IMPROVE TRACKING WORKPLACE INJURIES AND ILLNESSES
OMB Control Number: 1218-0279
Attachment A - Excerpts from Improve Tracking of Workplace Injuries and Illnesses Final Rule Describing Significant Substantive Comments and Significant Changes Related to the ICR (OMB Control No. 1218-0279)
In the final rule excerpts below, OSHA provides a summary of the discussion of public comments that pertain to the ICR.
Appendix B to Subpart E of Part 1904— Designated Industries for § 1904.41(a)(2) Annual Electronic Submission of Information from OSHA Form 300 Log of Work-Related Injuries and Illnesses and OSHA Form 301 Injury and Illness Incident Report by Establishments With 100 or More Employees in Designated Industries
*****
“As explained above, OSHA’s decision to collect certain data from establishments’ Forms 300 and 301 stems from its determination that OSHA will be able to use the data to improve worker safety and health. Similarly, the agency’s decision to publish some of the Forms 300 and 301 data it receives pursuant to this rulemaking flows from its expectation that it will receive FOIA requests requesting the data and its determination that such publication will result in many occupational safety and health benefits. Importantly, in the proposal, OSHA also preliminarily determined that these benefits would not be at the expense of employee privacy. In other words, OSHA preliminarily determined that it would be able to adequately protect information that could reasonably be expected to identify individuals directly—both in the collecting and possession of the data and in its decisions surrounding which information will be made publicly available.
This question, i.e., whether OSHA would be able to adequately protect information that could reasonably be expected to identify individuals directly, was raised in the rulemaking that culminated in the issuance of the 2016 final rule. It was also a major factor in OSHA’s decision to rescind the requirement for certain employers to electronically submit information from Forms 300 and 301. Specifically, in the preamble to the 2019 final rule, OSHA stated that it was rescinding that requirement “to protect sensitive worker information from potential disclosure under the Freedom of Information Act (FOIA)” and that “OSHA has always applied a balancing test to weigh the value of worker privacy against the usefulness of releasing the data” (84 FR 383-384). The preamble to the 2019 final rule also stated the agency’s belief at the time that OSHA could withhold the data from Forms 300 and 301 from publication under FOIA Exemptions 6 and 7(C) (84 FR 386), but OSHA concluded at that time that the risk of disclosure of case-specific, establishment-specific, information could not be justified “given [the agency’s] resource allocation concerns and the uncertain incremental benefits to OSHA of collecting the data” (84 FR 387). Moreover, in the preamble to the 2019 final rule, OSHA characterized information such as descriptions of workers' injuries and the body parts affected (Field F on Form 300, Field 16 on Form 301), as “quite sensitive,” and stated that public disclosure of this information under FOIA or through the OSHA Injury Tracking Application (ITA) would pose a risk to worker privacy. It added that “although OSHA believes data from Forms 300 and 301 would be exempt from disclosure under FOIA exemptions, OSHA is concerned that it still could be required by a court to release the data” (84 FR 383).
As noted in the preamble to the proposed rule for this rulemaking, however, OSHA has determined those bases for the removal of the 300 and 301 data submission requirement are no longer compelling. As to the risk to employee privacy, OSHA preliminarily determined that the proposed data collection would adequately protect information that could reasonably be expected to identify individuals directly, such as name and address, with multiple layers of protection. Of particular importance, OSHA explained that improvements in technology have decreased the resources needed by the agency to collect, analyze, and publish data from Forms 300 and 301 (87 FR 18538). In addition, OSHA noted the 2019 final rule took an overly expansive view of the term “personally identifiable information” and preliminarily determined that the 2019 final rule’s position on such information was at odds with the agency’s usual practice of regularly releasing such data (87 FR 18539).1
A number of commenters expressed concern about OSHA’s reasoning for the collection and publication of Forms 300 and 301 data in the preamble to the proposed rule (e.g., Docket ID 0038, 0058, 0059, 0072, 0088, 0091). For example, NPGA argued that OSHA should evaluate the data it already collects from industries listed in appendix A to determine whether additional information collection will further workplace safety (Docket ID 0050). As discussed extensively above in Section III.B.4 of this Summary and Explanation, OSHA has evaluated and used the 300A data it collects and anticipates that many workplace safety and health benefits will flow from the collection of the case-specific data that will be submitted by establishments pursuant to final 1904.41(a)(2).
Other commenters focused on whether OSHA had adequately explained its change of opinion on whether the risk of collecting and publishing Form 300 and 301 data outweighs the benefits to worker safety and health. For example, the American Feed Industry Association (AFIA), the Coalition for Workplace Safety, and the Flexible Packaging Association all expressed disagreement with OSHA’s determination that the significant benefits of collecting establishment-specific, case-specific data from the 300 and 301 forms outweigh the slight risk to employee privacy (Docket IDs 0038, 0058, 0091). On the other hand, the National Council for Occupational Safety and Health noted that OSHA needs “workplace injury and illness information … to work effectively,” and that it is “unlike almost any other government agency in charge of protecting public safety” in not receiving it already (Docket ID 0048).
As discussed above, OSHA believes it has good reasons to collect and publish information from the covered establishments’ Forms 300 and 301 (see Section III.B.4 of this Summary and Explanation). And, as to the risk to employee privacy, OSHA has determined that it can implement multiple layers of protection described above to protect such information that could reasonably be expected to identify individuals directly, e.g., names and addresses. These protective measures include limiting the amount of information submitted by employers, reminding employers not to submit information that could reasonably be expected to identify individuals directly, withholding information from certain fields from publication, and using automated information technology to detect and remove any remaining information that could reasonably be expected to identify individuals directly. These measures will ensure that individual privacy is protected while key information on workplace hazards is disseminated to employees, employee representatives, and other interested parties. The following discussion explains how each layer of protection will help to ensure that individual privacy is protected.
In the proposed rule, OSHA stated that its first measure to prevent the release of information that could reasonably be expected to identify individuals directly is to not collect most of that information in the first place. Specifically, as discussed above and detailed in Section III.D of this Summary and Explanation, on § 1904.41(b)(9), the proposal explained to establishments that employers did not need to submit the following information: (1) from the Form 300 Log: the employee name column (column B) and (2) from the Form 301 Incident Report: the employee name (Field 1), employee address (Field 2), name of physician or other health care professional (Field 6), and facility name and address if treatment was given away from the worksite (Field 7). OSHA explained that, since this information would not be collected, there would be no risk of publication disclosure of the data in the fields (87 FR 18538).
Some interested parties submitted comments agreeing with OSHA’s logic on this point (e.g., Docket IDs 0030, 0063, 0064). For example, Worksafe supported the proposed omission of employee name and address, physician names, and treatment facilities from collection and publication to protect individual privacy (Docket ID 0063). And AIHA commented that if PII is not collected by OSHA, there would be no need to redact submitted information (Docket ID 0030). Based on this feedback, and as discussed further in Section III.D of this Summary and Explanation, the final rule, like the proposed rule, does not allow employers to submit the above information.
Again, as discussed in Section III.D of this Summary and Explanation, OSHA received comments from interested parties requesting that OSHA add other fields from Forms 300 and 301 to the list of fields which establishments are not required to submit under the final rule. These comments are addressed in detail in Section III.D, but OSHA also notes here that these interested parties’ true concerns appear to relate to whether OSHA can keep the collected data private (e.g., will OSHA have to release it in response to a FOIA request or otherwise release it accidentally, such as because an employee name or other direct employee identifier is contained in a narrative field) or whether the fields OSHA intends to release will allow third parties to indirectly identify employees. OSHA’s plan to mitigate each of these concerns is discussed in detail below. Thus, again as stated in the summary and explanation for § 1904.41(b)(9), the agency declines to add further fields to the list of fields from establishments’ Forms 300 and 301 which will not be collected under this final rule.
As discussed in the proposal, OSHA’s second measure to prevent the release of information that could reasonably be expected to identify individuals directly relates to system design (87 FR 18538). Specifically, the agency explained that it planned to design its data collection system to provide extra protections for the personal information that establishments would be required to submit under the proposal. For example, OSHA stated that although the proposal would require employers to submit the employee’s date of birth from Form 301 (Field 3), it planned to design the data collection system to immediately calculate the employee’s age based on the date of birth entered and then store only the employee’s age, not the employee’s date of birth. OSHA also indicated its intent to post reminders to establishments to omit from the text fields they submit any information that could reasonably be expected to identify individuals directly, including names, addresses, Social Security numbers, and any other identifying information (see 87 FR 18538).
In addition to these proposed system design solutions, OSHA included a question in the proposal asking: “What additional guidance could OSHA add to the instructions for electronic submission to remind employers not to include information that reasonably identifies individuals directly in the information they submit from the text-based fields on the OSHA Form 300 or Form 301?” (87 FR 18546). OSHA received a number of responses to this question. For example, AIHA commented, “The electronic forms that OSHA provides should be designed to automatically exclude personal identifiers with an option to include the fields if required. The import side of the electronic form data could also block the importation of these fields” (Docket ID 0030).
The Plastics Industry Association (PIA) commented that, although it does not believe the reminder would be “an acceptable remedy for inadequate software,” “[i]f OSHA were to proceed in this way…, OSHA should include the warning about not including personal identifiers in an online screen and require the submitter to click a confirmation that it has not included any personal identifiers before allowing the submitter to proceed to the data entry step.” PIA also stated that after the data entry is completed, the system should provide the employer with an opportunity to review the complete data submission, view how it would be presented to the public, and correct any inaccurate data or inadvertently included personal identifiers. After completing that step, PIA recommended that the submitter should have to click through a second screen that repeats the warning about not including personal identifiers and confirm that none were submitted before allowing the submitter to click on the final submit button. Finally, PIA said that “[b]efore requiring compliance with the contemplated data submission requirements for the OSHA Form 300 or Form 301 data, OSHA needs to have a qualified, independent body test and validate that the software, as integrated into the OSHA ITA, will reliably remove any personal identifiers” (Docket ID 0086).
OSHA thanks the commenters who responded to the specific question on additional instructions to employers on not submitting information that identifies individuals. OSHA intends to take commenters’ specific responses into account when designing the expanded collection system. Based on those comments, OSHA will include reminders in the instructions for the data collection system for employers not to submit information that could reasonably be expected to identify individuals directly. OSHA agrees that is an effective way to reduce the amount of identifiable information collected by the system. In turn, that will decrease the likelihood that such information will be published. OSHA has routinely used these types of instructions, such as when it requests comments from interested parties in rulemakings such as this one (see the section on “Instructions” above) and has found them to be an effective way to prevent the unintentional submission of information that could reasonably be expected to identify individuals directly.
Also, OSHA notes that the current ITA manual data entry option already includes a screen that provides establishments with an opportunity to review the complete data submission of Form 300A information and to make edits or corrections as appropriate. OSHA plans to gather additional information from similar data collection systems and incorporate best practices in the final design for the collection system for data from the Forms 300 and 301. Moreover, the Forms 300 and 301 themselves already include a box with the warning, “Attention: This form contains information relating to employee health and must be used in a manner that protects the confidentiality of employees to the extent possible while the information is being used for occupational safety and health purposes.” In addition, the Form 301 includes the warning, “Re [F]ields 14 to 17: Please do not include any personally identifiable information (PII) pertaining to worker(s) involved in the incident (e.g., no names, phone numbers, or Social Security numbers).” Fields 14-17 do not ask for information likely to implicate privacy concerns, rather, they request information related to the injury or illness and how it occurred. OSHA believes these warnings are adequate and does not believe it is practical to develop a system that would remove remaining information between an establishment’s draft and final electronic submissions. Such systems take time to run (see, e.g., Docket ID 0095), which would increase the time between employer submission (i.e., when the employer clicks on the ‘submit’ or ‘upload’ button) and employer receipt of confirmation of successful submission, potentially creating concerns about whether the submission system is working. OSHA therefore believes that it is more appropriate to identify and remove any information that could reasonably be expected to identify individuals directly after submission and before publication, rather than during submission. Moreover, OSHA thinks its plans to protect such data will adequately protect worker privacy without adding this additional, impractical, potentially expensive (adding additional functionality to system) step. Finally, as to system design, OSHA’s system will not allow establishments to enter the fields that are excluded from collection under § 1904.41(b)(9). As discussed in the proposal, OSHA’s third measure to prevent the release of information that could reasonably be expected to identify individuals directly is to withhold certain information that is submitted to it from public disclosure. As noted above, OSHA will not collect employees’ names from either form, and will not collect employees’ addresses or the names or addresses of healthcare providers from Form 301. However, the proposed rule would have required (and the final rule actually requires) submission of some fields that contain personal information, including date of birth (which will be converted to age) (Field 3), date hired (Field 4), gender (Field 5), whether the employee was treated in the emergency room (Field 8), and whether the employee was hospitalized overnight as an in-patient (Field 9) (see 87 FR 18539). OSHA proposed to collect that information, but not to make it public, and specifically requested comment on those proposals (see 87 at FR 18540).
OSHA received a number of comments, virtually all from employers and their representatives, expressing concern over the potential risk to employee privacy presented by the proposed collection and potential publication of information from Forms 300 and 301 that could reasonably be expected to identify individuals directly (e.g., Docket IDs 0055, 0056, 0057, 0062, 0070, 0075, 0087, 0090, 0094). For example, the Precision Machined Parts Association (PMPA) commented, the Form 300 contains sensitive information that may be released under FOIA or “through the inadvertent publication of information due to the agency’s reliance on automated de-identification systems to remove identifying information” or through the actions of “future administrations” (Docket ID 0055). The North American Die Casting Association (Docket ID 0056) and National Tooling and Machining Association and Precision Metalforming Association (Docket ID 0057) expressed similar concerns. Rep. Virginia Foxx (R-North Carolina) and Rep. Fred Keller (R-Pennsylvania) echoed that “there are no guarantees that this data may not be disclosed accidentally” (Docket ID 0062).
In contrast, commenters representing the workers whose injuries and illnesses are recorded on these forms did not share employers’ concerns about the potential publication of sensitive worker information. For example, the AFL-CIO stated that “The preamble to the 2016 final rule included a comprehensive review of privacy issues raised by interested parties in requiring the collection of detailed injury and illness data and the final language was crafted to provide safeguards to protect the release of personally identifiable information (PII).” It explained the NPRM “has also considered PII and includes the same safeguards as the 2016 final rule and discusses recent technological developments that increase the agency's ability to manage information” (Docket ID 0061 (citing 87 FR 18538-46)). In addition, AFL-CIO observed that the type of information that OSHA proposed to collect in this rulemaking “has already been shown by other agencies it can be collected and shared without violating confidentiality, such as by Mine Safety and Health Administration (MSHA)[, and a]ll data provided under the Freedom of Information Act and Form 300 and Form 301 provided to workers and their representatives upon request under § 1904.35 provide detailed injury and illness information without releasing PII.” In summary, AFL-CIO argued that “OSHA should maintain the same privacy safeguards in the rule it issued in 2016, also proposed in this preamble and used by other agencies to protect sensitive information” (Docket ID 0061).
Similarly, the National Nurses Union affirmed that the NPRM “includes appropriate procedures to allow electronic data reporting and publication while protecting worker privacy.” To support this statement, it specifically referenced OSHA’s “plans to instruct employers to omit the fields on Form 301 that include personal information about the worker” and the agency’s plan to use data analysis tools to ensure that published data does not include any personal data that employers may accidentally submit. NNU concluded that “[t]he multiple measures to remove identifying information in the final rule will ensure that workers’ privacy is protected while key information on workplace hazards is shared” (Docket ID 0064).
OSHA agrees with the latter commenters who stated that there are multiple measures in place to protect the privacy of individuals under this final rule. As discussed above, OSHA will not collect much of the information the commenters opposing this provision expressed concern about. In addition, the collection system will provide further safeguards and reminders. For example, OSHA will redact any identifying material from the portions of the forms it intends to publish (e.g., Fields 10 through 18 of Form 301).
Further, and as discussed in more detail below in Section III.B.7 of this Summary and Explanation, OSHA will withhold from publication all of the collected information on the left side of the Form 301 (i.e., employee age, calculated from date of birth (Field 3), employee date hired (Field 4), and employee gender (Field 5), as well as whether the employee was treated in emergency room (Field 8) and whether the employee was hospitalized overnight as an in-patient (Field 9)) that could indirectly identify injured or ill employees when combined with other potentially available information. As noted in the proposal, this decision is consistent with OSHA’s handling of FOIA requests, in response to which the agency does not release data from Fields 1 through 9.”
*****
“Proposed § 1904.41(b)(1)(ii) has not been included in the final rule; it is no longer necessary due to the restructuring of the final regulation. As discussed above, final § 1904.41(a)(1) relates only to the OSHA Form 300A, and final § 1904.41(a)(2) relates only to the OSHA Forms 300 and 301. This restructuring is expected to eliminate any confusion regarding whether an establishment might be required to submit information from its Form 300A twice. Therefore, there is only one question under final § 1904.41(b)(1), as opposed to the two that were proposed.
One commenter requested additional guidance related to how the submission requirements will work. S.W. Anderson Company asked for clearer guidance for companies in designated industries that have 100 employees across multiple sites. The company stated that “we have just reached the 100-employee threshold. We have previously only submitted electronically the OSHA 300A for our company headquarters since we have more than 20 employees. Our other locations all have less than 20 employees” (Docket ID 0008).
In response, OSHA clarifies that this final rule does not affect how employees are counted for recordkeeping or information submission purposes under part 1904. As OSHA states in reporting requirement FAQs on the agency’s Injury Tracking Application website (https://www.osha.gov/injuryreporting), OSHA’s electronic reporting requirements are based on the size of the establishment, not the firm. An establishment is a single physical location where business is conducted or where services or industrial operations are performed (see 29 CFR 1904.46). Therefore, under the facts described by this commenter, if the firm has only one establishment (the company’s headquarters) with more than 20 employees, that is the only establishment for which the commenter might need to submit injury and illness information. That single establishment would have to submit the required information from its Form 300A under final § 1904.41(a)(1)(i) if the establishment falls under a NAICS code listed in appendix A. The company would not, however, have to submit information from its Form 300 or 301 for that establishment, regardless of NAICS, because the establishment does not have at least 100 employees. More generally, OSHA plans to revise and expand the FAQs on its recordkeeping website as part of its compliance efforts related to this final rule.”
1 In this preamble, OSHA generally uses the phrases “information that could reasonably be expected to identify individuals directly” and “information that could reasonably be expected to identify individuals indirectly,” rather than the broader term “personally identifiable information” (PII) to aid interested parties in understanding precisely what type of information OSHA is referring to in the discussion. The information referred to in both phrases can be considered PII.
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
Author | Cannon, Belinda - OSHA |
File Modified | 0000-00-00 |
File Created | 2023-07-31 |