From Bond, Schoeneck & King PLLC, a Council of Industry Associate Member
By: Michelle R. Billington
On January 25, 2019, OSHA published a final rule that rescinded a requirement adopted in 2016 for establishments with 250 or more employees to electronically submit to OSHA information from their OSHA Forms 300 and 301. Those establishments were already required to maintain Forms 300, 300A, and 301 and were already required to submit Form 300A to OSHA each year. The 2016 rule significantly expanded the scope of these reporting obligations by requiring submission of Forms 300 and 301 to OSHA, which contain detailed information about the employees who experienced a recordable injury or illness and about the circumstances of the injury or illness that occurred. The 2016 rule established a July 1, 2018 deadline for electronic submission of Forms 300 and 301 to OSHA.
However, as this date neared, OSHA’s website advised employers that the agency was not accepting Forms 300 and 301. Then on July 30, 2018, OSHA issued a proposed rule to rescind the requirement and announced that it would not enforce the July 1 deadline that had already passed.
Under the final rule issued January 25, permanently removing the requirement for employers to electronically submit Forms 300 and 301, establishments with 250 or more employees are still required to maintain OSHA Forms 300, 300A, and 301 on-site, and OSHA states that it will continue to obtain these records as needed during inspections and enforcement actions. These establishments also are still required to submit reports after severe injuries and to electronically submit to OSHA information from their Form 300A. The final rule also adds a new requirement that covered employers must submit their Employer Identification Number (“EIN”) electronically together with their annual injury and illness data submission.
OSHA identified three primary reasons for its decision to rescind the prior requirement for submission of data from Forms 300 and 301. First, OSHA determined that collecting the information contained in Forms 300 and 301—which include not only the employee’s name, date of birth, and job title, but also details about the nature of the medical treatment the employee received–would subject sensitive information “to a meaningful risk of public disclosure.” OSHA noted that its electronic collection of this large pool of data could incentivize cyberattacks and could compromise worker privacy in the event of a data breach, cyberattack, or malware. Second, OSHA concluded that enforcement and compliance benefits associated with collecting this data remains uncertain. Finally, OSHA found that collecting and reviewing this data would divert agency resources from existing priorities such as utilizing the Form 300A and severe injury reports that OSHA already collects and which have been useful for addressing areas of concern.
If you have questions about how this rule affects your recordkeeping and reporting obligations, one of our attorneys can assist.