OSHA Updates Rules Concerning Medical Records Access
- #data protection
In the July 30, 2020 edition of the Federal Register, the Occupational Safety and Health Administration (OSHA) issued a final rule revising its procedures for accessing employee medical records. The purpose of this final rule is to shift the authority to approve written medical access orders from the OSHA Assistant Secretary to an OSHA Medical Records Officer (MRO) and make the MRO responsible for approving interagency transfer and public disclosure. This final rule went into effect on July 30, 2020.
This rulemaking action revises OSHA procedures concerning agency access to employee medical records to:
- replaces the term “written access order” with the term “medical access order” (MAO) and clarifies that MOAs are not themselves subpoenas and must be accompanied by a subpoena to compel production of medical records;
- transfers responsibilities from the Assistant Secretary to the OSHA MRO, makes the MRO responsible for authorizing interagency transfer, and allows the MRO to issue written directives allowing OSHA to review information without a MAO;
- introduce measures to protect electronically stored medical records from unauthorized access and implements safeguards to protect against data breaches; and,
- eliminate the requirement to remove direct personal identifiers from medical records.
Sources:OSHA Final Rule, Rules of Agency Practice and Procedure Concerning Occupational Safety and Health Administration Access to Employee Medical Records (July 30, 2020).
Red-on-line provides personalized regulatory monitoring to help you to maintain compliance with changing EHS regulations. Click here to learn more about our software and regulatory update services, and to subscribe to our regulatory update newsletter.