In 1980 OSHA promulgated rules governing access to and maintenance of employee medical records (29 C.F.R. sec. 1910.20, Access to employee exposure and medical records). (The following discussion omits citations to specific statutory language.) Although directed at managing medical information, these regulations define the scope of occupational medicine practice through their expansive definition of workplace-related medical information. These rules were written for records maintained in a company- based occupational medicine department, but they specifically include nonemployee physicians and clinics that provide occupational medical services. Any physician who treats workplace-related injuries or illnesses or does preplacement or work fitness evaluations is subject to these regulations.

OSHA promulgated the rules to:

1. Ensure employees, their representatives, and OSHA access to the employees’ medical records.

2. Require employers to supply medical care providers sufficient information about toxic exposures to allow the treatment and long- term evaluation of exposed employees.

3. Create a way for medical care providers to report potential hazardous exposures to OSHA without violating the employer’s trade secrets.

4. Ensure that employee medical records are maintained for a sufficient period (30 years after the termination of employment) to allow the monitoring of conditions with long latency.

These rules are directed at employers rather than medical care providers. The employer is expected to see that the medical care personnel follow the rules, and it is the employer that is subject to administrative sanctions if the rules are not followed. Physicians employed in a company occupational medicine department that does not comply with the rules may be subject to sanctions as company representatives. Nonemployee physicians may be subject to sanctions if they contractually accept the responsibility for maintaining employee medical information. This can become a problem if the employer goes out of business without arranging for an orderly transition in responsibility for the employees’ medical information. An abrupt termination of business may leave the physician with the duty and financial responsibility to maintain the records or transfer them properly.

OSHA clearly intended these rules to supplement, rather than replace, traditional practices: “Except as expressly provided, the rules do not affect existing legal and ethical obligations concerning the maintenance and confidentiality of employee medical information, the duty to disclose information to a patient/employee or any other aspect of the medical-care relationship, or affect existing legal obligations concerning the protection of trade secret information.” The rules do not pose any ethical problems beyond those already inherent in occupational medicine practice. In the case of providing access to trade secret information, they help resolve an existing ethical dilemma.