Safety and Health Records: Sword or Shield?

By Adele L. Abrams, Esq., CMSP

Safety and health professionals understand the significance of documentation. If training is not documented, then in the view of the Occupational Safety and Health Administration (OSHA), it never occurred. If safety and health audits are not documented, there is nothing tangible to benchmark future performance against, or to ensure timely correction of observed hazards. Failing to document root cause accident investigations, or the critical “near miss” experiences, can result in the loss of a learning opportunity to eliminate shortcuts and other behaviors that need correction in order to avoid injuries, illnesses and property damage in the future. If disciplinary actions are not properly documented, it will be hard to ascertain when an employee gets to “step two” of a progressive discipline system and can open the employer up to allegations of disparate treatment.

Of course, there are myriad other recordkeeping requirements that employments must fulfill to avoid being cited under relevant OSHA standards, including workplace inspection reports, equipment examinations, lockout/tagout procedures, permit-required confined space requirements, process safety management and injury/illness reports/records. In some cases, OSHA will issue citations as “serious” (or worse), while other times a paperwork violation is classified as a non-serious violation with minimal penalty. In extreme circumstances, egregious penalties can be used by OSHA (where the agency issues a separate citation and penalty per incident) for recordkeeping violations, which can not only result in heightened penalties but also places the employer under OSHA’s Severe Violators Enforcement Program for a minimum of three years.

When it comes to producing documents to OSHA, historically there have been distinctions between mandatory items (those required by specific standards or regulations) and non-mandatory documents (those prepared by the company for internal use, such as audits, discipline records, near miss reports, accident reports, voluntary air and noise sampling results, job safety analysis forms, safety and health policies and programs). In recent years, however, those lines have become blurred and documents that companies once prepared to use as a shield against OSHA liability are now being used by the agencies as a sword against employers, in some cases even heightening negligence findings and associated penalties.

A Precedent-Setting Ruling

In a 2011 insurance company case, Solis v. Grinnell Mutual Reinsurance Company, a U.S. District Court in Illinois upheld OSHA’s right to gain access to workers compensation correspondence and safety audits conducted by an insurance company of their insured’s premises. Grinnell argued that enforcing OSHA’s subpoena would have a “chilling effect” on businesses by allowing their insurers to conduct safety inspections and on insurers for conducting such inspections to determine risk of loss. The court rejected that argument, stating: “Assuming for the sake of argument that this is true, correcting that problem is a policy decision to be made somewhere other than in the federal courts.” Following that ruling, OSHA has been fairly aggressive in using its subpoena duces tecum powers to use administrative subpoenas as a method of obtaining documents prior to issuing citations, and using the information contained in such documents to enhance the negligence findings against the employer.

However, there has been some recent pushback. In 2013, a federal district court held that OSHA does not have authority to review an employer’s internal safety and health audits as part of a routine inspection, without first establishing an independent basis for believing that specific hazards exist. In Solis v. Grede Wisconsin Subsidiaries LLC, the court noted that there must be a balance between the employer’s privacy interests and OSHA’s investigatory interests. However, because OSHA has previously published guidance and policy that indicates it will not “routinely” request voluntary self-audit reports at the initiation of inspections, this raised the employer’s legitimate expectations of privacy in such documents—thereby requiring OSHA to have good cause to breach its policy.

Self-Audit Limits

As a bit of background, in July 2000, OSHA published its final policy concerning its right to access voluntary safety and health self-audits. It states:

“The policy provides that the Agency will not routinely request self-audit reports at the initiation of an inspection, and the Agency will not use self-audit reports as a means of identifying hazards upon which to focus during an inspection. In addition, where a voluntary self-audit identifies a hazardous condition, and the employer has corrected the violative condition prior to the initiation of an inspection (or a related accident, illness or injury that triggers the OSHA inspection) and has taken appropriate steps to prevent the recurrence of the condition, the Agency will refrain from issuing a citation, even if the violative condition existed within the six month limitations period during which OSHA is authorized to issue citations. Where a voluntary self-audit identifies a hazardous condition, and the employer promptly undertakes appropriate measures to correct the violative condition and to provide interim employee protection, but has not completely corrected the violative condition when an OSHA inspection occurs, the Agency will treat the audit report as evidence of good faith, and not as evidence of a willful violation of the Act.”

This is pretty critical because while OSHA wants to encourage companies to be proactive in inspecting and documenting hazards in the workplace—and to take prompt remedial action to correct such hazards—employers would be reluctant to do so (at least the documentation part) if they thought OSHA could then compel production of the audits via their administrative subpoena powers and use the documented hazards as the basis for writing up citations and imposing civil penalties.

Although the 2000 policy defined the term “self-audit” to include health and safety audits conducted for an employer by a third party, OSHA has eroded the “audit privilege” by using its powers to compel production of such third-party audits from safety and health professional consultants, as well as from insurance companies that often provide audits to their insured employers as part of their services. In one case, a third-party safety and health consultant’s reports and testimony were compelled via subpoena in an effort to sustain nearly $500,000 in penalties against a subcontractor.

An Employer Says “No”

In the latest case of Grede Wisconsin Subsidiaries, as OSHA conducted an inspection under one of its national emphasis programs (NEP), inspectors requested two years’ worth of safety and health audits. The employer refused, citing the OSHA policy and its constitutional rights. OSHA countered that the policy was not a “rule,” that it only sought the audits after “initiating” an inspection (as opposed to using the audits as the basis for the inspection) and that, based on the employer’s previous violations and those discovered during the current inspection, its exercise of subpoena power satisfied the Fourth Amendment (which protects against unreasonable search and seizure).

In its Grede Wisconsin decision, the court forced OSHA to return to its original policy, noting that once such a “reasonable expectation of privacy” in self-audits has been created, it would violate the Fourth Amendment to compel production of these through a subpoena. However, “once OSHA identifies an independent basis to believe that a specific safety or health hazard warranting investigation exists, its broad subpoena powers in the area of health and safety in the workplace” authorize OSHA to use a subpoena for “relevant portions of voluntary self-audit reports relating to the hazard.”

Limited Powers

Therefore, a subpoena cannot be used to go on a wholesale fishing expedition, but simply will be limited to those specific items that are on OSHA’s radar. In those situations, if an audit reveals that the employer had prior knowledge of the specific hazards and failed to implement timely corrective action, OSHA will likely be able to sustain any violations as “willful” (meaning they could be subject to the maximum $70,000 civil penalty per citation). Moreover, where willful citations are sustained in a case arising from a NEP (such as the current ones on lockout/tagout, process safety management and combustible dust, among others), the employer can be placed under the OSHA Severe Violators Enforcement Program, which then leads to many other U.S. worksites under that employer receiving an OSHA inspection.

If a subpoena is issued by OSHA, this could be a signal that a significant case ($100,000 or more in penalties) is forthcoming. Counsel should be involved to determine if the subpoena can be quashed in whole or part, or whether a protective order is possible. Any responsive documents should be reviewed carefully to determine if, in fact, they are “shield” or “sword” and the employer can then make an educated decision on how to proceed.

About the Author

Adele L. Abrams, Esq., CMSP is president of the Law Office of Adele L. Abrams PC. Learn more by visiting