Article main image
Jun 29, 2020
This article is part of a series called Remote Work.

How are you staying compliant during these times of remote working? With so many companies having their workforces do their jobs from home, all facets of the business are being presented with new challenges.

For HR professionals, maintaining personnel records, fostering human capital, and balancing the day-to-day duties of HR all from the home office, is especially difficult without the right tools.

Like nearly all workers, HR has had to transform the way it functions and communicates with the rest of the business. It’s easy to feel isolated from the rest of the company and challenging to do HR work when you’re no longer able to interact face-to-face with employees at the office.

Now nearly everything is done digitally over the cloud. For companies that keep their records digitally, it makes handling personnel records much more doable from home; however, there are different rules for staying compliant with digital records, especially when working from home.

As the HR rep for your company, you deal with a lot of the personal and private information of your fellow employees. As such, you’re responsible for making sure that information is secured and that it’s stored in a way that complies with a litany of regulations and standards. Maintaining employee records is one of many HR duties, but it’s one that must stay in line with company policy and the law.

A diligent HR department files away records and keeps them on-hand at all times, but when the occasion arises to find a specific record, a lot of time can be wasted digging through the archives to find the right files. Even within the most organized and maintained archives, if a folder was filed in the wrong place, it can take you hours to manually browse through the entire archive to find it the next time. In some cases, such as an audit or legal injunction, the files need to be retrievable in a timely manner.

It just takes a little bit of knowledge about data security and then putting it into practice to protect company data. It’s absolutely vital that everyone is aware of common-sense cybersecurity practices.

Fortunately, it’s easy. Most tools and systems for working with digital records are widely available and easier to set up than an email account. Don’t get caught off-guard— just being a little knowledgeable about how company data is handled can go a long way.

When dealing with electronic records, in order to adhere to some of the more strict privacy laws, strong encryption needs to be applied when both storing and sharing documents. The encryption most accepted by government bodies and regulations is 256-bit Advanced Encryption Standard (AES). If you need to share a protected record, sending it as an email attachment is usually not safe enough. Using an encrypted channel for sharing files is the only way to ensure a document remains secure.

Data breaches happen to businesses all the time, and just because you were attacked from outside, doesn’t mean you’re not liable You can face fines from the government as well as lawsuits from other affected parties if there was any negligence on your part. Penalties for violating HIPPA can range from $100 to $50,000 per record, based on the type of violation. The maximum total penalty is $1.5 million, according to the Department of Health and Human Services.

Another important aspect of security is overseeing roles and permissions to ensure that only the right people have access to certain records. In the case of physical documents, this amounts to making sure the filing cabinets are locked, and only authorized personnel have the keys to unlock them. However, depending on the size of your organization and the number of records being passed around, this can be an inefficient system.

It’s also important to note that certain employee records need to be kept separate from their main personnel files. For example, according to HIPAA, medical records are private and need to be kept in a separate, secure place to prevent them from being accessed by unauthorized people.

This article is part of a series called Remote Work.