Human Resources Confidentiality - A training course for HR professionals

Purpose

Review, understand and acknowledge:

·         The importance of confidentiality

·         The role of confidentiality in HR

·         The practices, policies and procedures for handling confidential information

What Is Confidentiality?

·         A requirement for employees to hold in confidence privileged employee information in all forms of communication, including written, spoken and electronic means, to ensure the credibility and integrity of the information.

·         Commonwealth of Pennsylvania human resources personnel are guardians of confidential information.

Why is it important?

·         We are responsible to assure and maintain the trust of fellow employees by protecting their personal information.

·         HR staff dealing with health benefits must also abide by the Health Insurance Portability and Accountability Act (HIPAA) and its Privacy Rule concerning the disclosure of Protected Health Information (PHI).

What Information Is Considered Confidential?

Privileged employee information

·         Personal data (month and day of birth, marital status, home address, home phone numbers, SSN)

·         Bank account information

·         Salary

·         Job status changes

·         Protected health information (PHI)

Handling Confidential Information

·         As an HR employee, you are entrusted to treat all information you handle as confidential.

·         You are responsible to protect customer and employee information.

·         Confidential information may not be shared with another co-worker unless it is business related.

·         What you see and hear at work stays at work. Confidential information cannot be shared outside the workplace.

·         A breach in confidentiality affects the credibility and operational integrity of HR.

·         Non-compliance or blatant infractions of confidentiality policy, practices and procedures can result in disciplinary action, up to and including termination of employment.

Improper Sharing of Confidential Information

Confidential information can be improperly conveyed through personal interactions — by phone or email, in person, at lunch, in the elevator.

Examples

·         Tanya is processing a highly confidential back pay award to make an employee whole. Tanya shares the details and amount of money the employee will be receiving with her friend, Josta, who works in another agency and knows the employee.

·         Joe, an employee in labor relations, participates in discussions regarding contract negotiations. Friday after work, at the local watering hole, Joe shares pending contract details with friends who work in other agencies.

·         Erin, the agency timekeeper, tells her co-worker Helen that another co-worker, Brad, has a large negative leave balance.

 

What Steps Should I Take to Protect Confidential Information?

Personal interactions — be aware of unintended listeners

·         Confidential and personal employee information is not to be verbally repeated where others can overhear.

·         Only discuss confidential information when you have a valid business requirement for doing so.

Improper Sharing of Confidential Information

Confidential information can be improperly conveyed through

·       Paperwork — notes on scrap paper, supporting documentation, investigations, applications

·         Forms — new hire, SPF, enrollment

Examples

·       Carley is processing an E-PAR to promote John Doe to an HR Analyst 3 position. Carley’s friend Esther also applied for the position. Carley invites Esther to stop by her desk and, when she does, Carley directs Esther’s attention to the E-PAR.

·        Jamal, the agency Workers’ Compensation Coordinator, attends a workers’ compensation hearing. As part of his job he has a copy of the hearing transcript. Jamal gives the transcript to Isaac to read. Isaac’s job duties do not involve workers’ compensation.

·        Sally, an agency SPF Coordinator, receives SPF documentation from a co-worker. At the end of Sally’s workday, the SPF application remains on her desk. Lilly, who works a later shift in the same building, stops by to visit Sally. Seeing that Sally has gone for the day, Lilly takes the liberty to read through the SPF application.

What Steps Should I Take to Protect Confidential Information?

Paperwork and forms — be aware when leaving your workstation

·         Put away or cover up paperwork and forms when unattended

·         Do not leave paperwork and forms available for access by non-authorized individuals

Improper Sharing of Confidential Information

Confidential information can be improperly conveyed through

·         Reporting — overtime summaries, retirement reports, projected turnover analysis, fire drill rosters

·         Use of HR systems — SAP, E-PAR, CRM, OrgPublisher

Examples

·       Bill ran a report that provided a listing of every commonwealth employee’s personnel number, marital status and salary. He noticed some of his old classmates on the report and at his class reunion that weekend shared the information with some of his friends.

·       My neighbor Stella, a former state employee, and I are mutual friends with a married couple, Jenny and Steve Smith. I just processed the PEBTF-2 to remove Jenny from Steve’s benefits due to divorce. We had no idea that there was any trouble in their marriage. I email Stella to share the news that Jenny and Steve are no longer married.

·       An employee calls to correct his bank account information and states that he does not have access to ESS or a computer. He stresses that it is imperative that the change is made immediately. To confirm, the HR Rep repeats the correct account information and makes the change in SAP without a signed Direct Deposit Authorization Form. 

What Steps Should I Take to Protect Confidential Information?

·        SAP screens, electronic documents — minimize the pertinent window(s) when a co-worker approaches your desk

·         Reporting — remain aware of public versus private information

Use of HR Systems

·         HR systems are to be utilized only to conduct commonwealth business

·         Management Directive 505.18 Maintenance, Access, and Release of Employee Information

Inappropriate use includes (but is not limited to):

·         Making personal inquiries

Example

Brad met Millicent from another agency in a training session.  He found her very attractive and wants to get to know her better.  Brad forgot to get her phone number during break.  Brad could just get her work number in Outlook or, better yet, he can look up her home number in SAP.

·         Performing transactions on yourself or immediate family (this does not apply to an employee’s use of employee self service)

Example

·         Allison participates in Family Care Account Program and is ready to submit her first reimbursement request. Allison works in HR. She wants to save time so she decides to input the reimbursement request directly into SAP herself.

Use of HR System

Inappropriate use includes (but is not limited to):

·       Non-compliance with Management Directive 505.18 Maintenance, Access and Release of Employee Information.

Example

·       Maya is curious to know how much some of her co-workers and supervisor earn. During her lunch break, she looks up everyone’s salary in SAP.

What steps Should I Take to Protect My Access to HR Systems?

·       Confidential employee information available via HR Systems is not to be left unattended or made available for access by non-authorized individuals. Lock your PC when away from your desk.

·       Exercise care in the use and maintenance of your security codes and passwords so that no one else can access confidential employee info under your employee number.

Keep in mind…

·       Violation of principles and policies related to confidentiality may result in disciplinary action, up to and including termination.

Keep in mind… HIPAA Violations

·       Federal law imposes penalties ranging from $100 to $250,000 and —where criminal actively is proven — up to 10 years in prison.

·       The most severe penalties are for willful disclosure of Protected Health Information (PHI).

What if I have questions?

If you have any questions regarding the confidentiality of employee information, the handling of confidential information or concerns about violations, speak with your supervisor.

This version of the course is intended for individuals who require an accommodation for a disability. Once you have fully reviewed the information in this training, contact your Human Resources Office to request credit for completing this course.

You will not receive credit for completing this course until you do so.