Status of State Plan Implementation of OSHA’s E-Recordkeeping Data Submission Rule

by Conn Maciel Carey LLP

OSHA’s Final Rule to “Improve Tracking of Workplace Injuries and Illnesses” (aka the E-Recordkeeping Rule) requires employers of  certain sizes that fall into certain categories to proactively submit electronic injury and illnesses data to OSHA through its new web portal – the “Injury Tracking Application.”  The new rule dramatically changes the responsibilities and impacts of OSHA’s long-standing injury and illness recordkeeping program.

Historically, unless OSHA opened an enforcement inspection at an employer’s workplace or the Bureau of Labor Statistics requested an employer to participate in its annual injury data survey, employers’ OSHA 300 Logs and related forms remained strictly in-house. Employers kept the data and their OSHA logs in their HR or Safety Department office, posted them internally for employees to view for a couple of months, used the data themselves to make decisions about how to reduce risk of injury and illness in their workplaces, and then stored the records in a cabinet or desk drawer for five years.  Now, OSHA’s new rule requires hundreds of thousands of employers to proactively submit these historically private records to OSHA, which in turn may publish the data online for all the world to see.

Key Changes in OSHA’s New Recordkeeping Rule

  1. All establishments with 250 or more employees (in industries not exempt from keeping injury logs) must submit to OSHA annually their injury and illness data from their OSHA 300 Logs, 301 Incident Reports, and 300A Annual Summaries.
  2. Establishments with 20-249 employees in certain so-called “high hazard industries” must each year submit information from their 300A Annual Summaries only.
  3. All of the submissions to OSHA must be made electronically, via a purportedly secure website.
  4. OSHA stated its original intent was to publish the data online, likely in a manner that is sortable, searchable, filterable, and as embarrassing to employers as possible.

Note however, in this first year of the rule, for the upcoming data submission of 2016 injury data to be made in calendar year 2017, all employers, irrespective of size, are only required to submit 300A Annual Summary data.

Deadline to Submit Data – A Moving Target

The deadline to submit data has been a topic of discussion, and there remains some uncertainty whether employers will be required to electronically submit injury and illness data.  On May 17, 2017, OSHA announced an indefinite suspension of the original July 1, 2017 deadline to submit injury and illness recordkeeping data through the electronic portal.  OSHA later published a Notice of Proposed Rulemaking on June 26, 2017 to extend the submission deadline to December 1, 2017.  Five days later, on August 1, 2017, OSHA launched the online ITA portal to receive recordkeeping data.  Although the proposed rule to extend the deadline has not been finalized, fed OSHA has expressed that it is not requiring employers to submit data until the December 1 deadline.

The rule and/or the deadline to submit data could be further impacted by another rulemaking OSHA is expected to initiate to revisit the rule, by the legal challenges already filed against the rule, or by the Congressional Appropriations process. Specifically, on September 14, 2017, the House Appropriations Committee just advanced a Department of Labor fiscal 2018 appropriations measure with a rider that precludes OSHA from spending any funds to implement or enforce the E-Recordkeeping Rule (H.R. 3354 – Gibbs Amendment).  For that to have any effect, the Senate would have to adopt the same rider, so we will have to continue to wait and see on that front.

Finally, the deadlines to submit may vary depending on the state where the individual workplace resides, as discussed below.

Implementation of E-Recordkeeping in State Plan States

One other area of uncertainty relates to State Plan States.  The data submission requirements under this rule are not corporate-wide.  Rather, they are tied to individual “establishments,” which is defined at 29. C.F.R. 1904.46 as “a single physical location where business is conducted or where services or industrial operations are performed.”  Accordingly, the new data submission rule requires a location-by-location determination about whether and what to report, based on the number of employees at each particular location (peak employment at any point during the year, including temporary and part time employees), whether that number meets one of the two threshold levels for reporting (i.e., 20 – 249 or 250+), and for the lower threshold, whether that establishment is in a covered high-hazard industry by NAICS code, and whether the state where the establishment is located has implemented the E-Recordkeeping Rule yet.

That last analysis depends on whether the establishment is located in a state that is covered by federal OSHA jurisdiction or is a state that operates its own federal OSHA-approved State OSH Program.  For establishments in fed OSHA states, the data from their 2016 300A reports are due by December 1st, and must be submitted electronically in fed OSHA’s ITA portal.  However, employers in state plan states may not have a data submission requirement yet.

The new rule requires all state-plan states to adopt the e-recordkeeping requirements, but fed OSHA has granted states some leeway in when they must start implementing the rule and how they may require submission of the data.  Because the state plan states have their own legislative or rulemaking processes, fed OSHA cannot require them to snap their fingers and instantly adopt a new fed OSHA rule.  OSHA has also explained that states may choose to allow employers with establishments in their state to use the federal OSHA ITA portal or to develop their own portal or process for data collection.

To date, several state plans have finalized OSHA’s E-Recordkeeping Rule, but several others have not, and some have not even initiated the legislative or rulemaking process yet.  For those states that do not adopt and finalize the e-recordkeeping requirements by December 1st, employers will not be required to submit data in those states.

Although it is unlikely that any state will choose to create an online portal to submit data, states do have the option to provide their own data collection sites.  OSHA’s website currently states that it “will provide further information and guidance as the States decide how to implement these new reporting requirements.”  Based on our research, many state plan states have already adopted OSHA’s E-Recordkeeping Rule and all of those have opted to use the federal portal.  However, many other state plan states have not even begun the process to adopt the Rule.

The Table below provides an overview of the current status of the law for all of the State OSH Programs, and whether, when and how employers with establishments in state plan states are required to submit electronic injury and illness data, as of now:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Conn Maciel Carey LLP | Attorney Advertising

Written by:

Conn Maciel Carey LLP

Conn Maciel Carey LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.