OSHA Records FOIA

Two different “record†buckets

A lot of confusion comes from mixing up employer-required records with OSHA case records. They are related, but they are not the same.

• Employer records: injury/illness logs (when required), training records, inspections, maintenance, JSAs, policies, and internal investigations.
• OSHA records: the inspection file (notes, photos, measurements, statements), citation documents, and enforcement correspondence.

Tip: Before you “request records,†be clear which bucket you actually mean—employer documentation vs. OSHA’s inspection file.

What employers are commonly required to keep (recordkeeping basics)

Many employers must maintain OSHA injury and illness records under OSHA’s recordkeeping rules (29 CFR Part 1904), with specific exemptions and requirements depending on company size and industry.

• Recording work-related injuries/illnesses (when covered)
• Posting annual summaries (when required)
• Reporting certain severe events to OSHA within required timeframes
• Providing records to authorized government representatives under the rule

Recording or reporting an incident does not automatically mean fault, a violation, or compensability—it is a reporting system.

What FOIA is (plain English)

FOIA is a federal process that allows people to request certain agency records. OSHA processes FOIA requests, but not every record is always releasable in full. Releases often involve redactions to protect privacy, trade secrets, or other protected information.

• FOIA request: a written request for agency records
• Redaction: removing protected information before release
• Timing: responses can depend on scope, processing queues, and whether a case is active

Confidentiality: what people usually mean

“Confidentiality†is not one thing. It usually refers to three different concerns:

• Personal privacy: employee medical details, identifiers, and sensitive personal information
• Trade secrets / proprietary info: confidential business information, processes, formulas, designs
• Case integrity: some materials may be restricted while an investigation or enforcement action is ongoing

Practical point: assume some information will be shared internally within OSHA during review, but external release can be limited, delayed, or redacted.

What an employer can do during an inspection to protect sensitive info

Employers should have a simple, calm process for handling document requests and identifying sensitive material. The goal is not to “hide†information—it is to handle it correctly.

• Assign a point of contact to receive requests and track what was provided
• Keep a copy of everything provided to OSHA
• Organize requested documents (avoid “dumping†unrelated files)
• Clearly label truly proprietary materials as confidential business information (when appropriate)
• Avoid speculation; provide factual records and clear answers

Vignettes

Strong practice: Casey moved into a new safety role from a prior employer and brings a simple record-handling routine. When OSHA requests documents, Casey logs what was provided, supplies clean copies, and flags truly proprietary process documents for appropriate handling. The company stays organized and consistent.

Cautionary practice: Casey previously worked at a site where record requests were treated as a scramble. This time, supervisors email files randomly, hand over incomplete logs, and share sensitive details without tracking what was provided. Confusion grows, and the company later can’t reconstruct what OSHA actually received.