HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

OSHA Compliance Checklist

This article includes a summary of the Occupational Safety and Health Act of 1970 and an OSHA compliance checklist that can be used by employers when conducting self-assessments of safety and health policies, administration and reporting procedures, and compliance with workers´ rights.

Due to the wide-ranging scope of the Occupational Safety and Health Act, this article focuses on the standards of the Act applicable to general industry with an emphasis on the healthcare industry. For this reason, our OSHA compliance checklist omits some standards that may not relate directly to medical facilities and dental surgeries.

What is the Occupational Safety and Health Act?

The Occupational Safety and Health Act, commonly known as the OSH Act or OSHA (29 U.S.C. §§ 651 to 678) was signed into law on December 29, 1970, by President Nixon with the aim of improving workplace safety and health in the private sector and in federal government.

The OSH Act requires employers to provide a working environment free from recognized hazards – or – if the hazards cannot be eliminated, measures must be implemented to mitigate the risk of death, injury, or illness. The Act also increases workers´ rights and empowers the Occupational Safety and Health Administration to take enforcement action against non-compliant employers.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The Occupational Safety and Health Act protects the safety and health of all workers in the U.S. except self-employed workers, family members of farm employees, and employees of businesses and organizations regulated by another federal agency – for example, the Mine Safety and Health Administration, the Department of Energy, or the Coast Guard.

Where the Occupational Safety and Health Act Applies

Although a federal law, the OSH Act can be pre-empted by another federal law or by state laws that are equally or more effective at protecting employees against work-related deaths, injuries, and illnesses. There are currently twenty-two locations in which “State Plans” pre-empt the OSH Act, plus a further six locations in which State Plans cover public employees only. In these six locations, the federal OSH Act applies to all private businesses not regulated by another federal agency. Businesses covered by State Plans will need to compile a state-specific OSHA compliance checklist.

How OSHA Applies States
State Plan Covering Private, State, Local Government Alaska, Arizona, California, Hawaii, Indiana, Iowa, Kentucky, Nevada, Maryland, Michigan, Minnesota, New Mexico, North Carolina, Oregon, Puerto Rico, South Carolina, Tennessee, Utah, Vermont, Virginia, Washington, and Wyoming,
State Plan Covering State/Local Government Only Connecticut, Illinois, Maine, New Jersey, New York, and the U.S. Virgin Islands
Federal OSHA States Alabama, American Samoa, Arkansas, Colorado, Delaware, District of Columbia, Florida, Georgia, Guam, Idaho, Kansas, Louisiana, Massachusetts, Mississippi, Montana, Nebraska, New Hampshire, Northern Mariana Islands, North Dakota, Ohio, Oklahoma, Pennsylvania, Rhode Island, South Dakota, Texas, West Virginia, and Wisconsin

Requirements of the Occupational Safety and Health Act

Since the passage of the OSH Act, the Occupational Safety and Health Administration has developed thousands of standards that cover – and apply to – most types of working environment. Due to there being unique risks and hazards in the agriculture, construction, and maritime industries, businesses in these industries have separate sets of standards. All other businesses covered by the OSH Act are required to comply with the standards for general industry where applicable.

For businesses in the general industry category, although there is no “one-size-fits-all” OSHA compliance checklist, the standards developed as a consequence of the OSHA Act require employers to:

  • Identify safety and health hazards and reduce risk to a low and acceptable level
  • Inform employees about safety and health risks in the workplace
  • Notify employees of OSHA citations, injury, and illness data
  • Provide training to employees to allow them to work safely and avoid hazards
  • Provide personal protective equipment to workers (when necessary) at no cost
  • Maintain records of accidents and work-related injuries, illnesses, and deaths
  • Notify OSHA of any workplace fatality, hospitalization, or serious workplace injury
  • Ensure employees do not face retaliation or discrimination for exercising their rights under the OSH Act.

In addition to complying with the specific standards of the OSH Act, employers are required to comply with a General Duty clause. This clause exists as a “catchall” for risks that may not be specifically mentioned in the standards but present a risk to employees´ safety and health. Examples of risks that would be covered by the OSHA General Duty clause include working environments that could aggravate an existing health condition and workplace violence.

Specific Standards for Healthcare Organizations to be Aware Of

While many general industry standards are by their nature “general” (for example, providing handrails for stairways and hand washing facilities in bathrooms), there are also standards that organizations in the healthcare industry need to be particularly aware of as these may have to be complied with alongside other industry regulations such as the physical safeguards of the HIPAA Security Rule and CMS´ Emergency Preparedness Rule. These include:

  • The Hazard Communication Standard – Inform employees about hazardous substances, how to protect against exposure, and what to do if exposed.
  • The Bloodborne Pathogens Standard (as amended by the Needlestick Safety and Prevention Act) – Minimize the risk of exposure to bloodborne pathogens and maintain a Sharps Injury Log.
  • The Personal Protective Equipment Standard – Ensure appropriate personal protective equipment is available to employees to protect against workplace hazards.
  • The Fire Prevention Plan Standard – Implement a fire safety plan and fire response procedures which also comply with HIPAA and CMS´ Emergency Preparedness requirements.
  • The Ionization Radiation Standard – Ensure restricted-area exposure remains within OSHA-defined limits and reduce risks in all non-restricted areas.

Throughout the COVID-19 pandemic, the SARS-CoV-2 virus has been the biggest safety and health threat to employees in the healthcare industry. In November 2021 published an emergency temporary standard with prevention and control of exposure to the virus prioritized. An enforcement initiative was launched that targeted employers who have not made a good faith effort to protect employees from exposure to the SARS-CoV-2 virus in the workplace.

Although the courts issued staying orders on enforcement action – and the Occupational Safety and Health Administration subsequently withdrew the emergency temporary standard – the standard remains in place as a proposal for a permanent standard. Furthermore, some State Plans that adopted measures to prevent and control exposure to the SARS-CoV-2 have not withdrawn their emergency temporary standards; and, in these states, some measures still remain in force.

Workers´ Rights Under the OSH Act

The OSH Act gives workers certain rights in addition to the right to a safe and healthy working environment, and employers must allow workers to exercise their rights without retaliation or discrimination. Possibly the most important right under the OSH Act is the Right to Information which is usually interpreted as the right to know what hazards are present in the workplace and how workers should protect themselves. In more detail, workers´ rights include:

  • The right to receive information and training about hazards, methods to prevent harm, and the OSHA standards that apply to the workplace. The training must be done in a language and vocabulary workers can understand.
  • The right to review records of work-related injuries and illnesses that occur in the workplace, receive copies of the results from tests and monitoring done to find and measure hazards in the workplace, and get copies of workplace medical records.
  • File a confidential complaint with OSHA to have their workplace inspected, participate in an OSHA inspection, speak in private with the inspector, and file a complaint with OSHA if they have been retaliated against as the result of requesting an inspection

It is also important for organizations in the healthcare industry to inform members of the workforce of their rights in relation to HIPAA or other federal and state laws that provide stronger privacy protections or more rights than the OSH Act. This includes “whistle blower” complaints to HHS´ Office for Civil Rights, OSHA, or any other state or federal agency.

Enforcement of OSHA Compliance

The OSH Act is regulated by Occupational Safety and Health Administration which is a division of the United States Department of Labor (DOL). The Administration has the authority to impose financial penalties for non-compliance with any OSH Act standards and has the jurisdiction to fine any organization for breaches of whistle blower provisions in a further twenty federal statutes.

Minimum and maximum penalties are applied according to the gravity of each violation across five penalty tiers. The minimum and maximum OSHA civil penalties are increased annually in line with inflation. The table below has been updated to reflect increases in penalties announced in January 2022.

Type of Violation Penalty Minimum Penalty Maximum
Serious $1,036 per violation $14,502 per violation
Other-Than-Serious $0 per violation $14,502 per violation
Willful or Repeated $10,360* per violation $145,027 per violation
Posting Requirements $0 per violation $14,502 per violation
Failure to Abate N/A $14,502 per day unabated beyond the abatement date, generally limited to 30 days maximum.

* For a repeated other-than-serious violation that otherwise would have no initial penalty, a penalty of $414 will be proposed for the first repeated violation, $1,036 for the second repeated violation, and $2,072 for a third repetition.

While OSHA can impose fines and penalties for noncompliance, U.S. states and territories where State Plans are in place can set their own penalty structures and minimum and maximum penalty levels. Those penalties must be at least as effective as those of the federal OSHA. For businesses in states and territories in which a State Plan exists, it will be necessary to create a state-specific OSHA compliance checklist.

OSHA Compliance Checklist

The OSHA compliance checklist below contains a summary of the requirements for employers in the general industry category, with additional information for employers in the healthcare industry. If you require further information about any of the standards mentioned below, the Administration provides an online “Quick Start Assistant” with links to the relevant standards.

All employers should create an OSHA compliance checklist and an OSHA inspection checklist for self-assessing compliance with the OSH Act. The checklists should include a brief description of each standard, who is responsible for implementing and monitoring compliance with the standard, and the training, recordkeeping, and/or reporting requirements for each standard.

1.     The General Working Environment

The general working environment must be clean and sanitary, toilets and washing facilities must be provided and kept in a sanitary state, hazardous materials must be cleaned up immediately, and all waste must be removed promptly and in accordance with federal, state, and local laws. The floor of each workroom must also be maintained in a clean and, to the extent feasible, in a dry condition.

Adequate illumination should be provided in working areas, employees should be protected from excessive noise, there should be adequate ventilation, protection from heat and cold stress, and ergonomic workstations should be provided. Any other risks present in the general working environment should be addressed in accordance with the OSHA General Duty clause.

2.     Administrative, Recordkeeping, Posting, and Reporting Requirements

There are many administrative, recordkeeping, posting, and reporting requirements. These include displaying the OSHA Job Safety and Health Protection Poster, ensuring emergency telephone numbers are displayed in a prominent area, and providing workers with Material Safety Data Sheets. There should also be clear signage alerting workers to biohazards, exposure to x-ray, microwave, or other harmful radiation, dangerous substances, floor loading, room capacities, and exit routes.

Employee medical records, records of employee exposure to hazardous substances, and employee training records must be kept up to date and maintained for at least the minimum retention period. There are strict requirements for reporting workplace fatalities and employee hospitalizations to the nearest OSHA office, with workplace fatalities required to be reported within 8 hours and serious injuries within 24 hours. In some states, it is a legal requirement to report workplace violence.

3.     Safety and Health Program

Employers need to implement a safety and health program and assign the overall responsibility of maintaining that program to an individual. Although departmental or office responsibility can be delegated, a safety committee or group should also be established that includes management and employee representatives and that meets regularly to report on safety and health issues.

Policies and procedures should be implemented that allow employees to report potential safety issues. Those complaints must be dealt with promptly and the complaint and actions taken to reduce risk should be recorded with the subsequent documentation made available to employees if requested. This is one of the basic workers´ rights OSHA inspectors check on during inspections.

4.     Walking/Working Surfaces Standards

Measures must be implemented to prevent slips, trips, and falls, including from a height, on stairways, and on the same level as these are among the leading causes of workplace accidents. The OSHA walking and working surfaces checklist was updated in November 2016 to incorporate advances in technology, industry best practices, and national consensus standards.

In the context of OSHA compliance for the healthcare industry, the revised requirements for walking and working surfaces updates industry standards addressing slip, trip, and fall hazards in line with recommendations in the CDC publication “Slip, Trip, and Fall Prevention for Healthcare Workers”. This publication includes a Slips, Trips, and Falls checklist medical facilities and dental surgeries should refer to when compiling an OSHA walking and working surfaces checklist.

5.     Medical and First Aid Standards

Generally, there should always be at least one qualified member of staff in the workplace available to provide first aid. First aid kits must be fully stocked and be easily accessible, eye-wash stations or a sink should be available for quick drenching or flushing where appropriate, and medical personnel should be readily available for consultations about employee health.

When calling 911, OSHA requires businesses to either use a communication system that automatically identifies the location of the caller or provides the caller´s latitude and longitude information to the 911 emergency dispatcher. If neither are implemented, businesses must prominently display the latitude and longitude of the workplace or other location-identification information that communicates effectively to employees the location of the workplace.

6.     Electrical Standards

Electrical standards apply to all electrical equipment and wiring, and there are also standards for medical facilities where flammable gases are used. Standards have been developed covering the design of electrical systems and safety-related working practices. All electrical hazards must be controlled, and measures implemented to reduce the risk of electric shocks. Electrical hazards are among OSHA’s most frequently cited hazards.

This standard is particularly important to medical facilities and dental surgeries because of the volume of electrical equipment used in medical and dental offices. Therefore, it is important all wiring is checked for wear and tear that can result in insulation breaks, short circuits, and exposed wires. Not only might faulty wiring create a safety and health issue, a break in the electrical supply may also result in non-compliance with other healthcare regulations (i.e., the availability of PHI).

7.     The Hazard Communication Standard

This standard was developed for hazardous chemicals in the workplace and is concerned with informing employees about the risks. All hazardous materials should be labeled, information should be provided in the form of Safety Data Sheets (SDS), and employees must be told about all hazards, how they should be handled, and how to respond to an accidental escape of hazardous chemicals.

It is necessary for medical facilities with labs to keep on top of this standard, for as well as being frequently updated (i.e., to align with the UN Globally Harmonized System of Classification and Labelling of Chemicals) there are also some exceptions to this standard when the disposal of hazardous chemicals is governed by Environmental Protection Agency regulations.

8.     The Bloodborne Pathogens Standard

Employers who have work environments where there is a risk of exposure to blood-borne pathogens must implement a control plan to limit the potential for exposure, provide appropriate PPE and safety devices, and ensure PPE and safety devices are maintained. It is also necessary to develop and implement waste disposal methods and procedures and post-exposure protocols.

Training must be provided to the workforce on policies and procedures for handling potentially contaminated material and the procedures to follow in the event of exposure. Employees in medical environments are required to receive refresher training on bloodborne pathogen protocols annually, at no cost to themselves. As mentioned previously, this standard was amended by the Needlestick Safety and Prevention Act.

9.     The Personal Protective Equipment Standard

Employers must ensure work practices are developed that ensure the health and safety of the workforce and, to further reduce risk, appropriate personal protective equipment such as face masks, eyewear, visors, gowns, aprons, and protective gloves must be available that is suitable given the level of risk.

Personal protective equipment must be reliable, clean, fit each worker correctly, and safe methods of disposal of potentially contaminated equipment must be provided. Employees need to be trained on how to use, maintain, and dispose of personal protective equipment correctly and be told about its limitations.

10. The Fire Prevention Plan and Exit Routes Standards

Fire prevention measures must be implemented in the workplace, and policies and procedures developed to ensure employees (and patients of a medical facility or dental surgery) are protected in the event of a fire. The local fire department should be familiar with the location and the hazards in the facility, a fire alarm system must be in place, fire doors must be clearly marked, exit routes should be safe and clearly marked with exit diagrams posted.

Exit routes must be unobstructed at all times with exit doors opening in the direction of escape. An adequate number of the correct portable fire extinguishers for each hazard must be provided in readily accessible locations. All fire safety systems must be regularly tested, and employees should be instructed in the use of fire extinguishers and fire protection procedures. Medical facilities in the Nursing Care Centers Accreditation program must conduct fire drills in compliance with EC.02.03.03.

11. The Ionization Radiation Standard

Protocols must be developed for areas containing x-ray and diagnostic imaging equipment. Any area that contains such equipment must be subject to strict controls to reduce health risks. Employees must be told when such equipment is present in a work area, policies and procedures must be developed for working safely in restricted areas, and there are requirements for labeling all machinery and equipment that emits ionizing radiation.

When compiling an OSHA ionization radiation checklist, businesses in the healthcare industry need to be aware that many states – including those that do not have OSHA-approved State Plans – have their own regulations for occupational exposure to radioactive materials. Therefore, most medical facilities and dental surgeries will need to familiarize themselves with any state regulations relating to radiation produced by x-ray machines.

12.  COVID-19 Emergency Temporary Standard

As mentioned previously, in November 2021 an emergency temporary standard was published covering COVID-19 in worksites. Although the emergency temporary standard has been withdrawn in many locations, some states still require workplaces to comply with some or all of the SARS-CoV-2 measures implemented to keep workplaces safe and limit the transmission of the virus.

In some states, these measures only apply to specific industries – i.e., public transportation and healthcare – and to help businesses in the healthcare industry compile a OSHA compliance checklist that factors in the COVID-19 emergency temporary standard, the Occupational Safety and Health Administration has produced a “COVID-19 Healthcare Worksite Checklist & Employee Job Hazard Analysis” (PDF).

OSHA Compliance Checklist FAQs

Where can I find a full list of OSH Act standards?

The full list of OSH Act standards can be accessed via the Occupational Safety and Health Administration´s “Quick Start Assistant” web portal. This should help you identify all the OSHA compliance requirements that apply to your business and enable you to develop an OSHA compliance checklist and OSHA inspection checklist to self-assess your compliance efforts.

Is there a required OSHA training checklist?

Because each business is unique, it is impossible to develop a “one-size-fits-all” OSHA training checklist. Businesses are recommended to first establish what their OSHA compliance requirements are and then develop an appropriate OSHA training schedule. OSHA training for healthcare organizations should be integrated where possible with other mandated training.

Is there an OSHA compliance checklist for medical office environments?

When businesses operate in the same industry sector, there will likely be different environmental, socio-economic, and organizational factors that create different types of risk for each business. Therefore, even in the case of medical office environments that are required to comply to the same OSHA standards, each medical office compliance checklist will be unique.

Is workplace violence limited to worker-on-worker bullying?

The Occupational Safety and Health Administration defines workplace violence as “any act or threat of physical violence, harassment, intimidation, or other threatening disruptive behavior that occurs at the work site”. Therefore, this not only includes worker-on-worker bullying, but also any physical, verbal, or psychological abuse instigated by managers, patients, visitors, or passengers.

What is the difference between an OSHA hazard inspection checklist and a workplace safety inspection checklist?

Although the two inspection checklists could be identical, an OSHA hazard inspection checklist will consist of hazards covered specifically by OSHA standards, whereas a workplace safety inspection checklist could include safety and health issues not covered by OSHA standards – for example, issues included in CMS´ Emergency Preparedness Rule or state laws relating to ionization radiation.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.