RAQs: Recently Asked Questions

Topic: Update on retention of health screening records - 04/29/2021
I am writing to update the excellent advice on the RAQ page from November 2020 in regards to the r...
Posted: Thursday, April 29, 2021 Permalink

MEMBER QUESTION

I am writing to update the excellent advice on the RAQ page from November 2020 in regards to the retention of health screening records in a school district, local government, or state agency (under a separate retention schedule.)

I just called the state archives to confirm the retention period of library employee daily health screenings using LGS-1. They referred me to item 792c (positive health screening) with a 6 year retention and 792d (negative health screening) with a 1 year retention. (pg: 210-211 in the schedule.)

They have also updated their guidance on records related questions for COVID-19 
http://www.archives.nysed.gov/records/documenting-government-response-to-covid-19

Thank you for answering the original question in November. I hope this update to the response is helpful.

WNYLRC ATTORNEY'S RESPONSE

First: thank you very much for your kind words and feedback.  Both are very appreciated, and I encourage users of the service to keep a dialogue going--the service is only as good as the questions and input that inspire it.

Second, just to recap my advice from the November, 2020 "Ask the Lawyer" referenced by the member, it boiled down to:

"With no clear bucket and no clear requirements, at this point, I have to answer that retention of proof of screening should be permanent."

Time, as they say, has marched on, and as the member states, the State Archives has offered some additional guidance on this topic.

Here's where I am at: I have reviewed the additional information referenced by the member, and despite that input, I am just not confident that the time periods in LGS-792 "c" and "d" are the right fit for records showing a public library's routine use of employee screening as part of their Safety Plan,[1] and I continued to advise that retention be permanent (at least for now).

Here are the three reasons for my continued hesitation:

Reason 1: LGS-1 792a-f have a clear application, and I am not certain a pandemic response is quite it

I appreciate that 792c, which is part of the "Public Health" section of the LGS-1, applies to a "positive report" of a screening, and 792d is for a "negative report of individual screened."

However, as the remaining sections of 792 show, 792 applies to screenings conducted for public health initiatives that also (might) use: summary reports, master indices of "participants," informed consent forms, and a log used to compile data extracted from the screen.  

Logs, data crunching, and "informed consent" are all part of a public health agency's toolbox for public health initiatives in response to concerns such as the transmission and impact of a dangerous virus like COVID-19.

But unlike the majority of such initiatives, which tackle challenges such as STD's, tuberculosis, and cancer, employee health screenings for COVID-19 symptoms are part of a much larger effort conducted as part of an emergency response.

Reason 2: Emergency response records under the LGS-1

Because of the "emergency response" aspect discussed above, when I first reviewed the original question, I considered the applicability of LGS-1 802 ("public health incident files") which pertains to "records related to public health emergencies, communicable disease occurrences, and epidemics." 

Under 802 (also referenced in the State Archive's resource linked by the member), the retention period for "[s]urveillance, investigation, and response records" created in response to an epidemic is THREE YEARS "after [the] outbreak has abated."

Are a public library's employee health screenings "surveillance, investigation, and response records" during a "public health incident?"  Since employers are required to report the names of employees who screen positive to their local health department--who then engage in contract tracing and outreach--I believe they could be, which debatably makes the retention period of employee screenings (positive or negative) three years.

However, even three years doesn't sit right with me.  Here is why:

Reason 3: The other reasons to keep the records

My original answer went a little beyond the scope of required retention, addressing not only the precise retention period that might be required by the NY Arts & Cultural Affairs Law,[2]  but also, the other factors a public library might wish to consider when determining how long to retain the records of employee screenings.[3]

These "other factors" include legal claims based on alleged non-compliance with required pandemic procedures, some of which could underlie personal injury claims, alleged civil rights violations or even a contract violation (which has a six-year statute of limitations).[4]

In the body of New York case law involving personal injury, civil rights, and contract claims against public libraries, one can see an interesting pattern: sometimes public libraries are treated as government agencies, and sometimes, they are not.[5]  This is why public libraries are often required by their municipality to have their own insurance.  This also means that while they might be held to the document retention standards of municipal agencies, sometimes, they won't have the legal protections of one.

My concern was--and strongly remains--that a process of purging documents that could demonstrate use of and adherence to screening programs will only disadvantage a library, even if the lost record was properly disposed of under the LGS-1.[6]  There are reasons beyond required retention to keep those records.  And without a clear directive on retention, I think it is best that a library keep a close hold on them.

In closing

I am sure no public library that documents input from State Archives about the applicable retention period and then purges negative screens after 1 year will be met with a penalty from the State

But as you can see in "Reason 3," the State is not my primary concern. 

With the benefit of 5 additional months since my original answer, I will take advantage of this chance to refine it to revise my above-quoted statement and change it to:

"Even when we get clear requirements, I have to answer that retention of proof of screening should be permanent, or at least until your library's attorney has determined that any advantage to the library created by retention is past, and your library has determined they are of no historical significance."

Thank you very much to the member for giving me the opportunity to re-visit this issue and to offer this updated (and hopefully improved) guidance.  I am sorry to cause you more use of storage room, but gratified to have the chance to offer this analysis!

 

Afternote:  Below are the relevant excerpts from LGS-1 792 and 802:

792 CO2 508, MU1 472, MI1 409

Results of screening programs, except lead poisoning

a          Summary reports on screening results: RETENTION: PERMANENT

b          Master index or listing of participants: RETENTION: 50 years

c          Positive report of individual screened, including statement of consent or participation   and authorization for release of information: RETENTION: 6 years, or 3 years after    individual attains age 18, whichever is longer

d          Negative report of individual screened, including statement of consent or participation   and authorization for release of information: RETENTION: 1 year

e          Log or other working record of screening and testing, used to compile statistics and other      data: RETENTION: 1 year

f           Anonymous H.I.V. test results and related records: RETENTION: 7 years

NOTE: Identifiable H.I.V. related records are covered by item nos. 743 and 745, and related laboratory records are covered by items in the Laboratory subsection.

 

802

Public health incident files, including records related to public health emergencies, communicable disease occurrences, and epidemics

a          Surveillance, investigation, and response records: RETENTION: 3 years after outbreak          has abated

 

...

NOTE: Appraise these records for historical significance prior to disposition. Records of unusual disease occurrences or epidemics may have continuing value for historical or other research and should be retained permanently. Contact the State Archives for additional advice.

 



[1] This "Ask the Lawyer," like the original, avoids the issue of whether a non-association library has decided it must follow its local government's safety plans, or generate its own, and under which order or mandate that safety plan and the library operates.  The last footnote will show you why!

[2] The Law that empowers the Archives to develop the LGS-1.

[3] FOIL and various claims of civil liability being the top reasons.

[4] What I said was: "Most people know that when you leave a paper trail, it can (with many exceptions) be used for—or against—you in court.  In the employee data arena, common uses of such evidence are labor law and civil rights claims."

[5] For a good case illustrating this, see the chain of cases here: Gilliard v. New York Pub. Library Sys., 597 F. Supp. 1069, 1074-75 (S.D.N.Y. 1984)  New York Public Library v. PERB, 45 A.D.2d 271, 274, 357 N.Y.S.2d 522 (1st Dept. 1974), aff'd, 37 N.Y.2d 752, 337 N.E.2d 136, 374 N.Y.S.2d 625 (1975); Rendell-Baker v. Kohn, 457 U.S. 830, 840, 102 S. Ct. 2764, 73 L. Ed. 2d 418 (1982)); Breytman v. New York Pub. Library, No, 05 Civ. 10453 (RMB) (FM), 2007 U.S. Dist. LEXIS 12769, 2007 WL 541693, at *2 (S.D.N.Y. Feb. 21, 2007),  Breytman v. New York Pub. Library, Dyckman Branch, 296 F. App'x 156 (2d Cir. 2008)

[6] Unless your library hasn't had a safety plan and hasn't been performing screenings, in which case, talk with your lawyer and consider the best way to mitigate your risks!

Tags: COVID-19, Emergency Response, Personnel Records, Records Management, Retention

Topic: Health assessment screening records - 11/05/2020
The public libraries in our region have been requiring staff to complete a health self-assessment ...
Posted: Thursday, November 5, 2020 Permalink

MEMBER QUESTION

The public libraries in our region have been requiring staff to complete a health self-assessment every day that they report to the building to work. Some of these libraries now have a collection of paper or electronic responses that date back to June.


How long should these records be kept? Two weeks? Two months? Forever?


And, not to complicate matters, but for municipal or school district public libraries, are these records, or portions thereof, subject to FOIL?

WNYLRC ATTORNEY'S RESPONSE

Records management is an art formed by the crossroads of life, law, and data.[1]

As soon as we saw that the state's "Template Safety Plan" required completion of employee health screening, the records management implications were clear. In fact, "Ask the Lawyer" has alluded to this very concern before.[2]  But the member's questions give us a really good focal point.

Here is some background, and then we'll tackle the member's questions:

As librarians know better than most people, information often falls into a variety of "buckets."

One of the biggest "buckets" of records that may sound familiar is the bucket labelled "evidence."  Most people know that when you leave a paper trail, it can (with many exceptions) be used for—or against—you in court.  In the employee data arena, common uses of such evidence are labor law and civil rights claims.

Another big bucket is "health care records" pertaining to individual people.  This type of information is protected by a complex array of state and federal law, rules, and regulations, and the obligations related to it change based on who is retaining them.  In the case of employers, the restrictions are generally rigid.

And of course, there are "municipal records" and "business records" both of which have a vast array of sub-classes and categories, depending on the municipality or the business (I don't know who has it worse, the records management office for a large city, or the records management office for an insurance company[3]).  Municipal employers are always having to balance transparency with accountability, sorting disclosable[4] data from data restricted due to employee privacy.

Very often, the records in one "bucket" also belong in another, which swaps the bucket analogy for your classic Venn Diagram.

                         Picture of circles overlapping each other

The member's question puts us squarely in a Venn Diagram comprised of sets (buckets) of:

  • Employee personnel file records;
  • Employee health-related records;
  • Compliance records;
  • [Possible] municipal records
  • [Possible] evidence.

Because of the different definitions and regulations defining and restricting the information in the buckets, it is critical to know what data you're keeping.  For instance, while employers are allowed to keep CONFIDENTIAL records related to employee health, COVID screening records are not supposed to contain such information—only the fact that a person was screened, and either made it through, or was denied access to the work site due to a screening factor.[5]

And with that....

How long should these records be kept? Two weeks? Two months? Forever?

Records showing that COVID screening and follow-up action[6] is being done as required, with no employee-specific information (like an employee's name coupled with their temperature, symptoms, or a positive diagnosis) included[7], is at the very least a compliance-related record, could be evidence in a lawsuit, and is (debatably) a municipal record.  This means it could be used to show compliance (or lack thereof), to prove liability (or lack thereof), and/or may be subject to FOIL (more on that in a moment).

But despite all that overlap, I can find no clear legal requirement to retain screening data.  The state's Executive Orders and guidance are silent on this, except for some areas where we can extrapolate retention (for instance, records kept for contact tracing must obviously be kept at least three weeks, since the whole point is timely notification within the window of exposure and possible illness).

Because I despise lawyering from a vacuum (I'd almost rather have bad guidance than no guidance) to see if any input could be gleaned from it, I took a long, hard look at the LGS-1[8], the "Local Government Schedule" of the New York Archives, which is the go-to text for questions related to municipal records retention.  

Clocking in at over 400 pages, this document, which went into effect in August, 2020, lists just about every type of municipal record imaginable...except it doesn't list "Executive Order Compliance," or any other category I felt safe basing a reply to this question on.

With no clear bucket and no clear requirements, at this point, I have to answer that retention of proof of screening should be permanent.

And, not to complicate matters, but for municipal or school district public libraries, are these records, or portions thereof, subject to FOIL?

While I imagine most of the readers who have hung on this deep into this answer already know it, I will mention: "FOIL" is New York's "Freedom of Information Law," which requires government agencies to disclose most records[9] related to their operations.

It is well-known that an association library is not subject to FOIL; on the flip side, it is generally held that a public library, which is established by government and "belong[s] to the public" [Education Law, §253(2)] is subject to the Freedom of Information Law. 

So, is the trove of information listed by the member subject to FOIL?  It's highly likely.

Why?

This question by the member brings us full circle on our buckets. While employee health records are most certainly exempt from disclosure under FOIL[10], the impersonal operational records of a FOIL-able library that is simply ensuring screening is happening might not be.

Therefore, a library that knows it is subject to FOIL should be ready to asses if it has to disclose its safety plan compliance records upon request.  However, in no event should such disclosure include employee names and related health information (disclosing a record with the name of the person or team in charge of monitoring compliance would be fine).

And there (complexities and all) you have it.

Thanks for a good records management-gymnastics-inducing question.

 

APPENDIX

From New York's "Interim COVID-19 Guidance for Curbside and In-Store Pickup Retail Business Activities"; record-generation triggers are highlighted in yellow.

A. Screening and Testing

• Responsible Parties must implement mandatory daily health screening practices.
o Screening practices may be performed remotely (e.g. by telephone or electronic survey), before the employee reports to the retail location, to the extent possible; or may be performed on site.

o Screening should be coordinated to prevent employees from intermingling in close contact with each other prior to completion of the screening.

o At a minimum, screening should be required of all workers and essential visitors (but not customers) and completed using a questionnaire that determines whether the worker or visitor has:

(a) knowingly been in close or proximate contact in the past 14 days with anyone who has tested positive for COVID-19 or who has or had symptoms of COVID-19,

(b) tested positive for COVID-19 in the past 14 days, or
(c) has experienced any symptoms of COVID-19 in the past 14 days.

• According to CDC guidance on “Symptoms of Coronavirus,” the term “symptomatic” includes employees who have the following symptoms or combinations of symptoms: fever, cough, shortness of breath, or at least two of the following symptoms: fever, chills, repeated shaking with chills, muscle pain, headache, sore throat, or new loss of taste or smell. Responsible Parties should require employees to immediately disclose if and when their responses to any of the aforementioned questions changes, such as if they begin to experience symptoms, including during or outside of work hours.

  • Daily temperature checks may also be conducted per Equal Employment Opportunity Commission or DOH guidelines. Responsible Parties are prohibited from keeping records of employee health data (e.g. temperature data).
  • Responsible Parties must ensure that any personnel performing screening activities, including temperature checks, are appropriately protected from exposure to potentially infectious employees or visitors entering the retail location. Personnel performing screening activities should be trained by employer-identified individuals who are familiar with CDC, DOH, and OSHA protocols.
  • Screeners should be provided and use PPE, including at a minimum, a face mask, and may include gloves, a gown, and/or a face shield.
  • An employee who screens positive for COVID-19 symptoms should not be allowed to enter the worksite and should be sent home with instructions to contact their healthcare provider for assessment and testing. Responsible parties must immediately notify the local health department and DOH about the suspected case. Responsible parties should provide the employee with information on healthcare and testing resources.
  • An employee who has responded that they have had close contact with a person who is confirmed or suspected for COVID-19 may not be allowed to enter the retail location without abiding by the precautions outlined below and the Responsible Parties has documented the employee’s adherence to those precautions.
  • Responsible Parties must review all employee and visitor responses collected by the screening process on a daily basis and maintain a record of such review. Responsible Parties must also identify a contact as the party for employees to inform if they later are experiencing COVID-19-related symptoms, as noted in the questionnaire.
  • Responsible parties must designate a site safety monitor whose responsibilities include continuous compliance with all aspects of the site safety plan.
  • To the extent possible, Responsible Parties should maintain a log of every person, including workers and visitors, who may have close contact with other individuals at the work site or area; excluding deliveries that are performed with appropriate PPE or through contactless means. Log should contain contact information, such that all contacts may be identified, traced and notified in the event an employee is diagnosed with COVID-19. Responsible Parties must cooperate with local health department contact tracing efforts.
  • Responsible parties cannot mandate that customers complete a health screen or provide contact information but may encourage customers to do so. Responsible Parties may provide an option for customers to provide contact information so they can be logged and contacted for contact tracing, if necessary.
  • Employers and employees should take the following actions related to COVID-19 symptoms and contact:

o If an employee has COVID-19 symptoms AND EITHER tests positive for COVID-19 OR did not receive a test, the employee may only return to work after completing a 14-day self-quarantine. If an employee is critical to the operation or safety of a facility, the Responsible Parties may consult their local health department and the most up-to-date CDC and DOH standards on the minimum number of days to quarantine before an employee is safely able to return to work with additional precautions to mitigate the risk of COVID-19 transmission.

o If an employee does NOT have COVID-19 symptoms BUT tests positive for COVID-19, the employee may only return to work after completing a 14-day self-quarantine. If an employee is critical to the operation or safety of a facility, the Responsible Parties may consult their local health department and the most up-to-date CDC and DOH standards on the minimum number of days to quarantine before an employee is safely able to return to work with additional precautions to mitigate the risk of COVID-19 transmission.

o If an employee has had close contact with a person with COVID-19 for a prolonged period of time AND is symptomatic, the employee should notify the Responsible Parties and follow the above protocol for a positive case.

o If an employee has had close contact with a person with COVID-19 for a prolonged period of time AND is NOT symptomatic, the employee should notify the Responsible Parties and adhere to the following practices prior to and during their work shift, which should be documented by the Responsible Parties:

  1.  Regular monitoring: As long as the employee does not have a temperature or symptoms, they should self-monitor under the supervision of their employer’s occupational health program.
  2.  Wear a mask: The employee should wear a face mask at all times while in the workplace for 14 days after last exposure.
  3. Social distance: Employee should continue social distancing practices, including maintaining, at least, six feet distance from others.
  4. Disinfect and clean work spaces: Continue to clean and disinfect all areas such as offices, bathrooms, common areas, and shared electronic equipment routinely.

o If an employee is symptomatic upon arrival at work or becomes sick during the day, the employee must be separated and sent home immediately, following the above protocol for a positive case.

B. Tracing and Tracking

  • Responsible Parties must notify the local health department and DOH immediately upon being informed of any positive COVID-19 test result by a worker at their site.
  • In the case of an employee, visitor, or customer who interacted at the business testing positive, the Responsible Parties must cooperate with the local health department to trace all contacts in the workplace and notify the health department of all employees logged and visitors/customers (as applicable) who entered the retail location dating back to 48 hours before the employee began experiencing COVID-19 symptoms or tested positive, whichever is earlier, but maintain confidentiality as required by federal and state law and regulations.
  • Local health departments will implement monitoring and movement restrictions of infected or exposed persons including home isolation or quarantine.
  • Employees who are alerted that they have come into close or proximate contact with a person with COVID-19, and have been alerted via tracing, tracking or other mechanism, are required to self- report to their employer at the time of alert and shall follow all required protocols as if they had been exposed at work.

 



[1] I spend a lot of time at this crossroads; so much so that If I ever find myself in line at the DMV next to a Hollywood agent, I have a pitch for a show: An archivist, a lawyer, an IT expert, a chemist, and a rogue town clerk, united by a traumatic loss of data, form an unlikely alliance to fight for justice, truth, and the use of acid-free paper.  Called "For the Record", each episode would start with a Core Reveal (like a surveyor moving property line pins in the dark), while the rest of the episode would show the Team disentangling the plot. While “For the Record” would hinge on plot devices like hidden scrolls, encrypted data, and HVAC systems gone wild, what will really keep audiences coming back for more would of course be an elaborate, over-arching plot line involving the census, adoption records, and the complicated emotional lives of the protagonists. If any agent out there wants to take me up on this, I promise an epic, solid seven-season run.

And with that out of my system, I will answer the question.

[3] Actually, I do know: the city employee.  There is never enough money in a city budget to manage records properly. 

[4] One of the primary ways such information is subject to disclosure is Article VI of the Public Officer's Law, or FOIL.  There is a big FOIL fight going on right now over law enforcement disciplinary records, and my firm is in the thick of it.

[6] By "follow-up action," I mean the things an employer is required to do as a result of screening.  If your library determines that it must follow the NYS requirements for retail, I have put those at the end of this answer, and highlighted in yellow the different COVID SCREENING RECORDS they will generate.

[7] Remember, anything specific to the employee (temperature, a positive diagnosis, disclosure of symptoms) are separate, confidential employee health records and should not be retained, or should be retained in confidence as required by ADA.

[8] Found at: http://www.archives.nysed.gov/common/archives/files/lgs1.pdf.  WARNING!  This is a rabbit hole.  Have coffee and a protein bar on hand if you start reading it.

[9] There are, of course, a ton of exceptions, including health records of employees.

[10] FOIL §89(2)(b).

 

Tags: COVID-19, Personnel Records, Retention

Topic: Optional removal of materials from personnel records - 6/29/2020
The library is using NYS Archives and Civil Service references to set personnel and payroll files ...
Posted: Monday, June 29, 2020 Permalink

MEMBER QUESTION

The library is using NYS Archives and Civil Service references to set personnel and payroll files records retention and disposition.

A question arose regarding employee rights to request removal of materials from personnel records.

The committee’s question was specifically about removal of a negative matter after the minimum required retention time had elapsed.

In this instance there was no question about the accuracy of the record nor was there litigation involved or anticipated.

WNYLRC ATTORNEY'S RESPONSE

There are a lot of little details to address in considering this question, but first, there is one big principle I must emphasize. When it comes to records retention—and especially when it comes to employee-related records—nothing should be discretionary.

In other words, if an employer wants to create a process where every corrective action plan,[1] performance evaluation, employment-related investigation, or incident report is removed after its minimum retention period has elapsed, that is fine. However, unless it is a benefit that has been carefully negotiated and confirmed in a contract,[2] there should be no process for an employee to initiate optional removal of materials, and by no means should that process require the employer to make a “yes” or “no” decision.

The moment personnel records that could be interpreted as “negative” become subject to an employee-initiated, optional procedure, the employer, simply by having such a procedure, has: 1) admitted that possibility that the materials could have a negative impact on the employee; 2) created a system where such material could be retained inadvertently; and 3) set up a scenario where such a request could accidentally or deliberately be denied or perceived as somehow subject for debate, potentially triggering the possibility of a complaint, litigation, or a damage claim.[3]

Unless retention is being considered for historic/archival purposes, record retention or destruction should never be discretionary (and of course, the decision to retain certain records for historic/archival purposes should be based on objective criteria).  The best approach for management of employee performance-related records is simply that they be retained as required, or be purged when no longer needed, based purely on the category (not the substance) of the records’ content.[4]

So, my answer to this question is: there should be no process for an employee to request optional removal of negative materials from a personnel file. Rather, the removal of material from personnel files should only happen per uniformly and routinely applied policy.[5]  If a negative review or incident report has served its purpose and is no longer needed,[6] it may be removed as part of the routine purging policy and process. If it is still needed, it should be retained.  There should be no middle ground; it creates risk.  If your library is part of a collective bargaining agreement or uses contracts that include this approach, employees should all be notified and trained on how to exercise these rights.

Thank you for an insightful question.



[1] Just in case you are new to the Human Resources world, a “corrective action plan” is a time-limited plan with a clearly articulated goal and measurable steps to address a performance concern.  Here is an example of a properly formulated Corrective Action Plan, taken from my domestic life: “To ensure optimal vegetable growth and family cohesion, for the next eight weeks, every family member will spend no less than ten minutes weeding per day.  To enable verification, family members will place uprooted weeds on the Stick Pile.”  Now, here is an improperly formulated version: “If you Ingrates don’t help me in the garden today, I will put a dead thistle by your pillow tonight.”  Both techniques can, of course, yield results, but only one wins the “Happiest Workplace” award.

[2] Of course, a collective bargaining agreement could create the right to request removal of accurate information from a personnel file.  Again, however, because such a discretionary approach might not be exercised or even known by all employees, I don't see this as a fair or helpful clause (to either employees, or the employer).  A better option would be a simple records purge, or a purge tied to an objective performance metric (“after three years of ‘satisfactory’ reviews, this Corrective Action Plan will be removed from the employee’s record”).

[3] These are all the “little details” I mention in the opening sentence, but as you can see, they aren’t so little.

[4] With all due consideration of privacy.

[5] This could include, by the way, a Corrective Action Plan process with a “self-destruct” measure for the guts of the “negative” issue.  In other words, the CAP policy itself could say “Upon satisfactory completion of a Corrective Action Plan, after # years, the only record retained will be the summary note confirming successful completion of a Plan of Improvement.”  But again, this should be per a uniformly applied policy, not a discretionary request.

[6] By “needed,” I mean, among other things, that proof of the remedial action taken by the employer is no longer required to protect the employer.  While many policies base this on statutes of limitations, most only start the clock after the employee’s period of employment is over, and that, in my view, is generally the most prudent choice.

Tags: Employee Rights, Management, Policy, Retention, Personnel Records

The WNYLRC's "Ask the Lawyer" service is available to members of the Western New York Library Resources Council. It is not legal representation of individual members.