By Cortni Lawson, Founder & CEO, InfraNet HR
Employment risk intelligence starts with a hard truth: fragmented systems create blind spots you can't see until a charge, audit, or lawsuit connects the dots for you.
The Risk That Hides in Plain Sight
Your company has compliance systems. You track workers' compensation claims. You manage FMLA leave. You handle accommodations. You investigate complaints. You maintain OSHA records.
Each system works. Each system has an audit trail. Each system is defensible.
But here's what most companies don't realize: the real risk doesn't exist within a single system. It exists at the intersection of systems.
An employee files a workers' compensation claim. Separately, they request FMLA leave. Separately, they request an ADA accommodation. Separately, they file a safety complaint. Separately, they're terminated.
Individually, each event is documented and seems legitimate. Together, they tell a story of systematic discrimination and retaliation.
And if your systems don't talk to each other, you won't see the story until the EEOC shows it to you.
The Visibility Problem
Here's how it works at most companies:
Workers' compensation is managed by the HR person (or a TPA). That system has all the claim data, medical requirements, carrier communications.
OSHA safety is managed by the safety person. That system has injury records, safety complaints, corrective actions.
Leave is managed by another part of HR or payroll. That system has FMLA certifications, leave usage, return-to-work dates.
Accommodations are managed by HR but might be documented in the medical file, the leave system, or just email conversations.
Investigations are managed by HR in a case management system. That system has complaint intake, investigation notes, interview records.
Terminations are in the HRIS. That system has employment status, separation reason, final paychecks.
All of this is in different systems with different interfaces, different logins, different data formats.
Your HR person has five or six systems to check every morning. When they need to answer a question—"Did we take adverse action against employees who filed workers' compensation claims?"—they have to manually search through each system and assemble an answer.
And if they're overwhelmed (which they are, because they're managing all of this), they might not ask the question at all.
What Risk Looks Like Across Systems
Let me describe some patterns that are invisible in fragmented systems but obvious when you can see the full timeline.
Pattern 1: Retaliation Across Protected Activities
Employee A files a workers' comp claim. Two months later, they're terminated.
Employee B files a workers' comp claim. Three months later, they're terminated.
Employee C files a workers' comp claim. Two and a half months later, they're terminated.
Individually, each termination might be legitimate. But the pattern—three employees, all with prior comp claims, all terminated within 60-90 days of return—that's a pattern of retaliation.
If comp claims, return dates, and terminations are in different systems, nobody's asking the question. The pattern is invisible.
Pattern 2: Adverse Action Following Multiple Protected Activities
Employee requests FMLA leave. Approved. Takes the leave. Returns.
Shortly after return, they file an OSHA safety complaint.
Shortly after the complaint, they're written up for a performance issue that nobody mentioned before.
Shortly after that, their accommodation request (which was pending) gets denied without explanation.
One month later, they're terminated.
Each action might be defensible independently. But the timeline—a sequence of protected activities followed by adverse actions—that looks like retaliation across multiple domains.
If leave, safety complaints, accommodations, and employment actions are in different systems, nobody's seeing the timeline. The pattern is invisible.
Pattern 3: Concentrated Risk in One Manager or Department
Manager X has supervised 15 employees in the past 18 months.
Of those 15 employees:
- 5 filed workers' compensation claims
- 3 requested accommodations
- 2 filed safety complaints
- 4 filed discrimination complaints
- 6 were terminated
- 3 are currently on leave or in reduced capacity
That's not normal. That's a red flag.
But if termination data is in HRIS, claim data is in the workers' comp system, accommodation requests are scattered across files, and safety complaints are in the safety system, nobody's asking the question.
The pattern is invisible.
Pattern 4: Adverse Action Against a Protected Class
Over the past two years, your company has terminated 20 employees.
When you pull the data:
- 15 of the 20 were women
- 12 of the 20 had filed workers' compensation claims or taken FMLA leave
- 8 of the 20 had medical conditions or disabilities
- All 20 had filed some kind of complaint (safety, discrimination, accommodation, etc.) within 12 months of termination
You don't have a hiring problem. You have a termination problem. Specifically, you're terminating employees from protected classes at higher rates.
That's a pattern of discrimination. And the EEOC will notice it.
But if you're not correlating termination data with protected activity data, the pattern is invisible.
Why Fragmentation Makes Things Worse
It's not just that fragmented systems miss patterns. It's that fragmented systems enable violations.
When data is scattered, decision-makers don't have full context.
A manager decides to discipline an employee. The manager doesn't know the employee filed a workers' compensation claim three weeks ago. Doesn't know the discipline is coming suspiciously close to that claim. Doesn't know there's a pattern of similar actions against other employees.
The manager makes the decision in isolation, thinking it's legitimate.
Later, when you're defending the decision in litigation, you can't say, "We were following proper process." You have to say, "The manager didn't consider that context because the systems don't share that information."
That's not a defense. That's an admission.
The Legal Standard
The DOJ's September 2024 Compliance Program Guidance is explicit:
"An effective compliance program requires an organization to evaluate risks, implement controls, monitor for violations, and take corrective action."
For employment risk, that means:
- Evaluate risks: Do you have retaliation risk? Discrimination risk? Do certain managers or departments have higher concentrations of protected activity or adverse action?
- Implement controls: Do you have a process to detect retaliation patterns? Do you review decisions in the context of protected activities? Do you flag concerning timing?
- Monitor for violations: Do you regularly analyze employment data to look for patterns? Do you correlate protected activities with employment outcomes?
- Take corrective action: When you identify a risk, do you investigate? Do you counsel managers? Do you remediate?
If your systems are fragmented, you can't do any of that.
You can't evaluate risks without seeing all the data. You can't implement controls without integrated systems. You can't monitor for violations without correlation. You can't take corrective action without identification.
You have hope. You don't have a program.
What Visibility Requires
To have real visibility into employment risk, you need to be able to:
1. See the employee timeline
From hire to present: all events, all protected activities, all employment actions, all dates.
"Here's what happened to this employee: hired 2 years ago, filed comp claim 8 months ago, took FMLA leave 7 months ago, filed safety complaint 4 months ago, was written up 3 months ago, had accommodation request denied 2 months ago, terminated 1 month ago."
That timeline tells a story. The story is obvious when you see it all together.
2. Correlate timing
Did adverse action follow protected activity? How close was the timing?
"Accommodation request denied on March 15. Termination on April 12. 28 days later. That's concerning timing."
3. Identify patterns
Is this just one employee, or are there multiple employees with the same pattern?
"Employees A, B, and C all had the same sequence: accommodation request, adverse action within 30 days. That's a pattern."
4. Segment by manager, department, location, or protected class
"Manager X has terminated employees at 3x the rate of Manager Y. Employees terminated by Manager X are 80% from protected classes. That's a red flag."
5. Track protected activities across all types
Workers' comp claims. FMLA usage. OSHA complaints. Safety complaints. ADA requests. Discrimination complaints. Wage complaints. Union activity.
They're all "protected activities" under various federal laws. If you're only tracking one type, you're missing the full picture.
6. Document your analysis
You're not just catching patterns, you're documenting that you looked for them.
"We analyzed termination data against protected activity data and found no concerning patterns. Here's our methodology. Here's our findings."
That's documentation of a compliance program. That's what regulators want to see.
The Cost of Not Having Visibility
If you miss a pattern, you don't prevent a violation. You commit the violation and don't discover it until someone files a complaint.
If you miss a pattern, your defense is weak. You can't say, "We have controls to detect this." You have to say, "We didn't see it."
If you miss a pattern and it affects multiple employees, it becomes a systemic violation. One violation is bad. A pattern of violations is worse. It suggests a systemic failure, not an isolated incident.
If a pattern is discovered in litigation or investigation, it undermines your credibility. "You didn't have a system to detect this pattern, and when we discovered it, it was obvious to us immediately. What does that say about your compliance program?"
That's not a conversation you want to have.
The System Solution
The hard way: manually correlate data from multiple systems when someone asks a question.
Time-consuming. Error-prone. Reactive.
The smart way: have a system where:
- Protected activities are captured (comp claims, leave requests, OSHA complaints, accommodation requests, etc.)
- Employment actions are captured (discipline, terminations, hour changes, role changes)
- Timing is tracked automatically
- Patterns are visible and flagged
- Documentation of your analysis is maintained
Where you can ask, "Do we have retaliation risk?" and get a data-backed answer.
Where you can identify a concerning pattern and escalate before it becomes a lawsuit.
Where you have documentation showing you monitored for risk and found no concerning patterns (or found them and remediated).
That's what a real compliance program looks like.
What You Should Be Asking
If you're managing employment compliance, you should be asking:
- "Which employees have filed protected activities (comp claims, FMLA, OSHA complaints, accommodations, discrimination complaints)?"
- "Among those employees, what's the rate of adverse action?"
- "Is that rate higher than employees who didn't file protected activities?"
- "Are there any individual employees with multiple protected activities followed by adverse action?"
- "Are there any managers or departments with patterns of adverse action against employees with protected activities?"
- "Are employees from certain protected classes (women, minorities, older workers, people with disabilities) experiencing adverse action at higher rates?"
If you can't answer these questions quickly with data, you don't have visibility.
And if you don't have visibility, you have liability.
The Bottom Line
Compliance isn't about having policies. It's about having systems that work.
It's about being able to see patterns before they become problems. About being able to defend your decisions with data, not guesswork.
It's about having documentation showing you monitored for risk.
The companies that survive employment disputes are the ones with visibility. The ones that can point to data and say, "We looked for this risk and didn't find it. Here's how we looked. Here's what we found."
The companies that get sued are the ones that have fragmented systems and hope nothing goes wrong.
Hope isn't a compliance program.
Visibility is.