I am writing to update the excellent advice on the RAQ page from November 2020 in regards to the retention of health screening records in a school district, local government, or state agency (under a separate retention schedule.)
I just called the state archives to confirm the retention period of library employee daily health screenings using LGS-1. They referred me to item 792c (positive health screening) with a 6 year retention and 792d (negative health screening) with a 1 year retention. (pg: 210-211 in the schedule.)
They have also updated their guidance on records related questions for COVID-19 http://www.archives.nysed.gov/records/documenting-government-response-to-covid-19
Thank you for answering the original question in November. I hope this update to the response is helpful.
First: thank you very much for your kind words and feedback. Both are very appreciated, and I encourage users of the service to keep a dialogue going--the service is only as good as the questions and input that inspire it.
Second, just to recap my advice from the November, 2020 "Ask the Lawyer" referenced by the member, it boiled down to:
"With no clear bucket and no clear requirements, at this point, I have to answer that retention of proof of screening should be permanent."
Time, as they say, has marched on, and as the member states, the State Archives has offered some additional guidance on this topic.
Here's where I am at: I have reviewed the additional information referenced by the member, and despite that input, I am just not confident that the time periods in LGS-792 "c" and "d" are the right fit for records showing a public library's routine use of employee screening as part of their Safety Plan,[1] and I continued to advise that retention be permanent (at least for now).
Here are the three reasons for my continued hesitation:
Reason 1: LGS-1 792a-f have a clear application, and I am not certain a pandemic response is quite it
I appreciate that 792c, which is part of the "Public Health" section of the LGS-1, applies to a "positive report" of a screening, and 792d is for a "negative report of individual screened."
However, as the remaining sections of 792 show, 792 applies to screenings conducted for public health initiatives that also (might) use: summary reports, master indices of "participants," informed consent forms, and a log used to compile data extracted from the screen.
Logs, data crunching, and "informed consent" are all part of a public health agency's toolbox for public health initiatives in response to concerns such as the transmission and impact of a dangerous virus like COVID-19.
But unlike the majority of such initiatives, which tackle challenges such as STD's, tuberculosis, and cancer, employee health screenings for COVID-19 symptoms are part of a much larger effort conducted as part of an emergency response.
Reason 2: Emergency response records under the LGS-1
Because of the "emergency response" aspect discussed above, when I first reviewed the original question, I considered the applicability of LGS-1 802 ("public health incident files") which pertains to "records related to public health emergencies, communicable disease occurrences, and epidemics."
Under 802 (also referenced in the State Archive's resource linked by the member), the retention period for "[s]urveillance, investigation, and response records" created in response to an epidemic is THREE YEARS "after [the] outbreak has abated."
Are a public library's employee health screenings "surveillance, investigation, and response records" during a "public health incident?" Since employers are required to report the names of employees who screen positive to their local health department--who then engage in contract tracing and outreach--I believe they could be, which debatably makes the retention period of employee screenings (positive or negative) three years.
However, even three years doesn't sit right with me. Here is why:
Reason 3: The other reasons to keep the records
My original answer went a little beyond the scope of required retention, addressing not only the precise retention period that might be required by the NY Arts & Cultural Affairs Law,[2] but also, the other factors a public library might wish to consider when determining how long to retain the records of employee screenings.[3]
These "other factors" include legal claims based on alleged non-compliance with required pandemic procedures, some of which could underlie personal injury claims, alleged civil rights violations or even a contract violation (which has a six-year statute of limitations).[4]
In the body of New York case law involving personal injury, civil rights, and contract claims against public libraries, one can see an interesting pattern: sometimes public libraries are treated as government agencies, and sometimes, they are not.[5] This is why public libraries are often required by their municipality to have their own insurance. This also means that while they might be held to the document retention standards of municipal agencies, sometimes, they won't have the legal protections of one.
My concern was--and strongly remains--that a process of purging documents that could demonstrate use of and adherence to screening programs will only disadvantage a library, even if the lost record was properly disposed of under the LGS-1.[6] There are reasons beyond required retention to keep those records. And without a clear directive on retention, I think it is best that a library keep a close hold on them.
In closing
I am sure no public library that documents input from State Archives about the applicable retention period and then purges negative screens after 1 year will be met with a penalty from the State.
But as you can see in "Reason 3," the State is not my primary concern.
With the benefit of 5 additional months since my original answer, I will take advantage of this chance to refine it to revise my above-quoted statement and change it to:
"Even when we get clear requirements, I have to answer that retention of proof of screening should be permanent, or at least until your library's attorney has determined that any advantage to the library created by retention is past, and your library has determined they are of no historical significance."
Thank you very much to the member for giving me the opportunity to re-visit this issue and to offer this updated (and hopefully improved) guidance. I am sorry to cause you more use of storage room, but gratified to have the chance to offer this analysis!
Afternote: Below are the relevant excerpts from LGS-1 792 and 802:
792 CO2 508, MU1 472, MI1 409
Results of screening programs, except lead poisoning
a Summary reports on screening results: RETENTION: PERMANENT
b Master index or listing of participants: RETENTION: 50 years
c Positive report of individual screened, including statement of consent or participation and authorization for release of information: RETENTION: 6 years, or 3 years after individual attains age 18, whichever is longer
d Negative report of individual screened, including statement of consent or participation and authorization for release of information: RETENTION: 1 year
e Log or other working record of screening and testing, used to compile statistics and other data: RETENTION: 1 year
f Anonymous H.I.V. test results and related records: RETENTION: 7 years
NOTE: Identifiable H.I.V. related records are covered by item nos. 743 and 745, and related laboratory records are covered by items in the Laboratory subsection.
802
Public health incident files, including records related to public health emergencies, communicable disease occurrences, and epidemics
a Surveillance, investigation, and response records: RETENTION: 3 years after outbreak has abated
...
NOTE: Appraise these records for historical significance prior to disposition. Records of unusual disease occurrences or epidemics may have continuing value for historical or other research and should be retained permanently. Contact the State Archives for additional advice.
[1] This "Ask the Lawyer," like the original, avoids the issue of whether a non-association library has decided it must follow its local government's safety plans, or generate its own, and under which order or mandate that safety plan and the library operates. The last footnote will show you why!
[2] The Law that empowers the Archives to develop the LGS-1.
[3] FOIL and various claims of civil liability being the top reasons.
[4] What I said was: "Most people know that when you leave a paper trail, it can (with many exceptions) be used for—or against—you in court. In the employee data arena, common uses of such evidence are labor law and civil rights claims."
[5] For a good case illustrating this, see the chain of cases here: Gilliard v. New York Pub. Library Sys., 597 F. Supp. 1069, 1074-75 (S.D.N.Y. 1984) New York Public Library v. PERB, 45 A.D.2d 271, 274, 357 N.Y.S.2d 522 (1st Dept. 1974), aff'd, 37 N.Y.2d 752, 337 N.E.2d 136, 374 N.Y.S.2d 625 (1975); Rendell-Baker v. Kohn, 457 U.S. 830, 840, 102 S. Ct. 2764, 73 L. Ed. 2d 418 (1982)); Breytman v. New York Pub. Library, No, 05 Civ. 10453 (RMB) (FM), 2007 U.S. Dist. LEXIS 12769, 2007 WL 541693, at *2 (S.D.N.Y. Feb. 21, 2007), Breytman v. New York Pub. Library, Dyckman Branch, 296 F. App'x 156 (2d Cir. 2008)
[6] Unless your library hasn't had a safety plan and hasn't been performing screenings, in which case, talk with your lawyer and consider the best way to mitigate your risks!
Tags: COVID-19, Emergency Response, Personnel Records, Records Management, Record Retention
The public libraries in our region have been requiring staff to complete a health self-assessment every day that they report to the building to work. Some of these libraries now have a collection of paper or electronic responses that date back to June.
How long should these records be kept? Two weeks? Two months? Forever?
And, not to complicate matters, but for municipal or school district public libraries, are these records, or portions thereof, subject to FOIL?
Records management is an art formed by the crossroads of life, law, and data.[1]
As soon as we saw that the state's "Template Safety Plan" required completion of employee health screening, the records management implications were clear. In fact, "Ask the Lawyer" has alluded to this very concern before.[2] But the member's questions give us a really good focal point.
Here is some background, and then we'll tackle the member's questions:
As librarians know better than most people, information often falls into a variety of "buckets."
One of the biggest "buckets" of records that may sound familiar is the bucket labelled "evidence." Most people know that when you leave a paper trail, it can (with many exceptions) be used for—or against—you in court. In the employee data arena, common uses of such evidence are labor law and civil rights claims.
Another big bucket is "health care records" pertaining to individual people. This type of information is protected by a complex array of state and federal law, rules, and regulations, and the obligations related to it change based on who is retaining them. In the case of employers, the restrictions are generally rigid.
And of course, there are "municipal records" and "business records" both of which have a vast array of sub-classes and categories, depending on the municipality or the business (I don't know who has it worse, the records management office for a large city, or the records management office for an insurance company[3]). Municipal employers are always having to balance transparency with accountability, sorting disclosable[4] data from data restricted due to employee privacy.
Very often, the records in one "bucket" also belong in another, which swaps the bucket analogy for your classic Venn Diagram.
The member's question puts us squarely in a Venn Diagram comprised of sets (buckets) of:
Because of the different definitions and regulations defining and restricting the information in the buckets, it is critical to know what data you're keeping. For instance, while employers are allowed to keep CONFIDENTIAL records related to employee health, COVID screening records are not supposed to contain such information—only the fact that a person was screened, and either made it through, or was denied access to the work site due to a screening factor.[5]
And with that....
How long should these records be kept? Two weeks? Two months? Forever?
Records showing that COVID screening and follow-up action[6] is being done as required, with no employee-specific information (like an employee's name coupled with their temperature, symptoms, or a positive diagnosis) included[7], is at the very least a compliance-related record, could be evidence in a lawsuit, and is (debatably) a municipal record. This means it could be used to show compliance (or lack thereof), to prove liability (or lack thereof), and/or may be subject to FOIL (more on that in a moment).
But despite all that overlap, I can find no clear legal requirement to retain screening data. The state's Executive Orders and guidance are silent on this, except for some areas where we can extrapolate retention (for instance, records kept for contact tracing must obviously be kept at least three weeks, since the whole point is timely notification within the window of exposure and possible illness).
Because I despise lawyering from a vacuum (I'd almost rather have bad guidance than no guidance) to see if any input could be gleaned from it, I took a long, hard look at the LGS-1[8], the "Local Government Schedule" of the New York Archives, which is the go-to text for questions related to municipal records retention.
Clocking in at over 400 pages, this document, which went into effect in August, 2020, lists just about every type of municipal record imaginable...except it doesn't list "Executive Order Compliance," or any other category I felt safe basing a reply to this question on.
With no clear bucket and no clear requirements, at this point, I have to answer that retention of proof of screening should be permanent.
And, not to complicate matters, but for municipal or school district public libraries, are these records, or portions thereof, subject to FOIL?
While I imagine most of the readers who have hung on this deep into this answer already know it, I will mention: "FOIL" is New York's "Freedom of Information Law," which requires government agencies to disclose most records[9] related to their operations.
It is well-known that an association library is not subject to FOIL; on the flip side, it is generally held that a public library, which is established by government and "belong[s] to the public" [Education Law, §253(2)] is subject to the Freedom of Information Law.
So, is the trove of information listed by the member subject to FOIL? It's highly likely.
Why?
This question by the member brings us full circle on our buckets. While employee health records are most certainly exempt from disclosure under FOIL[10], the impersonal operational records of a FOIL-able library that is simply ensuring screening is happening might not be.
Therefore, a library that knows it is subject to FOIL should be ready to asses if it has to disclose its safety plan compliance records upon request. However, in no event should such disclosure include employee names and related health information (disclosing a record with the name of the person or team in charge of monitoring compliance would be fine).
And there (complexities and all) you have it.
Thanks for a good records management-gymnastics-inducing question.
APPENDIX
From New York's "Interim COVID-19 Guidance for Curbside and In-Store Pickup Retail Business Activities"; record-generation triggers are highlighted in yellow.
A. Screening and Testing
• Responsible Parties must implement mandatory daily health screening practices.
o Screening practices may be performed remotely (e.g. by telephone or electronic survey), before the employee reports to the retail location, to the extent possible; or may be performed on site.
o Screening should be coordinated to prevent employees from intermingling in close contact with each other prior to completion of the screening.
o At a minimum, screening should be required of all workers and essential visitors (but not customers) and completed using a questionnaire that determines whether the worker or visitor has:
(a) knowingly been in close or proximate contact in the past 14 days with anyone who has tested positive for COVID-19 or who has or had symptoms of COVID-19,
(b) tested positive for COVID-19 in the past 14 days, or
(c) has experienced any symptoms of COVID-19 in the past 14 days.
• According to CDC guidance on “Symptoms of Coronavirus,” the term “symptomatic” includes employees who have the following symptoms or combinations of symptoms: fever, cough, shortness of breath, or at least two of the following symptoms: fever, chills, repeated shaking with chills, muscle pain, headache, sore throat, or new loss of taste or smell. Responsible Parties should require employees to immediately disclose if and when their responses to any of the aforementioned questions changes, such as if they begin to experience symptoms, including during or outside of work hours.
o If an employee has COVID-19 symptoms AND EITHER tests positive for COVID-19 OR did not receive a test, the employee may only return to work after completing a 14-day self-quarantine. If an employee is critical to the operation or safety of a facility, the Responsible Parties may consult their local health department and the most up-to-date CDC and DOH standards on the minimum number of days to quarantine before an employee is safely able to return to work with additional precautions to mitigate the risk of COVID-19 transmission.
o If an employee does NOT have COVID-19 symptoms BUT tests positive for COVID-19, the employee may only return to work after completing a 14-day self-quarantine. If an employee is critical to the operation or safety of a facility, the Responsible Parties may consult their local health department and the most up-to-date CDC and DOH standards on the minimum number of days to quarantine before an employee is safely able to return to work with additional precautions to mitigate the risk of COVID-19 transmission.
o If an employee has had close contact with a person with COVID-19 for a prolonged period of time AND is symptomatic, the employee should notify the Responsible Parties and follow the above protocol for a positive case.
o If an employee has had close contact with a person with COVID-19 for a prolonged period of time AND is NOT symptomatic, the employee should notify the Responsible Parties and adhere to the following practices prior to and during their work shift, which should be documented by the Responsible Parties:
o If an employee is symptomatic upon arrival at work or becomes sick during the day, the employee must be separated and sent home immediately, following the above protocol for a positive case.
B. Tracing and Tracking
[1] I spend a lot of time at this crossroads; so much so that If I ever find myself in line at the DMV next to a Hollywood agent, I have a pitch for a show: An archivist, a lawyer, an IT expert, a chemist, and a rogue town clerk, united by a traumatic loss of data, form an unlikely alliance to fight for justice, truth, and the use of acid-free paper. Called "For the Record", each episode would start with a Core Reveal (like a surveyor moving property line pins in the dark), while the rest of the episode would show the Team disentangling the plot. While “For the Record” would hinge on plot devices like hidden scrolls, encrypted data, and HVAC systems gone wild, what will really keep audiences coming back for more would of course be an elaborate, over-arching plot line involving the census, adoption records, and the complicated emotional lives of the protagonists. If any agent out there wants to take me up on this, I promise an epic, solid seven-season run.
And with that out of my system, I will answer the question.
[2] See "Ask the Lawyer" https://www.wnylrc.org/ask-the-lawyer/raqs/163 and https://www.wnylrc.org/ask-the-lawyer/raqs/144.
[3] Actually, I do know: the city employee. There is never enough money in a city budget to manage records properly.
[4] One of the primary ways such information is subject to disclosure is Article VI of the Public Officer's Law, or FOIL. There is a big FOIL fight going on right now over law enforcement disciplinary records, and my firm is in the thick of it.
[5] https://www.governor.ny.gov/sites/governor.ny.gov/files/atoms/files/offices-interim-guidance.pdf
[6] By "follow-up action," I mean the things an employer is required to do as a result of screening. If your library determines that it must follow the NYS requirements for retail, I have put those at the end of this answer, and highlighted in yellow the different COVID SCREENING RECORDS they will generate.
[7] Remember, anything specific to the employee (temperature, a positive diagnosis, disclosure of symptoms) are separate, confidential employee health records and should not be retained, or should be retained in confidence as required by ADA.
[8] Found at: http://www.archives.nysed.gov/common/archives/files/lgs1.pdf. WARNING! This is a rabbit hole. Have coffee and a protein bar on hand if you start reading it.
[9] There are, of course, a ton of exceptions, including health records of employees.
[10] FOIL §89(2)(b).
The library is using NYS Archives and Civil Service references to set personnel and payroll files records retention and disposition.
A question arose regarding employee rights to request removal of materials from personnel records.
The committee’s question was specifically about removal of a negative matter after the minimum required retention time had elapsed.
In this instance there was no question about the accuracy of the record nor was there litigation involved or anticipated.
There are a lot of little details to address in considering this question, but first, there is one big principle I must emphasize. When it comes to records retention—and especially when it comes to employee-related records—nothing should be discretionary.
In other words, if an employer wants to create a process where every corrective action plan,[1] performance evaluation, employment-related investigation, or incident report is removed after its minimum retention period has elapsed, that is fine. However, unless it is a benefit that has been carefully negotiated and confirmed in a contract,[2] there should be no process for an employee to initiate optional removal of materials, and by no means should that process require the employer to make a “yes” or “no” decision.
The moment personnel records that could be interpreted as “negative” become subject to an employee-initiated, optional procedure, the employer, simply by having such a procedure, has: 1) admitted that possibility that the materials could have a negative impact on the employee; 2) created a system where such material could be retained inadvertently; and 3) set up a scenario where such a request could accidentally or deliberately be denied or perceived as somehow subject for debate, potentially triggering the possibility of a complaint, litigation, or a damage claim.[3]
Unless retention is being considered for historic/archival purposes, record retention or destruction should never be discretionary (and of course, the decision to retain certain records for historic/archival purposes should be based on objective criteria). The best approach for management of employee performance-related records is simply that they be retained as required, or be purged when no longer needed, based purely on the category (not the substance) of the records’ content.[4]
So, my answer to this question is: there should be no process for an employee to request optional removal of negative materials from a personnel file. Rather, the removal of material from personnel files should only happen per uniformly and routinely applied policy.[5] If a negative review or incident report has served its purpose and is no longer needed,[6] it may be removed as part of the routine purging policy and process. If it is still needed, it should be retained. There should be no middle ground; it creates risk. If your library is part of a collective bargaining agreement or uses contracts that include this approach, employees should all be notified and trained on how to exercise these rights.
Thank you for an insightful question.
[1] Just in case you are new to the Human Resources world, a “corrective action plan” is a time-limited plan with a clearly articulated goal and measurable steps to address a performance concern. Here is an example of a properly formulated Corrective Action Plan, taken from my domestic life: “To ensure optimal vegetable growth and family cohesion, for the next eight weeks, every family member will spend no less than ten minutes weeding per day. To enable verification, family members will place uprooted weeds on the Stick Pile.” Now, here is an improperly formulated version: “If you Ingrates don’t help me in the garden today, I will put a dead thistle by your pillow tonight.” Both techniques can, of course, yield results, but only one wins the “Happiest Workplace” award.
[2] Of course, a collective bargaining agreement could create the right to request removal of accurate information from a personnel file. Again, however, because such a discretionary approach might not be exercised or even known by all employees, I don't see this as a fair or helpful clause (to either employees, or the employer). A better option would be a simple records purge, or a purge tied to an objective performance metric (“after three years of ‘satisfactory’ reviews, this Corrective Action Plan will be removed from the employee’s record”).
[3] These are all the “little details” I mention in the opening sentence, but as you can see, they aren’t so little.
[4] With all due consideration of privacy.
[5] This could include, by the way, a Corrective Action Plan process with a “self-destruct” measure for the guts of the “negative” issue. In other words, the CAP policy itself could say “Upon satisfactory completion of a Corrective Action Plan, after # years, the only record retained will be the summary note confirming successful completion of a Plan of Improvement.” But again, this should be per a uniformly applied policy, not a discretionary request.
[6] By “needed,” I mean, among other things, that proof of the remedial action taken by the employer is no longer required to protect the employer. While many policies base this on statutes of limitations, most only start the clock after the employee’s period of employment is over, and that, in my view, is generally the most prudent choice.
Tags: Employee Rights, Management, Policy, Record Retention, Personnel Records
