Employers will still be vulnerable to having their injury and illness data used against them despite the U.S. Occupational Safety and Health Administration’s proposal to roll back parts of its electronic record-keeping rule to protect sensitive employee information.
The proposed rule does not rescind the agency’s plan to publish employer information, nor does it reconsider controversial language dissuading employers from implementing employee incentive programs and post-incident drug testing requirements that OSHA argued could constitute retaliation against injured workers or discourage these employees from reporting their injuries.
“The proposed rule is a step in the right direction, and we’re always pleased to see any steps in the right direction, but this is not nearly enough, and it’s definitely not nearly what industry expected,” said Eric Conn, founding partner of Washington-based Conn Maciel Carey L.L.P.
In July, OSHA released a proposal to amend the 2017 record-keeping regulation by rescinding the requirement for establishments with 250 or more employees to electronically submit information from OSHA forms 300 and 301. They will still be required to submit information from their Form 300A summaries.
“All of us on the defense side and the employers were expecting something a lot bigger,” said Jason Mills, a Los Angelesbased partner at Morgan, Lewis & Bockius L.L.P. “We thought it was going to disappear entirely. OSHA has reviewed this under the new administration, and it looks like some kind of split-the-baby approach. Obviously, the employers are not happy about it.”
The agency is amending the rule to protect sensitive worker information from potential disclosure under the Freedom of Information Act after preliminarily determining the risk of disclosure, the costs to OSHA of collecting and using the information and the reporting burden on employers were unjustified given the uncertain benefits of collecting the data.
There was a “real concern” that electronically submitting this information could subject private employee information to FOIA requests, in addition to the potential for a cyber breach that would expose this information, said Fiona W. Ong, a partner with Shawe Rosenthal L.L.P. in Baltimore.
Yet the 300A summary asks employers to submit their confidential business information, which is troublesome, said Marc Freedman, vice president for workplace policy at the U.S. Chamber of Commerce in Washington. “(OSHA is) concerned about (FOIA) requests for employee information but not for employer information … As long as those forms are being requested, there is a nontrivial concern that these forms could be leaked,” he said.
The 300A form requests an employer’s identification number, which is used for tax purposes, and could cause breaches for employers, according to Mr. Freedman. “You are exposing employers,” he said.
But one of the biggest proponents of the original electronic record-keeping rule — David Michaels, the former assistant secretary of Labor for Occupational Safety and Health and professor at the Milken Institute School of Public Health at George Washington University in Washington — said the latest move by OSHA is meant to protect employers who don’t want lapses in workplace safety exposed.
“(Collecting the data) would provide OSHA with a tremendous amount of information to understand injury causation,” he said.
Mr. Conn said he believes the “biggest weakness” with the new rule is that it does not back down from OSHA’s plans to publish the information it does collect.
“Not collecting 300- and 301-level data alleviates employees’ concerns,” he said. “But it really doesn’t alleviate employers’ concerns at all. Employers are very concerned about protecting employees’ information, but we were also concerned about all the nefarious ways that our data could be used against us by the various forces out there like plaintiffs attorneys, like the media, like the union organizers, like our competitors who would grab this data and distort and misrepresent it out of context to paint a negative picture about an employer.”
Meanwhile, the regulation’s anti-retaliation provisions specifically bar employers from retaliating against employees and mandate that employer procedures to report work-related injuries and illnesses must be reasonable and not discourage reporting. Legal experts question both the need and legal authority for the anti-retaliation provisions because employees already can file retaliation complaints under Section 11(c) of the Occupational Safety and Health Act.
“This is entirely duplicative of existing protections for whistleblowers in the OSH Act,” Mr. Conn said.
The regulation does not prohibit post-incident drug testing or employee incentive programs, but OSHA has made clear that employers could face consequences such as citations and fines if such programs retaliate against injured workers or deter them from reporting injuries, and that language has not been rescinded by the new proposed rule, experts say.
However, it will be interesting to see how OSHA under the Trump administration enforces such anti-retaliation provisions, Mr. Mills said. “I just would be surprised to see this really strong enforcement goal on the part of OSHA,” he said.