Ask MGMA: Digitizing Employee Records – Compliance, Security, and Best Practices for Healthcare Administrators
Download MP3Well, hi, everyone, and welcome to another ask an adviser podcast. I'm Daniel Williams, a senior editor at MGMA, We're always joined on ask an adviser with cohost and MGMA senior adviser, Christie Good. We have got a really cool topic today. We're gonna really look at a really big question that many practice administrators are asking. Can we go fully digital with employee files, or do we need to still hang on to those paper copies?
Daniel Williams:So this is an environmental question, but, no, we're really looking at it from the not from the climate, change perspective, but we're really looking at this from the perspective of the practices and the practice administrators. So, Christy, let's just kick this off. First of all, it's always good to see you.
Cristy Good:Nice to see you too.
Daniel Williams:Alright. So let's look at this issue. I I was so happy when you sent this over because it is one of those things that there is something about having a physical file, but when so much is stored in a cloud or a drive of some type and people can access it that way, you know, it really gets down to that short answer for a question. Can practices make the switch to digital employee files?
Cristy Good:Yeah. And the question came through our MGMA community, which I love, that, more questions are coming through our MGMA community asking peers such questions just for guidance. Like, what are other people doing? And so I keep reminding people that our MGMA community is a great place where you can ask your peers questions such as this.
Daniel Williams:Alright. Well, thank you for sharing that the origination of where these come from. And just as a reminder, everyone, that that community for MGMA is has really picked up. As Christie's saying, we've got community live, and we've got other outlets for you to connect with each other and to reach out to, the MGMA experts with that ask MGMA green button anywhere you go on the MGMA website. So let's look at this, question just in a short way here.
Daniel Williams:Can practices make the switch to digital employee files?
Cristy Good:And the short answer is, yes, you could go fully digital, but you do have to make sure that you take some things into consideration. There are no federal laws requiring paper copies of employee files, but some states do have specific rules. And beyond compliances, practices just need to think about security, accessibility, and retention policies when making that transition.
Daniel Williams:Okay. Perfect. Alright. So we've got a lot to cover here in the next ten to twelve minutes or so, and we do like to keep this ask, MGMA segment pretty short. We wanna get right to the point and give you some tools.
Daniel Williams:So let's start with compliance. If there are no federal law requiring paper copies, what legal issues do practice leaders need to keep in mind?
Cristy Good:So at the federal level, there are key regulations that dictate how long certain records can must be kept, but not necessarily in what format. However, some states do require certain employee documents like termination records or signed agreements to be stored as hard copies. That's why it's crucial to check state specific laws before making the transition. And regardless of format, practices must meet HIPAA, EEOC, and OSHA compliance with handling employee records, especially when it comes to storing protective protected health information or injury reports.
Daniel Williams:Okay. So let's say a practice decides to go digital. They are committed to it. What are the best practices then for storing employee files securely in at that level?
Cristy Good:So security is key. Practices need to use a reliable document management system and make sure that the the data is encrypted. So protected files must be protected from unauthorized access, backup systems to make sure that records aren't lost due to, like, a system failure or an emergency, and then have access controls to limit file access to only authorized personnel. It's really important to have IT professionals involved in setting this up and maintaining these systems. And just like paper records, digital files should be organized and easily retrievable, whether for an internal audit or an employee request.
Cristy Good:So, make sure also to keep an eye on any updates to those systems.
Daniel Williams:Okay. Yeah. That's the part that freaks me out. I mean, there is that fear that, you know, you have everything stored up into some system, whether it's a drive or wherever that's being kept, that what if that just goes away and you don't have the paper copy and it just totally freaks you out? I don't know.
Daniel Williams:In your practice experience, I know you've been at MGMA now for seven to eight years. So back when you were at a practice last, did what did y'all do to make sure you had it?
Cristy Good:For employee files, we had paper, but but, you know, I was part of that whole EHR transition, and we're we're trusting that everything in our EHR is gonna be backed up and stored and protected because those are patient records. Right? So you're still doing that same thing. These are employee records. These are patient records.
Cristy Good:The key is to make sure you're backed up. And and often, you know, having that some places have a hard drive that they backed up back up to at night as well as the cloud, so they have a double backup, which is good, especially with just cyber as we've just had a recent, you know, certificate program on. It's very important with cybersecurity to to have backup, and maybe it's two ways to backup. One's an internal hard drive or one on your practice and the other one's the cloud. I mean, I have pictures right now in the cloud, and it I'm still gonna put those on the thumb drive for myself because I don't wanna lose my picture.
Cristy Good:So I know we all that angst of what if we lose it? So having a you know, maybe out back up in two places, is a great way to just ensure that you have you will have it.
Daniel Williams:Yeah. Yeah. Well, thanks for sharing that personal experience with it. And I guess those pictures are like your son's doing hockey and things like that. You know?
Cristy Good:But you don't want those pictures.
Daniel Williams:You do not. Absolutely not. Okay. So let's talk about retention periods. They're always a big question.
Daniel Williams:Can you walk us through how long different types of employee records need to be kept?
Cristy Good:Yes. And we'll have this also in the podcast kinda article because I know some people wanna refer back to it, but I'll go over the main ones. The performance review should be kept at least two years after termination. Payroll records should be kept to four years to comply with IRS rules. Health and benefits records are usually general three generally three years after termination.
Cristy Good:Drug test rules are results, I mean, retained usually for three years after termination. Job related injuries and illnesses are kept for five years under OSHA. The form I nine, you either keep that for three years after hire or one year after termination, whichever whichever is longer. And then EEO data forms are permanent. So these are federal guidelines, but, again, practices should always check with their state laws for any additional requirements.
Daniel Williams:That's a really good point. Yeah. Because there is that the the Fed rules and the state rules don't always match up. They often don't. And so, yeah, it is really important to keep track of both of those as well.
Daniel Williams:So let's move on to the next aspect of this, and that's really getting down to document authenticity and legal validity. So if a practice scans and stores files digitally, are they considered legally valid?
Cristy Good:Yes. But they need to be the true representations of the original document. That means scanned copies should be complete, legible, and unaltered. So for additional security, some practices use a digital signature, which can also help verify authenticity. And if a practice ever needs to provide documentation in a legal situation, courts typically accept that digital record as long as they were stored properly and haven't been tampered with.
Daniel Williams:Okay. Next question. How should practices handle HIPAA compliance when digitizing records?
Cristy Good:Oh, HIPAA applies whenever you're dealing with protective health information. And I think sometimes people don't think about that, but it, you know, often is in employee files, which includes medical leave requests, disability accommodations, and drug test results. So to stay compliant with HIPAA, you need to make sure that you store your PHI in a secure encrypted system as we've talked about. You restrict access to only authorized personnel, and then you train staff on how to handle PHI securely. So it's just as important as in patient records, as in employee records, to be HIPAA compliant.
Cristy Good:And, you know, that HIPAA violations can be costly. So Yeah. You definitely wanna make sure to review your policies regularly and make sure that the right protections are in place.
Daniel Williams:Yep. I love that. Okay. So switching from paper to digital sounds great in theory, but what's the best way to manage that transition?
Cristy Good:Actually, I'm making a I'll have a checklist here soon that'll be available to members online. But in general, kinda like five quick steps is to assure current records can be identified, your documents that you need digitizing. So make sure you're looking at everything and deciding which need to be digitized. Choose a secure storage system, which could be cloud based or on premise, or as I suggested, maybe both. Set clear retention and destruction policies.
Cristy Good:So many people already have a retention policy or a destruction policy. That applies also then to these electronic files, and you won't maybe have to shred them, but you're still trying to figure out how do I destroy old ones, and then how do I, going forward, decide how long I'm keeping those electronic files. You need to train your staff to make sure everyone knows how to manage and access digital files, and then verify the transition, which means keep paper files until everything is confirmed as accurate and accessible. So, like, you should be testing. You should be making sure that everything you just uploaded, just like when you did your EHR and you went from paper patient paper files to your EHR.
Cristy Good:You kept for a short bit of time. You tested. You made sure you had it. So, that is that's really key to making sure so you don't lose anything.
Daniel Williams:That is so valid. And, hey, as a added benefit, we may even save a tree or two. Who knows?
Cristy Good:Exactly.
Daniel Williams:We just had y'all, we just had in, Denver, the Denver area, we just had a sort of a mini blizzard for about a day or two, and the sun's back out already. But it actually snapped like two or three pine trees in our neighborhood, Christy. Aw. I know. I know.
Cristy Good:It a heavy snow.
Daniel Williams:It was a heavy, wet, heavy snow. So enough enough of the climate, y'all. Y'all can see that my brain is now just fixated on the weather outside. So with all that said, Christy, I love this conversation. It it makes perfect sense.
Daniel Williams:So employee record keeping is something every practice deals with in transitioning to digital files can make things more efficient if done the right way, and really appreciate your insights and wanted to let everybody know that we are going to put this information into the episode show notes. We're also gonna be creating an article that really hits the highlights of all of this, own MGMA.com, and we'll also direct you to some resources. Christie, you put together some really interesting resources. Any of those you just wanna just share where they came from with anybody here that are of import?
Cristy Good:Sure. The EEOC has a recordkeeping requirements, and then SHRM, has we have a link to that, and they have a more detailed list of some of those specifics on what different types of records and how long. And then we have our HIPAA essentials course that people may just wanna get a refresher on HIPAA. And, you know, it's free to members, So I just recommend any of those. And, again, make sure you're checking with your legal and your IT because your IT are gonna be very important in helping you go to that fully digital situation.
Daniel Williams:Yeah. Well, great chatting with you again, Christy.
Cristy Good:Thank you.
Daniel Williams:Alright. So until our next episode, everyone, just wanna say to y'all, again, look for that episode, the episode show notes. Also, look for that article that'll come out. And thank you all so much for being MGMA podcast listeners.
