Controlling Access to Confidential Cases in Your HR Case Management System

By | Data Security | Leave a comment

confidential data

IT help systems and customer relationship management (CRM) systems have much in common with HR case management solutions. However, what distinguishes the finest HR-specific systems from the rest is the ability to virtually (and often literally) hide confidential tickets from all but specific authorized users.

The level of confidentiality needed in generic CRM systems simply does not demand a true lockdown of sensitive cases required by HR. Without this capability, HR would be at risk of breaking HIPAA and other regulations.

Defining what is confidential, and the degree of confidentiality, should start with the employee’s new case entry. By defining general levels of confidentiality in case categories (e.g., “Disputes”) and subcategories (e.g., “sexual harassment issues”), the employee can select a specific topic and therefore indicate the need for privacy in the matter. Proper workflow setup ensures that not only will the case be routed strictly to the authorized specialist(s), but only that person or persons can even view the case. Unauthorized eyes won’t even know the case exists, whether in reports or by conducting a case search.

Comprehensive systems like LBi HR Help Desk additionally provide the employee with the ability to request how they want to be contacted (i.e., in-person, phone call, etc.). By selecting “in-person”, email notifications are automatically turned off. This is a critical feature because email is notoriously NOT HIPAA compliant.

While some case types do require a total lockdown, others are less sensitive and just need to be protected from unauthorized edits and changes. LBi HR Help Desk allows users to define levels of confidentiality. For instance, payroll specialists generally have more access to employee data (e.g., wage rates, garnishes, etc.) and should be the only case owners for payroll issues. LBi HR Help Desk ensures that all payroll cases are routed exclusively to the payroll department, and if configured, those cases will only be visible to payroll users.

Many IT help systems, and frankly some popular HR Help Desk products, use email extensively for notifications, workflow, messaging, and more. What good is a confidential case when HR and employees engage in email (or Chat) dialogs during the course of managing the case? Though the actual case may be protected, all of those email threads are definitely not! LBi provides live employee-to-HR interactions (written conversations similar to chat) and HR-to-HR interactions directly within the case record, bypassing unsecure email and chat systems.

It is important to understand the original purpose of business software solution before attempting to fit a round peg into a square hole. Most CRM systems are designed for sales force automation and general customer support. IT help solutions are mostly for managing employee IT issues, such as internet access, printer problems, PC glitches, etc. The developers of those systems may attempt to build in HR-centric features, but in most cases they fall short in one or more of the critical features detailed above.

If security, privacy, and confidentiality are mission-critical in HR systems, start and end your solution search with a product designed strictly for HR by HR experts. If you want to dig deeper into why an HR-dedicated Help Desk system is crucial to HR service excellence, download our white paper, “Case Management: The Backbone of Excellence in HR Service Delivery.”