Rules of Agency Practice and Procedures (29 CFR 1913.10)

eCFR-2015-title29-1913-10.pdf

Asbestos in Shipyards Standard (29 CFR 1915.1001)

Rules of Agency Practice and Procedures (29 CFR 1913.10)

OMB: 1218-0195

Document [pdf]
Download: pdf | pdf
§ 1912a.14

29 CFR Ch. XVII (7–1–15 Edition)
medical information will be exercised
only after the agency has made a careful determination of its need for this
information, and only with appropriate
safeguards to protect individual privacy. Once this information is obtained, OSHA examination and use of
it will be limited to only that information needed to accomplish the purpose
for access. Personally identifiable employee medical information will be retained by OSHA only for so long as
needed to accomplish the purpose for
access, will be kept secure while being
used, and will not be disclosed to other
agencies or members of the public except
in
narrowly
defined
circumstances. This section establishes
procedures to implement these policies.
(b) Scope and application. (1) Except
as provided in paragraphs (b) (3)
through (6) below, this section applies
to all requests by OSHA personnel to
obtain access to records in order to examine or copy personally identifiable
employee medical information, whether or not pursuant to the access provisions of 29 CFR 1910.1020(e).
(2) For the purposes of this section,
‘‘personally identifiable employee medical information’’ means employee
medical information accompanied by
either direct identifiers (name, address,
social security number, payroll number, etc.) or by information which
could reasonably be used in the particular circumstances indirectly to
identify specific employees (e.g., exact
age, height, weight, race, sex, date of
initial employment, job title, etc.).
(3) This section does not apply to
OSHA access to, or the use of, aggregate employee medical information or
medical records on individual employees which is not in a personally identifiable form. This section does not apply
to records required by 29 CFR part 1904,
to death certificates, or to employee
exposure records, including biological
monitoring records treated by 29 CFR
1910.1020(c)(5) or by specific occupational safety and health standards as
exposure records.
(4) This section does not apply where
OSHA compliance personnel conduct
an examination of employee medical
records solely to verify employer compliance with the medical surveillance

§ 1912a.14 Petitions for changes in the
rules; complaints.
(a) Any interested person shall have
the right to petition for the issuance,
amendment, or repeal of rules published in this part. Any such petition
will be considered in a reasonable time.
Prompt notice shall be given of the denial in whole or in part of any petition.
Except in affirming a prior denial or
when the denial is self-explanatory the
notice shall be accompanied by a brief
statement of the reasons therefor.
(b) Any advisory committee member
or any other aggrieved person may file
a written complaint with the Assistant
Secretary alleging noncompliance with
the rules in this part. Any complaint
must be timely filed, but in no case
shall any complaint be filed later than
thirty (30) days following the day on
which the act of alleged noncompliance
occurred. Any complaint shall be acted
upon promptly and a written notice of
the disposition of the complaint shall
be provided to the complainant.
(c) Complaints and petitions should
make reference to this § 1912a.14 and be
filed and addressed as follows:
Assistant Secretary of Labor for Occupational Safety and Health
United States Department of Labor
Washington, D.C. 20210.

PART 1913—RULES OF AGENCY
PRACTICE
AND
PROCEDURE
CONCERNING OSHA ACCESS TO
EMPLOYEE MEDICAL RECORDS
AUTHORITY: Sec. 8, Occupational Safety
and Health Act of 1970 (29 U.S.C. 657); Sec. e,
Privacy Act (5 U.S.C. 552a(e); 5 U.S.C. 301);
Secretary of Labor’s Order No. 8–76 (41 FR
25059), or 5–2002 (67 FR 65008) as applicable.

lpowell on DSK54DXVN1OFR with $$_JOB

§ 1913.10 Rules of agency practice and
procedure concerning OSHA access
to employee medical records.
(a) General policy. OSHA access to
employee medical records will in certain circumstances be important to the
agency’s performance of its statutory
functions. Medical records, however,
contain personal details concerning the
lives of employees. Due to the substantial personal privacy interests involved, OSHA authority to gain access
to personally identifiable employee

22

VerDate Sep<11>2014

14:48 Aug 10, 2015

Jkt 235122

PO 00000

Frm 00032

Fmt 8010

Sfmt 8010

Q:\29\29V7.TXT

31

lpowell on DSK54DXVN1OFR with $$_JOB

Occupational Safety and Health Admin., Labor
recordkeeping requirements of an occupational safety and health standard, or
with 29 CFR 1910.1020. An examination
of this nature shall be conducted onsite and, if requested, shall be conducted under the observation of the
recordholder. The OSHA compliance
personnel shall not record and take offsite any information from medical
records other than documentation of
the fact of compliance or non-compliance.
(5) This section does not apply to
agency access to, or the use of, personally identifiable employee medical information obtained in the course of
litigation.
(6) This section does not apply where
a written directive by the Assistant
Secretary
authorizes
appropriately
qualified personnel to conduct limited
reviews of specific medical information
mandated by an occupational safety
and health standard, or of specific biological monitoring test results.
(7) Even if not covered by the terms
of this section, all medically related
information reported in a personally
identifiable form shall be handled with
appropriate discretion and care befitting all information concerning specific employees. There may, for example, be personal privacy interests involved which militate against disclosure of this kind of information to the
public (See, 29 CFR 70.26 and 70a.3).
(c) Responsible persons—(1) Assistant
Secretary. The Assistant Secretary of
Labor for Occupational Safety and
Health (Assistant Secretary) shall be
responsible for the overall administration and implementation of the procedures contained in this section, including making final OSHA determinations
concerning:
(i) Access to personally identifiable
employee medical information (paragraph (d)), and
(ii) Inter-agency transfer or public
disclosure of personally identifiable
employee medical information (paragraph (m)).
(2) OSHA Medical Records Officer. The
Assistant Secretary shall designate an
OSHA official with experience or training in the evaluation, use, and privacy
protection of medical records to be the
OSHA Medical Records Officer. The
OSHA Medical Records Officer shall re-

§ 1913.10

port directly to the Assistant Secretary on matters concerning this section and shall be responsible for:
(i) Making recommendations to the
Assistant Secretary as to the approval
or denial of written access orders
(paragraph (d)),
(ii) Assuring that written access orders meet the requirements of paragraphs (d) (2) and (3) of this section,
(iii) Responding to employee, collective bargaining agent, and employer
objections concerning written access
orders (paragraph (f)),
(iv) Regulating the use of direct personal identifiers (paragraph (g)),
(v) Regulating internal agency use
and security of personally identifiable
employee medical information (paragraphs (h) through (j)),
(vi) Assuring that the results of agency analyses of personally identifiable
medical information are, where appropriate, communicated to employees
(paragraph (k)),
(vii) Preparing an annual report of
OSHA’s experience under this section
(paragraph (l)), and
(viii) Assuring that advance notice is
given of intended inter-agency transfers or public disclosures (paragraph
(m)).
(3) Principal OSHA Investigator. The
Principal OSHA Investigator shall be
the OSHA employee in each instance of
access to personally identifiable employee medical information who is
made primarily responsible for assuring that the examination and use of
this information is performed in the
manner prescribed by a written access
order and the requirements of this section (paragraphs (d) through (m). When
access is pursuant to a written access
order, the Principal OSHA Investigator
shall be professionally trained in medicine, public health, or allied fields (epidemiology, toxicology, industrial hygiene,
biostatistics,
environmental
health, etc.).
(d) Written access orders—(1) Requirement for written access order. Except as
provided in paragraph (d)(4) below,
each request by an OSHA representative to examine or copy personally
identifiable employee medical information contained in a record held by an
employer or other recordholder shall be
made pursuant to a written access

23

VerDate Sep<11>2014

14:48 Aug 10, 2015

Jkt 235122

PO 00000

Frm 00033

Fmt 8010

Sfmt 8010

Q:\29\29V7.TXT

31

lpowell on DSK54DXVN1OFR with $$_JOB

§ 1913.10

29 CFR Ch. XVII (7–1–15 Edition)

order which has been approved by the
Assistant Secretary upon the recommendation of the OSHA Medical
Records Officer. If deemed appropriate,
a written access order may constitute,
or be accompanied by, an administrative subpoena.
(2) Approval criteria for written access
order. Before approving a written access order, the Assistant Secretary and
the OSHA Medical Records Officer
shall determine that:
(i) The medical information to be examined or copied is relevant to a statutory purpose and there is a need to
gain access to this personally identifiable information,
(ii) The personally identifiable medical information to be examined or copied is limited to only that information
needed to accomplish the purpose for
access, and
(iii) The personnel authorized to review and analyze the personally identifiable medical information are limited
to those who have a need for access and
have appropriate professional qualifications.
(3) Content of written access order.
Each written access order shall state
with reasonable particularity:
(i) The statutory purposes for which
access is sought,
(ii) A general description of the kind
of employee medical information that
will be examined and why there is a
need to examine personally identifiable
information,
(iii) Whether medical information
will be examined on-site, and what
type of information will be copied and
removed off-site,
(iv) The name, address, and phone
number of the Principal OSHA Investigator and the names of any other authorized persons who are expected to
review and analyze the medical information.
(v) The name, address, and phone
number of the OSHA Medical Records
Officer, and
(vi) The anticipated period of time
during which OSHA expects to retain
the employee medical information in a
personally identifiable form.
(4) Special situations. Written access
orders need not be obtained to examine
or copy personally identifiable em-

ployee medical information under the
following circumstances:
(i) Specific written consent. If the specific written consent of an employee is
obtained
pursuant
to
29
CFR
1910.1020(e)(2)(ii), and the agency or an
agency employee is listed on the authorization as the designated representative to receive the medical information, then a written access order
need not be obtained. Whenever personally identifiable employee medical information is obtained through specific
written consent and taken off-site, a
Principal OSHA Investigator shall be
promptly named to assure protection
of the information, and the OSHA Medical Records Officer shall be notified of
this person’s identity. The personally
identifiable medical information obtained shall thereafter be subject to
the use and security requirements of
paragraphs (h) through (m) of this section.
(ii) Physician consultations. A written
access order need not be obtained
where an OSHA staff or contract physician consults with an employer’s physician concerning an occupational safety
or health issue. In a situation of this
nature, the OSHA physician may conduct on-site evaluation of employee
medical records in consultation with
the employer’s physician, and may
make necessary personal notes of his
or her findings. No employee medical
records, however, shall be taken offsite in the absence of a written access
order or the specific written consent of
an employee, and no notes of personally identifiable employee medical information made by the OSHA physician shall leave his or her control without the permission of the OSHA Medical Records Officer.
(e) Presentation of written access order
and notice to employees. (1) The Principal OSHA Investigator, or someone
under his or her supervision, shall
present at least two (2) copies each of
the written access order and an accompanying cover letter to the employer
prior to examining or obtaining medical information subject to a written
access order. At least one copy of the
written access order shall not identify
specific employees by direct personal
identifier. The accompanying cover letter shall summarize the requirements

24

VerDate Sep<11>2014

14:48 Aug 10, 2015

Jkt 235122

PO 00000

Frm 00034

Fmt 8010

Sfmt 8010

Q:\29\29V7.TXT

31

lpowell on DSK54DXVN1OFR with $$_JOB

Occupational Safety and Health Admin., Labor
of this section and indicate that questions or objections concerning the
written access order may be directed to
the Principal OSHA Investigator or to
the OSHA Medical Records Officer.
(2) The Principal OSHA Investigator
shall promptly present a copy of the
written access order (which does not
identify specific employees by direct
personal identifier) and its accompanying cover letter to each collective
bargaining agent representing employees whose medical records are subject
to the written access order.
(3) The Principal OSHA Investigator
shall indicate that the employer must
promptly post a copy of the written access order which does not identify specific employees by direct personal identifier, as well as post its accompanying
cover
letter
(See,
29
CFR
1910.1020(e)(3)(ii)).
(4) The Principal OSHA Investigator
shall discuss with any collective bargaining agent and with the employer
the appropriateness of individual notice to employees affected by the written access order. Where it is agreed
that individual notice is appropriate,
the Principal OSHA Investigator shall
promptly provide to the employer an
adequate number of copies of the written access order (which does not identify specific employees by direct personal identifier) and its accompanying
cover letter to enable the employer either to individually notify each employee or to place a copy in each employee’s medical file.
(f) Objections concerning a written access order. All employee, collective bargaining agent, and employer written
objections concerning access to records
pursuant to a written access order
shall be transmitted to the OSHA Medical Records Officer. Unless the agency
decides otherwise, access to the records
shall proceed without delay notwithstanding the lodging of an objection.
The OSHA Medical Records Officer
shall respond in writing to each employee’s and collective bargaining
agent’s written objection to OSHA access. Where appropriate, the OSHA
Medical Records Officer may revoke a
written access order and direct that
any medical information obtained by it
be
returned
to
the
original
recordholder or destroyed. The Prin-

§ 1913.10

cipal OSHA Investigator shall assure
that such instructions by the OSHA
Medical Records Officer are promptly
implemented.
(g) Removal of direct personal identifiers. Whenever employee medical information obtained pursuant to a written access order is taken off-site with
direct personal identifiers included, the
Principal OSHA Investigator shall, unless otherwise authorized by the OSHA
Medical Records Officer, promptly separate all direct personal identifiers
from the medical information, and
code the medical information and the
list of direct identifiers with a unique
identifying number for each employee.
The medical information with its numerical code shall thereafter be used
and kept secured as though still in a
directly identifiable form. The Principal OSHA Investigator shall also
hand deliver or mail the list of direct
personal identifiers with their corresponding numerical codes to the
OSHA Medical Records Officer. The
OSHA Medical Records Officer shall
thereafter limit the use and distribution of the list of coded identifiers to
those with a need to know its contents.
(h) Internal agency use of personally
identifiable employee medical information.
(1) The Principal OSHA Investigator
shall in each instance of access be primarily responsible for assuring that
personally identifiable employee medical information is used and kept secured in accordance with this section.
(2) The Principal OSHA Investigator,
the OSHA Medical Records Officer, the
Assistant Secretary, and any other authorized person listed on a written access order may permit the examination
or use of personally identifiable employee medical information by agency
employees and contractors who have a
need for access, and appropriate qualifications for the purpose for which they
are using the information. No OSHA
employee or contractor is authorized
to examine or otherwise use personally
identifiable employee medical information unless so permitted.
(3) Where a need exists, access to personally identifiable employee medical
information may be provided to attorneys in the Office of the Solicitor of
Labor, and to agency contractors who

25

VerDate Sep<11>2014

14:48 Aug 10, 2015

Jkt 235122

PO 00000

Frm 00035

Fmt 8010

Sfmt 8010

Q:\29\29V7.TXT

31

lpowell on DSK54DXVN1OFR with $$_JOB

§ 1913.10

29 CFR Ch. XVII (7–1–15 Edition)

are physicians or who have contractually agreed to abide by the requirements of this section and implementing agency directives and instructions.
(4) OSHA employees and contractors
are only authorized to use personally
identifiable employee medical information for the purposes for which it was
obtained, unless the specific written
consent of an employee is obtained as
to a secondary purpose, or the procedures of paragraphs (d) through (g) of
this section are repeated with respect
to the secondary purpose.
(5) Whenever practicable, the examination of personally identifiable employee medical information shall be
performed on-site with a minimum of
medical information taken off-site in a
personally identifiable form.
(i) Security procedures. (1) Agency files
containing personally identifiable employee medical information shall be
segregated from other agency files.
When not in active use, files containing
this information shall be kept secured
in a locked cabinet or vault.
(2) The OSHA Medical Records Officer and the Principal OSHA Investigator shall each maintain a log of uses
and transfers of personally identifiable
employee medical information and
lists of coded direct personal identifiers, except as to necessary uses by
staff under their direct personal supervision.
(3) The photocopying or other duplication of personally identifiable employee medical information shall be
kept to the minimum necessary to accomplish the purposes for which the information was obtained.
(4) The protective measures established by this section apply to all
worksheets, duplicate copies, or other
agency documents containing personally identifiable employee medical information.
(5) Intra-agency transfers of personally identifiable employee medical information shall be by hand delivery,
United States mail, or equally protective means. Inter-office mailing channels shall not be used.
(j) Retention and destruction of records.
(1) Consistent with OSHA records disposition programs, personally identifiable employee medical information and

lists of coded direct personal identifiers shall be destroyed or returned to
the original recordholder when no
longer needed for the purposes for
which they were obtained.
(2) Personally identifiable employee
medical information which is currently
not being used actively but may be
needed for future use shall be transferred to the OSHA Medical Records
Officer. The OSHA Medical Records Officer shall conduct an annual review of
all centrally-held information to determine which information is no longer
needed for the purposes for which it
was obtained.
(k) Results of an agency analysis using
personally identifiable employee medical
information. The OSHA Medical Records
Officer shall, as appropriate, assure
that the results of an agency analysis
using personally identifiable employee
medical information are communicated
to the employees whose personal medical information was used as a part of
the analysis.
(l) Annual report. The OSHA Medical
Records Officer shall on an annual
basis review OSHA’s experience under
this section during the previous year,
and prepare a report to the Assistant
Secretary which shall be made available to the public. This report shall
discuss:
(1) The number of written access orders approved and a summary of the
purposes for access,
(2) The nature and disposition of employee, collective bargaining agent,
and employer written objections concerning OSHA access to personally
identifiable employee medical information, and
(3) The nature and disposition of requests for inter-agency transfer or public disclosure of personally identifiable
employee medical information.
(m) Inter-agency transfer and public
disclosure. (1) Personally identifiable
employee medical information shall
not be transferred to another agency or
office outside of OSHA (other than to
the Office of the Solicitor of Labor) or
disclosed to the public (other than to
the affected employee or the original
recordholder) except when required by
law or when approved by the Assistant
Secretary.

26

VerDate Sep<11>2014

14:48 Aug 10, 2015

Jkt 235122

PO 00000

Frm 00036

Fmt 8010

Sfmt 8010

Q:\29\29V7.TXT

31

lpowell on DSK54DXVN1OFR with $$_JOB

Occupational Safety and Health Admin., Labor
(2) Except as provided in paragraph
(m)(3) of this section, the Assistant
Secretary shall not approve a request
for an inter-agency transfer of personally identifiable employee medical information, which has not been consented to by the affected employees,
unless the request is by a public health
agency which:
(i) Needs the requested information
in a personally identifiable form for a
substantial public health purpose,
(ii) Will not use the requested information to make individual determinations concerning affected employees
which could be to their detriment,
(iii) Has regulations or established
written procedures providing protection for personally identifiable medical
information substantially equivalent
to that of this section, and
(iv) Satisfies an exemption to the
Privacy Act to the extent that the Privacy Act applies to the requested information (See, 5 U.S.C. 552a(b); 29 CFR
70a.3).
(3) Upon the approval of the Assistant Secretary, personally identifiable
employee medical information may be
transferred to:
(i) The National Institute for Occupational Safety and Health (NIOSH) and
(ii) The Department of Justice when
necessary with respect to a specific action under the Occupational Safety and
Health Act.
(4) The Assistant Secretary shall not
approve a request for public disclosure
of employee medical information containing direct personal identifiers unless
there
are
compelling
circumstances affecting the health or
safety of an individual.
(5) The Assistant Secretary shall not
approve a request for public disclosure
of employee medical information which
contains information which could reasonably be used indirectly to identify
specific employees when the disclosure
would constitute a clearly unwarranted
invasion of personal privacy (See, 5
U.S.C. 552(b)(6); 29 CFR 70.26).
(6) Except as to inter-agency transfers to NIOSH or the Department of
Justice, the OSHA Medical Records Officer shall assure that advance notice
is provided to any collective bargaining agent representing affected
employees and to the employer on each

Pt. 1915

occasion that OSHA intends to either
transfer personally identifiable employee medical information to another
agency or disclose it to a member of
the public other than to an affected
employee. When feasible, the OSHA
Medical Records Officer shall take reasonable steps to assure that advance
notice is provided to affected employees when the employee medical information to be transferred or disclosed
contains direct personal identifiers.
[45 FR 35294, May 23, 1980; 45 FR 54334, Aug.
15, 1980, as amended at 71 FR 16674, Apr. 3,
2006]

PART 1915—OCCUPATIONAL SAFETY AND HEALTH STANDARDS FOR
SHIPYARD EMPLOYMENT
Subpart A—General Provisions
Sec.
1915.1 Purpose and authority.
1915.2 Scope and application.
1915.3 Responsibility.
1915.4 Definitions.
1915.5 Incorporation by reference.
1915.6 Commercial diving operations.
1915.7 Competent person.
1915.8 OMB control numbers under the Paperwork Reduction Act.
1915.9 Compliance duties owed to each employee.

Subpart B—Confined and Enclosed Spaces
and Other Dangerous Atmospheres in
Shipyard Employment
1915.11 Scope, application, and definitions
applicable to this subpart.
1915.12 Precautions and the order of testing
before entering confined and enclosed
spaces and other dangerous atmospheres.
1915.13 Cleaning and other cold work.
1915.14 Hot work.
1915.15 Maintenance of safe conditions.
1915.16 Warning signs and labels.
APPENDIX A TO SUBPART B OF PART 1915—
COMPLIANCE ASSISTANCE GUIDELINES FOR
CONFINED AND ENCLOSED SPACES AND
OTHER DANGEROUS ATMOSPHERES
APPENDIX B TO SUBPART B OF PART 1915—REPRINT OF U.S. COAST GUARD REGULATIONS
REFERENCED IN SUBPART B, FOR DETERMINATION OF COAST GUARD AUTHORIZED
PERSONS

Subpart C—Surface Preparation and
Preservation
1915.31
1915.32

Scope and application of subpart.
Toxic cleaning solvents.

27

VerDate Sep<11>2014

14:48 Aug 10, 2015

Jkt 235122

PO 00000

Frm 00037

Fmt 8010

Sfmt 8010

Q:\29\29V7.TXT

31


File Typeapplication/pdf
File Modified2015-08-18
File Created2015-08-18

© 2024 OMB.report | Privacy Policy