Less than one week before the July 1 compliance date, OSHA officials delayed a new electronic recordkeeping rule that’s being challenged in more than one federal courtroom.

The U.S. Department of Labor (DOL) announced that the new compliance date would be Dec. 1, giving OSHA five months more to review “questions of law and policy.”
The rule would require about 466,000 employers nationwide to file their Form 300A summaries of workplace injuries and illnesses with OSHA electronically. It has been controversial in large part because employers dislike the idea that OSHA plans to publish some of their injury and illness data online.

Employers have also opposed the rule’s prohibition of incentive and testing programs associated with injury reporting, according to a Bloomberg BNA media report.

Workers groups contend that ending such programs will protect employees from being ostracized by their employers for voicing safety concerns.

With clearer protections for whistleblowers, the rule requires that employers make clear to staff that anyone has the right to alert OSHA to problems without fear of retaliation.

The rule did not change the types of information to be filed with OSHA each year, but did change how employers were supposed to file the data. Employers would be required to use a secure web-based application to submit the data electronically. That would allow OSHA to capture the information in a way that it could report the safety records of each employer, in a searchable format, publicly.

While OSHA promised that the information would be “scrubbed” of personally identifiable details about workers, there were concerns that health care providers who also face responsibility for preventing data breaches of protected health information (PHI) in particular could face problems.
“The rule presents a number of challenges for all employers, but I believe that health care employers carry an even heavier burden than employers in other industries,” Valerie Butera, an attorney in the employment, labor and workforce management practice area of the Washington, D.C., law firm Epstein Becker Green, told DecisionHealth last year.
Concerns include a possible data breach before OSHA removes sensitive PHI.

“No computer system is infallible, and this step opens the doors to an inadvertent disclosure of private employee information. The heightened threat to health care employers is the very real possibility that patients’ protected health information could be breached as well,” Butera told DecisionHealth.