New OSHA Final Rule Underscores the Risk Around Incident Reporting

While the rule states that OSHA does not intend to post information that could be used to identify specific employees, we will undoubtedly hear from organizations that feel providing this data to OSHA and the public is unfair, that the data will be used out of context, and that it will expose personal employee data. We will also hear opposing views of how they feel this rule will push organizations to be safer and more transparent.

With parts of this rule becoming effective as early as August 10, 2016, a major challenge for businesses will be quickly ensuring that they have  “reasonable” incident management procedures in place. Besides being “reasonable”, the new rule states that the procedure must “not deter or discourage employees from reporting” and that it must incorporate “the existing statutory prohibition on retaliating against employees for reporting work-related injuries or illnesses.”

During the incident management process, businesses should consider gathering further context surrounding incidents and illnesses. Businesses will likely be challenged by potentially incomplete information found in the searchable OSHA incident reports. If incomplete information can be used against an organization during contract negotiations, by media sources, or in lawsuits, it would be proactive for organizations to identify new risks surrounding incidents and illnesses to fill in the blanks before the public makes up its mind without all the facts.

To comply with this rule, organizations that do not have a managed, structured process for incidents will need to develop or enhance their incident management programs. Other organizations will need to review and modify their existing incident management programs to comply with the new regulation in a timely manner and to supplement the public with more information (while maintaining privacy and other requirements). More strategic organizations will press on to develop incident management processes that are integrated with their risk management processes. Regardless of where your incident management program falls on this continuum, with the information soon becoming public, organizations must manage the risk around this information sharing or potentially suffer costly consequences.

Related Articles

Shutdown makes business riskier

Shutdown makes business riskier

Learn how the government shutdown affected business and the countermeasures needed to address the risk to remedy the situation.