee's file for a number of operational issues. Unless there is a need to know for accommodation purposes, these files should be maintained separately to reduce a potential source of bias.
Safety Training Records — Occupational, Safety & Health Administration ("OSHA") may audit a company's training records; keeping this information separate will protect the employer from an auditor pursuing and investigating other information in the personnel file.
Remind all employees that personnel records contain information that is very confidential and/or sensitive and should be handled very carefully.
Penalties for not following record retention guidelines can vary, depending upon the law or regulation they cover as well as the information they protect.