by Meg Whynot-Young
OSHA is proposing a new rule that eliminates the need for employers with 250 or more employees to submit form 300, “Log of Work-Related Injuries and Illnesses”, and form 301 “Injury and Illness Incident Report”, to OSHA in an effort to protect worker’s private information. OSHA is currently looking for public comment on the proposed rule. The comment period ends on September 28, 2018.
Currently, employers with 250 or more employees should have electronically submitted their forms 300 and 301 to OSHA as of the deadline of July 1, 2018. However, per the proposed rule on the federal register;
“OSHA will not enforce this deadline without further notice while this rulemaking is underway.”
This rule would not change the requirement to submit form 300A to OSHA. Form 300A summarizes injury and illness incident data without including the private information of individual workers.
The Preliminary Economic Analysis (PEA) estimates an annualized net cost savings of $8.2 million, should this rule be made effective.
Private Information Required on OSHA 301 Incident Report
A 301 Incident Report must be completed within seven calendar days of receiving information that a recordable injury or illness has occurred. An entry must be made on the 300 Log within the same timeframe.
Sensitive information such as the employee’s date of birth, gender, address, the name of their physician, and description of the injury or illness and how it happened are all included on form 301. However, OSHA will accept other equivalent forms such as, state workers compensation, and insurance forms (which could include even more private health information).
Some situations are considered a “privacy concern” in which case you must put “privacy case” instead of the person’s name on the OSHA 300 Log. These are identified as:
1) An injury or illness to an intimate body part or the reproductive system;
2) An injury or illness resulting from a sexual assault;
3) Mental illnesses;
4) HIV infection, hepatitis, or tuberculosis;
5) Needlestick injuries and cuts from sharp objects that are contaminated with another person’s blood or other potentially infectious material; and
6) Other illnesses, if the employee voluntarily requests that his or her name not be entered on the log.
Who can view OSHA’s Form 300, 300A, and 301?
All three forms must be made available to employees, former employees, their representatives and OSHA officials upon request. Some additional restrictions are placed on viewing form 301. If an employer wishes to disclose the 300 Log or form 301 to someone other than required by law (such as worker’s compensation insurance), all personally identifying information must be hidden or removed.
Form 300A which is a summary form and does not include personal information must be posted in the workplace in a conspicuous place no later than February 1 of the following year, and remain posted for three months until April 30th.
Fatalities must be reported to OSHA within eight hours of learning of its occurrence.
Under the current rule, establishments with 250 or more employees are required to submit electronically OSHA Forms 300 and 301 each year to OSHA. The proposed rule would require them to submit only the summary form 300A.
Only a few have submitted their comments to OSHA so far.
One comment brings up the concern that there is not enough information included in the summary form 300A to track the specific types of injuries.
The injury and illness categories included in the 300A Summary are; injuries, skin disorders, respiratory conditions, poisonings, hearing loss, and “all other illnesses”. What the summary form asks for is the number of incidents in each category, along with the total number of cases, total number of days away from work, and total number of days of job transfer or restriction.
With the information gathered from the summary sheet alone, OSHA will not be able to collect a significant data set on falls, repetitive motion injuries, caught-in-between injuries, electrocutions, or any other specific type of occupational injury or illness.
In another comment, someone cites the Bloodborne Pathogen Standard (1910.1030) requiring maintaining the name and social security number of an employee as part of a medical record for each employee with an occupational exposure and suggests using an employer-assigned identification number instead.
The Debate over Data
As technology has advanced our ability to produce, collect, and analyze data has increased exponentially. A commonly cited (but probably old) statistic states that we create 2.5 quintillion bytes of data each day on the internet alone and that we have produced ninety percent of the world’s data in the past two years.
Data, or big data, is used by businesses, policymakers, and industry leaders to make decisions and to even predict trends.
There are many federal agencies that are charged with gathering and publishing data, including the Bureau of Labor Statistics. So, the government collects our data, as do our doctors, our insurance companies, our banks, our schools, our employers, and we voluntarily input personal information on the internet every day. With so much data flying around, and so many incidents of data breaches, privacy is a huge concern.
Research scientists, particularly in public health, have benefitted immensely from having large data sets on disease and demographics made available to them. The CDC recently published an article on how the sharing of public health surveillance data helps prevent the spread of infectious diseases and global outbreaks.
So the question becomes, which is more important, privacy, or the ability to extract meaning from the data? Ideally, we could collect data without compromising privacy, but the more details that are included, the harder it is to protect an individual’s identity.
Bureau of Labor Statistics Occupational Injury and Illness Data
The Bureau of Labor Statistics (BLS) publishes occupational injury and illness statistics every year. This report informs occupational health and safety professionals and policymakers.
The BLS collects data from a cross-section of about 230,000 private businesses (which the agency recognizes as a relatively small sample size), agricultural companies with eleven or more employees, and participating state and local government establishments using the annual Survey of Occupational Injuries and Illnesses (SOII) and the Census of Fatal Occupational Injuries (CFOI).
Organizations selected to participate in the survey are notified a year in advance so that they can record the data, even if they are not covered under OSHA’s recordkeeping standard since smaller employers are included in the sample. Private industry employers are required by law to respond to the SOII, using either data they have recorded on the 300 log, form 300A, and form 301, or other records that track the same data.
The BLS was investigating ways to use the electronic submissions to OSHA to reduce the reporting burden on employers who might have to submit data to both BLS and OSHA. If the proposed change to the rule passes, then there will not be any duplicate reporting or data to share.
The BLS reports that it keeps the data reported by SOII respondents strictly confidential in accordance with the Bureau of Labor Statistics Data Integrity Guidelines and the Confidential Information Protection and Statistical Efficiency Act (CIPSEA) of 2002.
The proposed rule will not have any effect on the SOII, and selected private employers will still be required to submit the same data that is contained in the 300 log, form 301, and 300A to the BLS.