On August 1, 2017, the U.S. Occupational Safety and Health Administration (“OSHA”) launched the “Injury Tracking Application” for Electronic Submission of Injury and Illness Records to OSHA1 in an effort to comply with its electronic record-keeping rule. OSHA’s website offers three options for data submission: (1) users will be able to manually enter data into a web form; (2) users will be able to upload a CSV file to process single or multiple establishments at the same time; and (3) users of automated recordkeeping systems will have the ability to transmit data electronically via an API (application programming interface).
Shortly after the launch, OSHA temporarily suspended the Injury Tracking Application because of a purported security breach. On August 14, 2017, Homeland Security informed OSHA that the site’s user information was potentially compromised. OSHA restored the site after a technology scan confirmed there was no data breach in the application. OSHA indicated that it will continue its security monitoring.
Although no information in the ITA was compromised at this time, the breach is of particular concern to employers that may provide an employee’s private health information because such information could be vulnerable to exposure in the case of a future breach. Employers may find it necessary to take proactive measures to avoid providing information relating to their employees’ medical conditions, injuries, or illness.
In late June 2017, OSHA set December 1st as the compliance date for electronic data submission, delaying its previous compliance date. At present, there is no indication that the security breach will impact or further delay the current compliance date.
Proposed budget cuts further complicate the issue. The Trump administration has proposed $2.5 billion in cuts to the Department of Labor’s budget for fiscal year 2018. The proposed cuts will shrink the Department’s budget by 21 percent. It is unclear if the proposed cuts will impact implementation or upkeep of the Injury Tracking Application.
Despite the rocky rollout, employers should prepare for the December 1, 2017 Injury Tracking Application compliance deadline. Employers should also take steps to address any privacy concerns arising out of the security breach.