OSHA 300 Logs and Posting Requirements

As we welcome the new year, it is time to wrap up the 2020 year-end tasks. One of those end-of-year tasks is completing your company’s OSHA 300 logs, having them signed off on by a senior company official, preparing to post them on February 1, 2021, and leaving them displayed through April 30, 2021.

Certain employers are required to complete both OSHA Form 300 Log of Work-Related Injuries and Illnesses and OSHA Form 300-A Summary of Work-Related Injuries and Illnesses, however only the latter, Form 300-A, is required to be posted in the workplace. Basic requirements for maintaining OSHA 300 logs can be found on OSHA’s site here. Information for companies that may be considered partially exempt can be found here.

Even though only the Summary Form 300-A is required to be posted, some employers have posted both the Form 300 and Form 300-A in the workplace. This can cause employee concerns regarding medical privacy. OSHA regulations do not require the Form 300 to be posted. The regulation also does not prohibit an employer from posting the Form 300 along with the Form 300-A. However, if the employer does choose to post the full Form 300 Log, they should post the Log in an area only accessible by those granted access under the rule (i.e. employees, former employees, employee representatives, and an authorized employee representative). If the posting area is accessible by others (e.g., members of the public), the employer must remove or hide all names of the injured or ill employees as set out in Section 1904.29(b)(10). In addition, 1910.29 prohibits the employer from including the employee's name for "privacy concern" cases whenever the Form 300 Log is made available to coworkers, former employees, or employee representatives. 

Often, human resource professionals argue that this information cannot be posted due to HIPAA concerns. In a letter of interpretation from OSHA dated August 2, 2004, Mr. Keith Goddard, Directorate of Evaluation and Analysis states, “We do not believe that HIPAA provides a basis for employers to remove employees' names from the Log before providing access. Even if HIPAA is implicated by the employer's disclosure of the OSHA Log, the statue and implementing regulation expressly permit the disclosure of protected health information to the extent required by law. See 45 CFR 164.512(a). This exception for disclosures required by law applies here because the Recordkeeping rule requires that employees, former employees, and employee representatives have access to the complete Log, including employee names, except for privacy concern cases. See 29 CFR 1904.35(b)(2)(iv).” To access the complete LOI click here. Certain “privacy concern cases” are specified in 29 CFR 1904.29(b)(6) through 1904.29(b)(9).

For more information on OSHA logs and requirements, contact your nearest OSHA Region office or AssuredPartners Energy professionals.

Source: OSHA