If you are using Windows you should be able to use Auditing Object Access and a policy to achieve this.
-Create a policy in the domain that is linked to an OU if you like.
-In audit policy under local policy, then go under auditing object access and make sure that failure and success is enabled. That way you can also view who is accessing those folders and files.
-Under properties for that folder or file go into the security tab.
-Choose the group and click on edit, change the permissions to Deny on all check boxes.
-The group you have selected should include everyone who should not be able to access those files.
-Only HR is excluded of that group.
-By auditing the folder and file you can see who has attempted to access it.