OSHA proposed last week to roll back parts of the “Electronic Recordkeeping” regulation that the Obama administration issued in 2016. The rule would have required certain employers to electronically send worker injury and illness information into OSHA. OSHA then intended to publicize the (non-confidential) information on its website. In a somewhat amusing, but Orwellian press release, OSHA portrays the rollback as an effort to “better protect” workers’ confidential information.
I finally had a chance to read the full OSHA proposal. Spoiler Alert: I’ve read a lot of OSHA regulatory proposals over my career and this one barely passes the laugh test, much less presents a serious argument for why this regulation should be weakened.
Instead of an effort to better protect workers’ confidential information, this is a poorly justified attempt to protect employers from having to reveal potentially embarrassing information.
In other words, according to former OSHA official Debbie Berkowitz, “This is about the administration listening to employers who don’t want workers and the public to know about dangerous conditions.”
But even this partial rollback isn’t good enough for the Chamber of Commerce. According to Marc Freedman, the Chamber’s vice president of workplace policy, publishing any employer data on injuries and illnesses could also be used to unfairly malign businesses. “Not all injuries that have to be recorded reflect on an employer’s safety program. We don’t think they’ve fully taken care of the problem.”
Background
In order to fulfill the purpose of the Act, OSHA is authorized to require employers to record injury and illness information, as well as collect information on safety and health from employers, including injury and illness information. Consequently, OSHA has long required certain employers to keep injury and illness logs; specifically, OSHA Forms 300, 300A, and 301. OSHA Form 300 is a log of all injuries and illnesses, including names of worker injured or sickened. The 300A Form is a summary of that form that contains no names or confidential information. Employers are required to post that information in the workplace between February 1 and April 30 of every year. The 301 Form is a detailed description of workplace injuries that includes information about what happened and what the employee was doing just before the incident occurred.
On May 12, 2016, OSHA amended its recordkeeping regulation to require employers to annually submit to OSHA, by electronic means, injury and illness information that employers were already required to keep. Establishments with 250 or more employees in industries that are routinely required to keep records are required to electronically submit information from their OSHA Forms 300, 300A, and 301 to OSHA or OSHA’s designee once a year. Small businesses with 20 to 249 employees in certain designated industries are only required to submit information on the summary form 300A. Employers were already required to collect this information. The only change was that they were now required to send it into OSHA through a web-based electronic system that OSHA would develop.
Until the new regulation was issued, OSHA did not — with one exception — require any of that information to be sent in to OSHA. The main purpose of requiring employers to collect the information was to help them improve their health and safety programs, and OSHA Inspectors consulted the information when conducting inspections. The one exception was OSHA’s collection of injury and illness summary information from around 80,000 employers every year, a program that lasted from 2006 to 2013 and was used to better target OSHA inspections in the most dangerous workplaces.
The 2016 rule had two phases. The first phase was submission of the Form 300A summary data which, after several delays, took effect last year. The second part, sending in information from the 300 Form and the more detailed 301 data, was supposed to take effect this year. Submission of the 300 Log and the detailed Form 301 data are the requirements that OSHA is proposing to cancel in last week’s proposal.
What Were The Benefits?
The main purpose of this regulation was to help OSHA and the workplace safety and health community better determine why workers are getting hurt on the job and how to protect them more effectively. OSHA stated in the preamble of the 2016 regulation that the “data will improve OSHA’s ability to identify, target, and remove safety and health hazards, thereby preventing workplace injuries, illnesses, and deaths.” Beyond enabling OSHA to better target the most dangerous workplaces, OSHA stated that the making the data public “will allow the public, including employees and potential employees, researchers, employers, unions, and workplace safety and health consultants, to use and benefit from the data. It will support the development of innovative ideas and allow everybody with a stake in workplace safety and health to participate in improving occupational safety and health.”
While the Bureau of Labor Statistics makes aggregate data available to the public, OSHA’s data collection would make much more detailed and site-specific data available to researchers. And the establishment-specific data would “enable OSHA to conduct rigorous evaluations of different types of programs, initiatives, and interventions in different industries and geographic areas, enabling the agency to become more effective and efficient. ”
Why Does Trump OSHA Want to Stop Collection of the Detailed Information?
But what seemed like a great idea two years ago, is not longer a great idea, according to OSHA. The agency announced that it is now
Amending its recordkeeping regulations to protect sensitive worker information from potential disclosure under the Freedom of Information Act (FOIA). OSHA has preliminarily determined that the risk of disclosure of this information, the costs to OSHA of collecting and using the information, and the reporting burden on employers are unjustified given the uncertain benefits of collecting the information. (emphasis added)
None of these statements are true, nor are they effectively supported in the new OSHA proposal.
1. Protecting Sensitive Worker Information: OSHA assured the public when it issued the original 2016 regulation that all confidential information would be protected. This would include the information on the left side of the 301 Form, specifically workers’ names, birthdates, names of their doctors, etc. But OSHA now argues that it’s possible, despite unanimous and universal court decisions ensuring the confidentiality of that information, that some court in the country could someday allow that confidential information to be released to the public.
OSHA warns that “That risk remains so long as there is a non-trivial chance that any court in any of the nation’s 94 federal judicial districts might issue a final disclosure order after the exhaustion of all available appeals.” Arguing that the risk is “not speculative,” the proposal cites an organization that in 2017 “invoked FOIA to request that the Department produce electronically-submitted information from Forms 300, 300A, and 301.”
Note the emphasis that I added: “electronically-submitted information.” In order to ensure the security of confidential information, OSHA ensured that employers will not even submit information to OSHA that is confidential, such as names. If the confidential information is not “electronically submitted” to OSHA, then there is no confidential information in OSHA’s possession to FOIA, even if some court, some day, decides to go rogue.
The other example OSHA uses to show that the risk is “not speculative” is a lawsuit in the early 2000s by former OSHA employee Adam Finkel that requested information on OSHA employees who may have been exposed to toxic beryllium dust in the course of their jobs. OSHA lost that court case in 2006. But Finkel never sought nor did he receive identifiable information, and the court only ordered the de-identified results to be handed over. OSHA’s use of this case in its argument is somewhat garbled, but they conclude that despite the fact that the court never ordered identifiable information to be released, “it is reasonably foreseeable” that a future court could.
“OSHA’s claim that it is proposing to revoke employer requirements to submit detailed injury data in order to protect employee privacy is truly cynical. Workers and worker representatives strongly support the collection of this information to help identify workplaces with serious injuries in order to protect workers health.” — Peg Seminario, AFL-CIO Health and Safety Director
So, in conclusion, the “risk of disclosure” that OSHA is allegedly protecting workers from, is entirely speculative and not based only any real evidence outside the fevered imaginations of OSHA regulatory writers, undoubtedly egged on by the Secretary, the White House and corporate opposition to the whole concept of transparency.
And the workers that OSHA is supposedly protecting? As AFL-CIO Health and Safety Director Peg Seminario said in a statement to Bloomberg BNA,
“OSHA’s claim that it is proposing to revoke employer requirements to submit detailed injury data in order to protect employee privacy is truly cynical. Workers and worker representatives strongly support the collection of this information to help identify workplaces with serious injuries in order to protect workers health. Only industry groups oppose these common sense requirements. The real reason for this roll back is to protect employers who don’t want workers or the public to know about dangerous conditions and hazards at their workplaces. “
2. Uncertain Benefits of the Original Regulation: OSHA has suddenly decided that the benefits of collecting and publicizing this data are now “uncertain.” Why? Because “OSHA has no prior experience with using the case-specific Form 300 and 301 data to identify and target establishments. OSHA is unsure as to how much benefit such data would have for targeting, or how much effort would be required to realize those benefits.” And the summary From 300 is adequate to enable OSHA to target the most dangerous workplaces.
In other words, because we’ve never done it before, there’s no way to figure out if it would be beneficial. So much for innovation.
But OSHA does have a point that the summary Form 300A should suffice for inspection targeting. And it’s also possible that OSHA at this point doesn’t have the staff or resources to fully analyze all the data they will be collecting. But the proposal completely ignores the main benefit of collecting and publicizing the data: the benefit the data will provide to outside researchers and the public.
3. The Costs to OSHA: Not only are the benefits uncertain, but because of the sheer volume of Form 301 reports, “to gain (speculative, uncertain) enforcement value from the case-specific data, OSHA would need to divert resources from other priorities, such as the utilization of Form 300A data, which OSHA’s long experience has shown to be useful.”
Also, OSHA would better spend its time and resources addressing the high level of non-compliance with requirements that employers send in severe injury reports and the summary 300 Forms. I’m not sure what resource-intensive efforts OSHA is making to ensure better compliance with those requirements (not much from what we hear), but enforcing this additional requirement would fall into the same basket.
OSHA is also estimating that getting rid of this requirement would save OSHA around $400,000 because it wouldn’t have to finish developing the data system to collect the data. Not much money saved there, and from my memory, the system was already finished, or very close to being finished at the end of the Obama administration, 18 months ago.
4. Costs to Employers: OSHA also cites the burden to employers of sending the data into OSHA. First, remember that the data being sent into OSHA has already been collected, so the only additional costs is actually sending it to OSHA. OSHA estimates that by relieving the nation of this burden, a total of $8.7 million will be saved. That’s not $8.7 million per employer — that’s $8.7 million for the entire country. The cost of workplace injury, illness and death in this country is over $250 billion per year. It wouldn’t take a whole lot of prevented injuries or deaths for this regulation to pay for itself.
According to OSHA, the benefits of eliminating the threat to worker privacy may be unquantifiable, but this unquantifiable (and probably non-existent) risk is nevertheless somehow “substantial” enough to outweigh the “uncertain” and “difficult to quantify” value that the information could provide to researchers, the public and OSHA
5. “Benefits” of Repealing the Requirement to Submit Forms 300 and 301 Information: OSHA has kindly attempted to describe the benefits of rolling this regulation back — or “better protecting” workers, as they say.
Sort of.
First, remember they argue that they are protecting workers from the risk that their confidential information will be disclosed. And, according to the OSHA proposal “The value of worker privacy is impossible to quantify, but no less significant because of that fact.”
Indeed.
Second, OSHA admits that the Form 300 and 301 information “could add enforcement benefits,” but, on the other hand, those benefits are “uncertain and difficult to quantify” — mainly because OSHA has never actually worked with this data before.
Therefore, the agency concludes that “the (substantial) benefits to worker privacy outweigh the (uncertain) foregone benefits to enforcement.”
In other words, according to OSHA, the benefits of eliminating the threat to worker privacy may be unquantifiable, but this unquantifiable (and probably non-existent) risk is nevertheless somehow “substantial” enough to outweigh the “uncertain” and “difficult to quantify” value that the information could provide to researchers, the public and OSHA.
So “unquantifiable” somehow trumps “uncertain” in OSHA world.
Back in the day, logic like this would have been laughed out of the room and sent back to the drawing board.
The Good News
The only good news coming out of this is that OSHA had decided not to monkey with language in the regulation prohibiting employers from retaliating against workers for reporting injuries and illnesses. The Chamber of Commerce and other industry groups were upset that this provision could keep employers from imposing retaliatory drug tests or incentive programs that discourage workers from reporting injuries or illnesses.
If you’re interested, comments on this proposal must be submitted by September 28, 2018.
Well said, Jordan! I would like to add some additional comments based on a slightly different perspective…
1. It cannot be overemphasized how much more accurate the injury and illness data collected from the electronic submissions would be, over the annual BLS data that is published. The BLS data has always been extrapolated from such a small sample group of actual data, that at best it gives a suggestion of where we should be looking to make improvements, but it is also entirely possible that the data that would be collected by the new OSHA reporting requirements will surface entirely new information that could really help guide us towards improvement in the industry.
2. Dr. Michaels made a statement to a small group of us a few years back that his intent was to use OSHA to “level the playing field”. He went on to explain that what he meant by this was that he knew (as many of us do), that there are still plenty of companies out there who are not even trying to follow the rules, and he categorized these companies differently than the ones that were truly trying, but still make the occasional mistake. This made perfect sense then, and still does today. The group of companies that knows they are breaking the rules, the ones that know they are putting people in harms way…they need, and deserve aggressive enforcement action. While the other group would probably benefit more from consultation activities. The trick, of course, is figuring our who is who and directing OSHA’s limited resources in a way that better targets those intentional violators. Electronic data collection was one method of doing just that. OSHA’s budget hasn’t changed. They haven’t added any compliance personnel. The new data was not going to result in every worksite with reported injuries being flooded with compliance officers…they just don’t have that ability. What they would have the ability to do, however, is to analyze the data to find previously unidentified companies that could truly warrant enforcement activity; helping to better deploy those resources.
3. I have to add, that the responsibility for keeping confidential employee data…confidential, has ALWAYS been the employer’s responsibility, and nothing in the new electronic data reporting requirements would change this. The employer has ALWAYS been required to take steps such as not recording employee names in the 300 log when an injury falls into confidential categories. I am not aware of anything in this new rule (and I have read every page of it in the Federal Register) that would have changed this. As you stated, there is NO risk of releasing confidential information, because there was NEVER any intent to collect it. As long as the employer doesn’t submit something that no one is requesting, there just simply is no risk.
So who’s writing this stuff for OSHA?
Disgusting. Typical Republican bullshit…
Curious if there was ever any discussion at OSHA on changing the definition of Recordable?
It is such a broad category that overemphasizes the insignificant injuries, discourages proper treatment, and provides no information on the real danger of a workplace.
I found the split personality of OSHA that slowly was thinking risk, yet remained anchored to a largely useless and lagging indicator, so frustrating. And the effects of the poor decisions by OSHA were amplified by the insurance industry, which should have known better, and the purchasing/contracting “profession,” which thought they were being innovative, but did not understand the dynamics of what they were measuring.
I did not understand what OSHA was trying to learn from the BLS submittal nor the e-reporting and never got the feeling that OSHA did either.
[…] By Jordan Barab, Confined Space […]
[…] had planned to use for research, targeting inspections and publish on OSHA’s website. OSHA is currently proposing to repeal the second part of that regulation that would require employers to send in more detailed […]
I think everyone is missing the HIPAA requirements that every organization must follow. People should have the same right to withhold their private information, the unions can’t speak for their own individuals while representing only a portion of the workforce. The data submitted electronically using the 300A will finally reveal the bad players. I think the most important thing is to have the data electronically filed as vast majority of logs were never checked in the first place. Now they can collect and check everyone for compliance without going to each site.
[…] regulation over to OIRA months ahead of schedule for its (normally) three-month review. OSHA had proposed to drop the part of the regulation that would have required certain employers to send detailed […]
[…] The reasoning used by OSHA seems similar to the weak reasoning used in the agency’s proposal. (You can read my analysis of the proposal here.) […]