Section R614-1-10 - Rules of Agency Practice and Procedure Concerning UOSH Access to Employee Medical RecordsA . Policy. UOSH access to employee medical records will in certain circumstances be important to the agency's performance of its statutory functions. Medical records, however, contain personal details concerning the lives of employees. Due to the substantial personal privacy interests involved, UOSH authority to gain access to personally identifiable employee medical information will be exercised only after the agency has made a careful determination of its need for this information and only with appropriate safeguards to protect individual privacy. Once this information is obtained, UOSH examination and use of it will be limited to only that information needed to accomplish the purpose for access. Personally identifiable employee medical information will be retained by UOSH only for so long as needed to accomplish the purpose for access, will be kept secure while being used, and will not be disclosed to other agencies or members of the public except in narrowly defined circumstances. This section establishes procedures to implement these policies.
B. Scope and Application. 1. Except as provided in paragraphs B.6. through 10. below, this rule applies to all requests by UOSH personnel to obtain access to records in order to examine or copy personally identifiable employee medical information, whether or not pursuant to the access provision of 29 CFR 1910.1020(e).2. For the purpose of this rule, "employer" means a current employer, a former employer, or a successor employer.3. For the purposes of this rule, "personally identifiable employee medical information" means employee medical information accompanied by either direct identifiers (name, address, social security number, payroll number, etc.) or by information which could reasonably be used in the particular circumstances indirectly to identify specific employees (e.g., exact age, height, weight, race, sex, date of initial employment, job title, etc.).4. For the purpose of this rule, "record" means any item, collection, or grouping of information regardless of the form or process by which it is maintained (e.g., paper document, electronic document, microfiche, microfilm, X-ray film, or automated data processing).5. Specific written consent.a. For the purpose of this rule, "specific written consent" means written authorization containing the following:(1) The name and signature of the employee authorizing the release of medical information;(2) The date of the written authorization;(3) The name of the individual or organization that is authorized to release the medical information;(4) The name of the designated representative (individual or organization) that is authorized to receive the released information;(5) A general description of the medical information that is authorized to be released;(6) A general description of the purpose for the release of medical information; and(7) A date or condition upon which the written authorization will expire (if less than one year).b. A written authorization does not operate to authorize the release of medical information not in existence on the date of written authorization, unless this is expressly authorized, and does not operate for more than one year from the date of written authorization.c. A written authorization may be revoked in writing at any time.6. This rule does not apply to UOSH access to, or the use of, aggregate employee medical information or medical records on individual employees which is not in a personally identifiable form.7. This rule does not apply to records required by 29 CFR 1904, to death certificates, or to employee exposure records, including biological monitoring records, as defined by 29 CFR 1910.1020(c)(5), or by specific occupational safety and health standards as exposure records.8. This rule does not apply where CSHOs conduct an examination of employee medical records solely to verify employer compliance with the medical surveillance recordkeeping requirements of an occupational safety and health standard, or with 29 CFR 1910.1020. An examination of this nature shall be conducted on-site and, if requested, shall be conducted under the observation of the record holder. CSHOs shall not record and take off-site any information from medical records other than documentation of the fact of compliance or non-compliance. 9 . This rule does not apply to agency access to, or the use of, personally identifiable employee medical information obtained in the course of litigation. 10. This rule does not apply where a written directive by the administrator authorizes appropriately qualified personnel to conduct limited reviews of specific medical information mandated by an occupational safety and health standard, or of specific biological monitoring test results.11. Even if not covered by the terms of this rule, all medically related information reported in a personally identifiable form shall be handled with appropriate discretion and care befitting all information concerning specific employees. There may, for example, be personal privacy interests involved which militate against disclosure of this kind of information to the public.C . Responsible Persons. 1 . Administrator. The administrator shall be responsible for the overall administration and implementation of the procedures contained in this rule, including making final UOSH determinations concerning: a . Access to personally identifiable employee medical information, andb . Inter-agency transfer or public disclosure of personally identifiable employee medical information.2 . UOSH medical records officer. The administrator shall designate a UOSH official with experience or training in the evaluation, use, and privacy protection of medical records to be the UOSH medical records officer. The UOSH medical records officer shall report directly to the administrator on matters concerning this section and shall be responsible for:a . Making recommendations to the administrator as to the approval or denial of written access orders;b . Assuring that written access orders meet the requirements of paragraphs D.2. and 3. of this rule;c . Responding to employee, collective bargaining agent, and employer objections concerning written access orders;d . Regulating the use of direct personal identifiers;e . Regulating internal agency use and security of personally identifiable employee medical information;f . Assuring that the results of agency analyses of personally identifiable medical information are, where appropriate, communicated to employees;g . Preparing an annual report of UOSH's experience under this rule; andh . Assuring that advance notice is given of intended inter-agency transfers or public disclosures.3 . Principal UOSH investigator. The principal UOSH investigator shall be the UOSH employee in each instance of access to personally identifiable employee medical information who is made primarily responsible for assuring that the examination and use of this information is performed in the manner prescribed by a written access order and the requirements of this section. When access is pursuant to a written access order, the principal UOSH investigator shall be professionally trained in medicine, public health, or allied fields (epidemiology, toxicology, industrial hygiene, biostatistics, environmental health, etc.).D . Written Access Orders. 1. Requirement for written access order. Except as provided in paragraph D.4. below, each request by a UOSH representative to examine or copy personally identifiable employee medical information contained in a record held by an employer or other record holder shall be made pursuant to a written access order which has been approved by the administrator upon the recommendation of the UOSH medical records officer. If deemed appropriate, a written access order may constitute, or be accompanied by an administrative subpoena.2. Approval criteria for written access order. Before approving a written access order, the administrator and the UOSH medical records officer shall determine that:a. The medical information to be examined or copied is relevant to a statutory purpose and there is a need to gain access to this personally identifiable information;b. The personally identifiable medical information to be examined or copied is limited to only that information needed to accomplish the purpose for access; andc. The personnel authorized to review and analyze the personally identifiable medical information are limited to those who have a need for access and have appropriate professional qualifications.3. Content of written access order. Each written access order shall state with reasonable particularity:a. The statutory purposes for which access is sought;b. A general description of the kind of employee medical information that will be examined and why there is a need to examine personally identifiable information;c. Whether medical information will be examined on-site, and what type of information will be copied and removed off-site;d. The name, address, and phone number of the principal UOSH investigator and the names of any other authorized persons who are expected to review and analyze the medical information;e. The name, address, and phone number of the UOSH medical records officer; andf. The anticipated period of time during which UOSH expects to retain the employee medical information in a personally identifiable form.4. Special situations. Written access orders need not be obtained to examine or copy personally identifiable employee medical information under the following circumstances:a. Specific written consent. If specific written consent of an employee is obtained pursuant to 29 CFR 1910.1020(e)(2)(ii), and the agency or an agency employee is listed on the authorization as the designated representative to receive the medical information, then a written access order need not be obtained. Whenever personally identifiable employee medical information is obtained through specific written consent and taken off-site, a principal UOSH investigator shall be promptly named to assure protection of the information, and the UOSH medical records officer shall be notified of this person's identity. The personally identifiable medical information obtained shall thereafter be subject to the use and security requirements of paragraphs UAC R614-1-10.H. and I.b. Physician consultations. A written access order need not be obtained where a UOSH staff or contract physician consults with an employer's physician concerning an occupational safety or health issue. In a situation of this nature, the UOSH physician may conduct on-site evaluation of employee medical records in consultation with the employer's physician, and may make necessary personal notes of his or her findings. No employee medical records however, shall be taken off-site in the absence of a written access order or the specific written consent of an employee, and no notes of personally identifiable employee medical information made by the UOSH physician shall leave his or her control without the permission of the UOSH medical records officer. E . Presentation of Written Access Order and Notice to Employees. 1 . The principal UOSH investigator, or someone under his or her supervision, shall present at least two (2) copies each of the written access order and an accompanying cover letter to the employer prior to examining or obtaining medical information subject to a written access order. At least one copy of the written access order shall not identify specific employees by direct personal identifier. The accompanying cover letter shall summarize the requirements of this section and indicate that questions or objections concerning the written access order may be directed to the principal UOSH investigator or to the UOSH medical records officer.2 . The principal UOSH investigator shall promptly present a copy of the written access order (which does not identify specific employees by direct personal identifier) and its accompanying cover letter to each collective bargaining agent representing employees whose medical records are subject to the written access order.3 . The principal UOSH investigator shall indicate that the employer must promptly post a copy of the written access order which does not identify specific employees by direct personal identifier, as well as post its accompanying cover letter.4 . The principal UOSH investigator shall discuss with any collective bargaining agent and with the employer the appropriateness of individual notice to employees affected by the written access order. Where it is agreed that individual notice is appropriate, the principal UOSH investigator shall promptly provide to the employer an adequate number of copies of the written access order (which does not identify specific employees by direct personal identifier) and its accompanying cover letter to enable the employer either to individually notify each employee or to place a copy in each employee's medical file.F . Objections Concerning a Written Access Order. All employees, collective bargaining agents, and employer written objections concerning access to records pursuant to a written access order shall be transmitted to the UOSH medical records officer. Unless the agency decides otherwise, access to the record shall proceed without delay notwithstanding the lodging of an objection. The UOSH medical records officer shall respond in writing to each employee's and collective bargaining agent's written objection to UOSH access. Where appropriate, the UOSH medical records officer may revoke a written access order and direct that any medical information obtained by it be returned to the original record holder or destroyed. The principal UOSH investigator shall assure that such instructions by the UOSH medical records officer are promptly implemented.G . Removal of Direct Personal Identifiers. Whenever employees' medical information obtained pursuant to a written access order is taken off-site with direct personal identifiers included, the principal UOSH investigator shall, unless otherwise authorized by the UOSH medical records officer, promptly separate all direct personal identifiers from the medical information, and code the medical information and the list of direct identifiers with a unique identifying number of each employee. The medical information with its numerical code shall thereafter be used and kept secured as though still in a directly identifiable form. The principal UOSH investigator shall also hand deliver or mail the list of direct personal identifiers with their corresponding numerical codes to the UOSH medical records officer. The UOSH medical records officer shall thereafter limit the use and distribution of the list of coded identifiers to those with a need to know its contents. H. Internal Agency Use of Personally Identifiable Employee Medical Information. 1. The principal UOSH investigator shall in each instance of access be primarily responsible for assuring that personally identifiable employee medical information is used and kept secured in accordance with this section.2. The principal UOSH investigator, the UOSH medical records officer, the administrator, and any other authorized person listed on a written access order may permit the examination or use of personally identifiable employee medical information by agency employees and contractors who have a need for access, and appropriate qualifications for the purpose for which they are using the information. No UOSH employee or contractor is authorized to examine or otherwise use personally identifiable employee medical information unless so permitted.3. Where a need exists, access to personally identifiable employee medical information may be provided to attorneys in the Utah Office of the Attorney General (AG's Office), and to agency contractors who are physicians or who have contractually agreed to abide by the requirements of this section and implementing agency directives and instructions.4. UOSH employees and contractors are only authorized to use personally identifiable employee medical information for the purposes for which it was obtained, unless the specific written consent of the employee is obtained as to a secondary purpose, or the procedures of UAC R614-1-10.D. through G. are repeated with respect to the secondary purpose.5. Whenever practicable, the examination of personally identifiable employee medical information shall be performed on-site with a minimum of medical information taken off-site in a personally identifiable form.I. Security Procedures. 1. Agency files containing personally identifiable employee medical information shall be segregated from other agency files. When not in active use, files containing this information shall be kept secured in a locked cabinet or vault.2. The UOSH medical records officer and the principal UOSH investigator shall each maintain a log of uses and transfers of personally identifiable employee medical information and lists of coded direct personal identifiers, except as to necessary uses by staff under their direct personal supervision.3. The photocopying or other duplication of personally identifiable employee medical information shall be kept to the minimum necessary to accomplish the purposes for which the information was obtained.4. The protective measures established by this rule apply to all worksheets, duplicate copies, or other agency documents containing personally identifiable employee medical information.5. Intra-agency transfers of personally identifiable employee medical information shall be by hand delivery, United States mail, or equally protective means. Inter-office mailing channels shall not be used.J. Retention and Destruction of Records.1 . Consistent with UOSH records disposition programs, personally identifiable employee medical information and lists of coded direct personal identifiers shall be destroyed or returned to the original record holder when no longer needed for the purposes for which they were obtained.2 . Personally identifiable employee medical information which is currently not being used actively but may be needed for future use shall be transferred to the UOSH medical records officer. The UOSH medical records officer shall conduct an annual review of all centrally-held information to determine which information is no longer needed for the purposes for which it was obtained.K . Results of an Agency Analysis Using Personally Identifiable Employee Medical Information. The UOSH medical records officer shall, as appropriate , assure that the results of an agency analysis using personally identifiable employee medical information are communicated to the employees whose personal medical information was used as a part of the analysis.
L . Annual Report. The UOSH medical records officer shall on an annual basis review UOSH's experience under this section during the previous year, and prepare a report to the administrator which shall be made available to the public. This report shall discuss: 1 . The number of written access orders approved and a summary of the purposes for access;2 . The nature and disposition of employee, collective bargaining agent, and employer written objections concerning UOSH access to personally identifiable employee medical information; and3 . The nature and disposition of requests for inter-agency transfer or public disclosure of personally identifiable employee medical information.M . Inter-Agency Transfer and Public Disclosure. 1 . Personally identifiable employee medical information shall not be transferred to another agency or office outside of UOSH (other than to the AG's Office) or disclosed to the public (other than to the affected employee or the original record holder) except when required by law or when approved by the administrator.2 . Except as provided in paragraph M.3. below, the administrator shall not approve a request for an inter-agency transfer of personally identifiable employee medical information, which has not been consented to by the affected employees, unless the request is by a public health agency which: a . Needs the requested information in a personally identifiable form for a substantial public health purpose;b . Will not use the requested information to make individual determinations concerning affected employees which could be to their detriment;c . Has regulations or established written procedures providing protection for personally identifiable medical information substantially equivalent to that of this section; andd . Satisfies an exemption to the Government Records Access and Management Act (GRAMA) to the extent that the GRAMA applies to the requested information (See Part 2, Access to R ecords , of U tah Code Ann. Title 63G, Chapter 2).3 . Upon the approval of the administrator, personally identifiable employee medical information may be transferred to:a . The National Institute for Occupational Safety and Health (NIOSH) andb . The AG's Office when necessary with respect to a specific action under the Utah OSH Act. 4. The administrator shall not approve a request for public disclosure of employee medical information containing direct personal identifiers unless there are compelling circumstances affecting the health or safety of an individual.5. The administrator shall not approve a request for public disclosure of employee medical information which contains information which could reasonably be used indirectly to identify specific employees when the disclosure would constitute a clearly unwarranted invasion of personal privacy.6. Except as to inter-agency transfers to NIOSH or the AG's Office, the UOSH medical records officer shall assure that advance notice is provided to any collective bargaining agent representing affected employees and to the employer on each occasion that UOSH intends to either transfer personally identifiable employee medical information to another agency or disclose it to a member of the public other than to an affected employee. When feasible, the UOSH medical records officer shall take reasonable steps to assure that advance notice is provided to affected employees when the employee medical information to be released or disclosed contains direct personal identifiers.Utah Admin. Code R614-1-10
Amended by Utah State Bulletin Number 2020-02, effective 12/23/2019