Do Background Checks Expire? When to Rescreen and Why It Matters

The short answer is no — there's no legal expiration date on a background check. A report that cleared an employee three years ago doesn't automatically become invalid. What expires is its relevance: a check tells you who someone was on the day it ran, and nothing about the months and years that followed. Here's how to build a rescreening cadence that closes that gap.

Do background checks expire?

The short answer is no — there is no legal expiration date on a background check. A background check that cleared an employee three years ago doesn't automatically become invalid. The information in that report was accurate at the time it was collected and documented.

What does expire — or more precisely, what deteriorates — is the relevance of that information. A background check tells you who someone was at the moment the check ran. It tells you nothing about the months and years that followed. An employee with a clean record in 2022 can have a DUI conviction in 2023, a fraud charge in 2024, and a sex offender registration in 2025 — none of which would appear in a 2022 background check that was never followed up.

The practical implication for employers is this: a background check is not a permanent clearance. It is time-limited evidence of a person's record up to a specific date. What happens after that date requires a separate mechanism to detect — either a periodic rescreen or continuous monitoring.

There is one important legal nuance: under the Fair Credit Reporting Act, you cannot reuse the information from a prior background check for a new employment decision. Each new screening decision — a promotion, a role change, a periodic rescreen — requires a fresh report with fresh consent. The old report cannot be "refreshed" or "reactivated." A new check must be ordered.

Why rescreening matters

The legal theory that makes rescreening a risk management necessity — not just a best practice — is negligent retention. Negligent retention is a legal claim that holds an employer liable for keeping someone in a role after they should have known that person posed a risk to others. Courts have found employers liable when monitoring tools existed and weren't used, when an employee's criminal history became relevant to their role and no one discovered it, and when an organization couldn't demonstrate it maintained reasonable, ongoing oversight of people in positions of trust.

Negligent hiring asks what you knew before you hired someone. Negligent retention asks what you knew — or should have known — during employment.

A clean background check at hire can protect you from a negligent hiring claim. It provides no protection against a negligent retention claim if the employee's circumstances changed after hire and you had no mechanism to detect it.

For employers whose workforce includes people in positions of trust — financial authority, access to vulnerable populations, driving, security clearance — the combination of periodic rescreening and continuous monitoring is the only defensible response to this legal exposure.

Not sure how often your roles should be rescreened? Take the 2-minute screening fit assessment — six questions about your workforce, then a tailored rescreening cadence and monitoring recommendation by role risk.

Start assessment

How long is a background check good for? A practical framework

There is no universal federal rule specifying how often employees must be rescreened. What exists is a combination of industry-specific regulations, state mandates, funder and insurer requirements, and documented best practice. Here's how to think about rescreening frequency by role risk level.

High-risk roles — annual rescreening (minimum)

Any employee or volunteer with regular access to children, elderly individuals, clinical patients, financial accounts, or security-sensitive systems should be rescreened at least annually. These are roles where the consequences of a post-hire incident — and the failure to detect it — are most severe.

High-risk industries & role types

K-12 education — teachers, aides, coaches, counselors, and other staff with student access
Healthcare — clinical staff, caregivers, home health aides, and anyone involved in patient care or federal healthcare billing
Financial services — employees with authority over accounts, trading, or client funds
Childcare and youth programs — daycare workers, camp counselors, youth coaches, after-school program staff
Transportation and logistics — commercial drivers, fleet operators, and DOT-regulated roles
Government contractors — particularly those with security clearance or access to federal data

For most of these roles, annual rescreening alone may not be sufficient. Continuous monitoring — which watches for new criminal activity in real time rather than on a scheduled basis — is increasingly the standard in regulated industries and among organizations that have examined their actual post-hire exposure window. For more on how continuous monitoring works alongside rescreening, see What Is Continuous Monitoring?

Moderate-risk roles — every one to two years

Employees who handle sensitive data, make decisions affecting others, manage or supervise staff, or have access to physical facilities and systems should be rescreened every one to two years. Their access level creates real risk even without direct contact with vulnerable populations — managers and supervisors, IT administrators, HR professionals with access to employee records, procurement staff, and anyone who handles personally identifiable information in bulk.

Lower-risk roles — every two to three years (or at role change)

Employees in supervised, limited-access roles with no responsibility for vulnerable populations or sensitive systems can be rescreened on a longer cycle — every two to three years — unless a role change, a reported concern, or a regulatory requirement triggers an earlier rescreen.

The non-negotiable rule: rescreen at every role change

Regardless of when the last check ran, any time an employee moves into a higher-risk position — from supervised to unsupervised, from limited access to financial or data authority, from individual contributor to manager — a new background check should be required. The original check was scoped to a lower-risk role. The new role requires fresh verification. Role changes reset the rescreening clock.

Specific triggers that warrant an immediate rescreen

Beyond scheduled rescreening cycles, several events should trigger an immediate check regardless of timing:

Events that reset the clock

A promotion or significant role change. New access level, new check.
A merger or acquisition. When two organizations combine, their screening standards almost certainly differ. An employee from the acquired organization who cleared a less rigorous check should be rescreened to the acquiring organization's standard.
A reported workplace incident. If a concern arises — a harassment complaint, a theft allegation, a suspicious absence pattern — a focused rescreen may support the investigation while maintaining due process. Document the decision and apply it consistently.
A return from extended leave. An employee returning from a long leave — particularly if unscheduled or unexplained — may warrant a rescreen depending on their role and the circumstances.
Contract or seasonal staff returning for a new term. A returning camp counselor isn't automatically safe because they passed a check two years ago. For any role involving vulnerable populations, a new check at each engagement period is the defensible standard.
An expiring professional license or credential. For regulated roles requiring active licensure — healthcare workers, licensed professionals, CDL drivers — expiration or revocation of a credential is a triggering event for review.

How the FCRA applies to rescreening

This is the compliance gap that catches employers most often: the Fair Credit Reporting Act applies fully to rescreens — not just pre-hire checks. Every time a third-party Consumer Reporting Agency runs a background check on an existing employee, all FCRA obligations apply:

Fresh written disclosure — a new standalone disclosure that a consumer report may be obtained, separate from any prior authorization
Fresh written consent — a new authorization from the employee before the check is initiated; the original onboarding consent does not cover subsequent checks
Adverse action procedures — if a rescreen surfaces information and the employer is considering adverse action (reassignment, suspension, termination), the full pre-adverse and adverse action notice sequence applies: a copy of the report, a summary of rights, a waiting period to dispute, and a final notice if the action proceeds

Rescreening an employee without fresh consent is an FCRA violation. Running a rescreen and taking adverse action without following the notice sequence is a second FCRA violation. Both are common errors in employer rescreening programs — and both are entirely preventable with a compliant platform that automates these steps. For a step-by-step guide to the adverse action process, see Background Check Compliance Explained: FCRA Guide.

Additionally, ban-the-box laws and state-specific restrictions on what records can be considered apply to rescreening decisions just as they apply to initial hiring decisions. Washington State's Fair Chance Act update effective July 2026 extends ban-the-box protections to internal promotion decisions — meaning an employer in Washington cannot consider criminal history when deciding whether to promote an existing employee without following the same individualized assessment process required at hire.

The gap between rescreens — and what fills it

The honest limitation of periodic rescreening — even annual — is the window it leaves open. A school employee who has a qualifying incident in February won't be detected until the next annual check in September unless something else catches it. That's a seven-month exposure window in a role with direct student access.

Continuous monitoring closes that window. Rather than scheduling checks on a calendar, continuous monitoring watches for new criminal activity, sex offender registry changes, and other reportable events for enrolled individuals in real time — alerting administrators the moment something appears in the record, not at the next scheduled check date.

The model that regulated industries and safety-conscious organizations are moving toward is not periodic rescreening or continuous monitoring. It's both: a comprehensive periodic rescreen as the scheduled checkpoint, with continuous monitoring running between those checkpoints to catch anything that can't wait until next year.

Bchex's Chex365 continuous monitoring platform was built for exactly this use case — monitoring hundreds of thousands of employees, volunteers, and contractors in real time, with alerts that reach HR or safety administrators the moment a monitored individual has new reportable activity.

Building a written rescreening policy

A rescreening program only provides legal protection if it is written down, applied consistently, and enforced uniformly. An undocumented, ad hoc practice that applies different standards to different employees is not a program — it's a pattern of inconsistency that creates discrimination exposure and undermines defensibility if challenged.

What a compliant written policy includes

Role-based rescreening tiers — which roles require annual, every one-to-two-year, or every two-to-three-year rescreening
Triggering event provisions — which events require an immediate rescreen regardless of the scheduled cycle
Consent and disclosure procedures — how fresh authorization is collected before each rescreen
Adjudication standards — the criteria used to evaluate rescreen results consistently across all employees in the same role
Continuous monitoring enrollment criteria — which roles are enrolled in ongoing monitoring and why
Documentation requirements — how rescreening decisions and results are recorded and retained

Apply the policy uniformly. Document every decision. Review the policy at least annually — state laws change, and a policy that was compliant last year may have gaps today.

How Bchex supports employee rescreening

Bchex Core Screening + Chex365

Initial checks, rescreens, and real-time monitoring — on one PBSA-accredited platform.

Bchex Core Screening handles both initial checks and rescreens through the same platform — with automated FCRA disclosure and consent workflows built into every order, so fresh authorization is collected correctly before each rescreen without requiring HR to manage it manually.

For employers implementing a rescreening program for the first time, the platform supports role-based package configuration — different screening packages for different risk tiers — so each rescreen is appropriately scoped to the current role rather than defaulting to a one-size-fits-all package.

Chex365 continuous monitoring runs alongside scheduled rescreens to close the gap between annual check dates — providing real-time criminal activity alerts for enrolled employees so nothing waits until the next scheduled check to surface.

Bchex is PBSA-accredited, with independently audited accuracy standards and compliance workflows that apply equally to rescreens and initial checks.

FCRA

Fresh disclosure & consent automated on every rescreen

24/7

Chex365 monitoring closes the gap between scheduled checks

PBSA

Independently audited accuracy & compliance standards

FAQs about background check expiration and rescreening

Do background checks expire?+

No — there is no legal expiration date on a background check. A check from three years ago remains a valid record of what was true at that time. What deteriorates is its relevance: a background check is a snapshot, and the longer it goes without a follow-up, the more time has passed during which circumstances could have changed significantly.

How often should employees be rescreened?+

It depends on role risk level. High-risk roles — employees with access to children, clinical patients, financial accounts, or security-sensitive systems — should be rescreened at least annually. Moderate-risk roles every one to two years. Lower-risk, supervised roles every two to three years. Any role change that increases access or responsibility triggers an immediate rescreen regardless of when the last check ran.

Does the FCRA apply to employee rescreening?+

Yes — fully. Each rescreen requires a new standalone written disclosure and fresh written consent from the employee before the check is initiated. If a rescreen surfaces information that may support an adverse employment decision, the full FCRA pre-adverse and adverse action process applies. The original onboarding consent does not cover subsequent checks. For the full compliance walkthrough, see our FCRA compliance guide.

Can I reuse the results of a previous background check for a new employment decision?+

No. Under the FCRA, you cannot use information from a prior consumer report for a new employment decision. Each new decision — a promotion, a role change, a periodic rescreen — requires a fresh report ordered with fresh consent for that specific purpose.

What is the difference between rescreening and continuous monitoring?+

Rescreening is a periodic, scheduled check — running a new comprehensive background check on a defined cycle (annually, every two years, etc.). Continuous monitoring watches for new criminal activity in real time between those scheduled checks — alerting administrators when a monitored individual has new reportable activity rather than waiting until the next check date. Annual rescreening leaves up to 364 days of exposure. Continuous monitoring closes that window. For high-risk roles, both are recommended together. See What Is Continuous Monitoring?

Are there industries where rescreening is legally required?+

Yes. Healthcare employers billing federal programs are required to check the OIG exclusion list on an ongoing basis. DOT-regulated employers have specific MVR monitoring requirements for commercial drivers. Many state laws mandate rescreening at defined intervals for school employees, childcare workers, and volunteers serving vulnerable populations. Check your industry's regulatory requirements and your liability carrier's policy terms — funder requirements often go further than legal minimums.

What happens if a rescreen surfaces a criminal record that wasn't there at hire?+

The FCRA's full adverse action process applies — the same as it would for a pre-hire check that returned a record. The employee receives a pre-adverse action notice with a copy of the report and a summary of rights, a waiting period to dispute inaccurate information, and a final adverse action notice if the employment decision proceeds. An individualized assessment under EEOC guidance is also required — the nature of the offense, the time elapsed, and the relevance to the specific role must be evaluated before any adverse decision is made.

The bottom line

Background checks don't expire — but their usefulness does. A clean report from three years ago tells you who someone was in that moment and nothing about who they've become since. The employers who take post-hire risk seriously build a rescreening cadence that matches role risk level, trigger immediate rescreens at role changes and significant events, collect fresh consent for every check, follow the FCRA adverse action process when rescreen results require action, and layer continuous monitoring on top for roles where an annual blind spot is unacceptable. That combination is what a real screening program looks like — not a one-time check filed away at hire.

Build a program that closes the post-hire gap

Find your rescreening cadence in 2 minutes

Answer six questions about your workforce and get a tailored rescreening cadence and continuous-monitoring recommendation by role risk — PBSA-accredited, FCRA-compliant, built for organizations that can't afford to be the last to know.

Take the 2-minute assessment → Or talk to the Bchex team