¶ Introduction and Today's Topic
Well, hi, everyone, and welcome to another ask an adviser podcast. I'm Daniel Williams, a senior editor at MGMA, We're always joined on ask an adviser with cohost and MGMA senior adviser, Christie Good. We have got a really cool topic today. We're gonna really look at a really big question that many practice administrators are asking. Can we go fully digital with employee files, or do we need to still hang on to those paper copies?
¶ The Digital Transition: Can Practices Go Fully Digital?
So this is an environmental question, but, no, we're really looking at it from the not from the climate, change perspective, but we're really looking at this from the perspective of the practices and the practice administrators. So, Christy, let's just kick this off. First of all, it's always good to see you.
Nice to see you too.
Alright. So let's look at this issue. I I was so happy when you sent this over because it is one of those things that there is something about having a physical file, but when so much is stored in a cloud or a drive of some type and people can access it that way, you know, it really gets down to that short answer for a question. Can practices make the switch to digital employee files?
Yeah. And the question came through our MGMA community, which I love, that, more questions are coming through our MGMA community asking peers such questions just for guidance. Like, what are other people doing? And so I keep reminding people that our MGMA community is a great place where you can ask your peers questions such as this.
Alright. Well, thank you for sharing that the origination of where these come from. And just as a reminder, everyone, that that community for MGMA is has really picked up. As Christie's saying, we've got community live, and we've got other outlets for you to connect with each other and to reach out to, the MGMA experts with that ask MGMA green button anywhere you go on the MGMA website. So let's look at this, question just in a short way here.
Can practices make the switch to digital employee files?
¶ Compliance and Legal Considerations
And the short answer is, yes, you could go fully digital, but you do have to make sure that you take some things into consideration. There are no federal laws requiring paper copies of employee files, but some states do have specific rules. And beyond compliances, practices just need to think about security, accessibility, and retention policies when making that transition.
Okay. Perfect. Alright. So we've got a lot to cover here in the next ten to twelve minutes or so, and we do like to keep this ask, MGMA segment pretty short. We wanna get right to the point and give you some tools. So let's start with compliance. If there are no federal law requiring paper copies, what legal issues do practice leaders need to keep in mind?
So at the federal level, there are key regulations that dictate how long certain records can must be kept, but not necessarily in what format. However, some states do require certain employee documents like termination records or signed agreements to be stored as hard copies. That's why it's crucial to check state specific laws before making the transition. And regardless of format, practices must meet HIPAA, EEOC, and OSHA compliance with handling employee records, especially when it comes to storing protective protected health information or injury reports.
Okay. So let's say a practice decides to go digital. They are committed to it. What are the best practices then for storing employee files securely in at that level?
¶ Best Practices for Secure Digital Storage
So security is key. Practices need to use a reliable document management system and make sure that the the data is encrypted. So protected files must be protected from unauthorized access, backup systems to make sure that records aren't lost due to, like, a system failure or an emergency, and then have access controls to limit file access to only authorized personnel. It's really important to have IT professionals involved in setting this up and maintaining these systems. And just like paper records, digital files should be organized and easily retrievable, whether for an internal audit or an employee request.
So, make sure also to keep an eye on any updates to those systems.
Okay. Yeah. That's the part that freaks me out. I mean, there is that fear that, you know, you have everything stored up into some system, whether it's a drive or wherever that's being kept, that what if that just goes away and you don't have the paper copy and it just totally freaks you out? I don't know. In your practice experience, I know you've been at MGMA now for seven to eight years. So back when you were at a practice last, did what did y'all do to make sure you had it?
For employee files, we had paper, but but, you know, I was part of that whole EHR transition, and we're we're trusting that everything in our EHR is gonna be backed up and stored and protected because those are patient records. Right? So you're still doing that same thing. These are employee records. These are patient records.
The key is to make sure you're backed up. And and often, you know, having that some places have a hard drive that they backed up back up to at night as well as the cloud, so they have a double backup, which is good, especially with just cyber as we've just had a recent, you know, certificate program on. It's very important with cybersecurity to to have backup, and maybe it's two ways to backup. One's an internal hard drive or one on your practice and the other one's the cloud. I mean, I have pictures right now in the cloud, and it I'm still gonna put those on the thumb drive for myself because I don't wanna lose my picture.
So I know we all that angst of what if we lose it? So having a you know, maybe out back up in two places, is a great way to just ensure that you have you will have it.
Yeah. Yeah. Well, thanks for sharing that personal experience with it. And I guess those pictures are like your son's doing hockey and things like that. You know?
But you don't want those pictures.
You do not. Absolutely not. Okay. So let's talk about retention periods. They're always a big question.
¶ Retention Periods for Employee Records
Can you walk us through how long different types of employee records need to be kept?
Yes. And we'll have this also in the podcast kinda article because I know some people wanna refer back to it, but I'll go over the main ones. The performance review should be kept at least two years after termination. Payroll records should be kept to four years to comply with IRS rules. Health and benefits records are usually general three generally three years after termination.
Drug test rules are results, I mean, retained usually for three years after termination. Job related injuries and illnesses are kept for five years under OSHA. The form I nine, you either keep that for three years after hire or one year after termination, whichever whichever is longer. And then EEO data forms are permanent. So these are federal guidelines, but, again, practices should always check with their state laws for any additional requirements.
That's a really good point. Yeah. Because there is that the the Fed rules and the state rules don't always match up. They often don't. And so, yeah, it is really important to keep track of both of those as well. So let's move on to the next aspect of this, and that's really getting down to document authenticity and legal validity. So if a practice scans and stores files digitally, are they considered legally valid?
¶ Ensuring Document Authenticity and Legal Validity
Yes. But they need to be the true representations of the original document. That means scanned copies should be complete, legible, and unaltered. So for additional security, some practices use a digital signature, which can also help verify authenticity. And if a practice ever needs to provide documentation in a legal situation, courts typically accept that digital record as long as they were stored properly and haven't been tampered with.
Okay. Next question. How should practices handle HIPAA compliance when digitizing records?
¶ HIPAA Compliance in Digital Records
Oh, HIPAA applies whenever you're dealing with protective health information. And I think sometimes people don't think about that, but it, you know, often is in employee files, which includes medical leave requests, disability accommodations, and drug test results. So to stay compliant with HIPAA, you need to make sure that you store your PHI in a secure encrypted system as we've talked about. You restrict access to only authorized personnel, and then you train staff on how to handle PHI securely. So it's just as important as in patient records, as in employee records, to be HIPAA compliant.
And, you know, that HIPAA violations can be costly. So Yeah. You definitely wanna make sure to review your policies regularly and make sure that the right protections are in place.
Yep. I love that. Okay. So switching from paper to digital sounds great in theory, but what's the best way to manage that transition?
¶ Managing the Transition to Digital
Actually, I'm making a I'll have a checklist here soon that'll be available to members online. But in general, kinda like five quick steps is to assure current records can be identified, your documents that you need digitizing. So make sure you're looking at everything and deciding which need to be digitized. Choose a secure storage system, which could be cloud based or on premise, or as I suggested, maybe both. Set clear retention and destruction policies.
So many people already have a retention policy or a destruction policy. That applies also then to these electronic files, and you won't maybe have to shred them, but you're still trying to figure out how do I destroy old ones, and then how do I, going forward, decide how long I'm keeping those electronic files. You need to train your staff to make sure everyone knows how to manage and access digital files, and then verify the transition, which means keep paper files until everything is confirmed as accurate and accessible. So, like, you should be testing. You should be making sure that everything you just uploaded, just like when you did your EHR and you went from paper patient paper files to your EHR.
You kept for a short bit of time. You tested. You made sure you had it. So, that is that's really key to making sure so you don't lose anything.
That is so valid. And, hey, as a added benefit, we may even save a tree or two. Who knows?
Exactly.
We just had y'all, we just had in, Denver, the Denver area, we just had a sort of a mini blizzard for about a day or two, and the sun's back out already. But it actually snapped like two or three pine trees in our neighborhood, Christy. Aw. I know. I know.
It a heavy snow.
It was a heavy, wet, heavy snow. So enough enough of the climate, y'all. Y'all can see that my brain is now just fixated on the weather outside. So with all that said, Christy, I love this conversation. It it makes perfect sense.
So employee record keeping is something every practice deals with in transitioning to digital files can make things more efficient if done the right way, and really appreciate your insights and wanted to let everybody know that we are going to put this information into the episode show notes. We're also gonna be creating an article that really hits the highlights of all of this, own MGMA.com, and we'll also direct you to some resources. Christie, you put together some really interesting resources. Any of those you just wanna just share where they came from with anybody here that are of import?
¶ Conclusion and Additional Resources
Sure. The EEOC has a recordkeeping requirements, and then SHRM, has we have a link to that, and they have a more detailed list of some of those specifics on what different types of records and how long. And then we have our HIPAA essentials course that people may just wanna get a refresher on HIPAA. And, you know, it's free to members, So I just recommend any of those. And, again, make sure you're checking with your legal and your IT because your IT are gonna be very important in helping you go to that fully digital situation.
Yeah. Well, great chatting with you again, Christy.
Thank you.
Alright. So until our next episode, everyone, just wanna say to y'all, again, look for that episode, the episode show notes. Also, look for that article that'll come out. And thank you all so much for being MGMA podcast listeners.