OSHA requirements are set by statute, standards and regulations. Our interpretation letters explain these requirements and how they apply to particular circumstances, but they cannot create additional employer obligations. This letter constitutes OSHA's interpretation of the requirements discussed. Note that our enforcement guidance may be affected by changes to OSHA rules. Also, from time to time we update our guidance in response to new information. To keep apprised of such developments, you can consult OSHA's website at https://www.osha.gov.

July 28, 1992

                   Director Directorate of Compliance Programs

THRU:               THOMAS J. SHEPICH Director 
                   Directorate of Technical Support
                   MELISSA A. McDIARMID, MD, MPH Director
                   Office of Occupational Medicine

FROM:               ROBERT KNELLER, MD, MPH Occupational Medicine Resident
                   Office of Occupational Medicine

SUBJECT:            Request for Interpretation of the Bloodborne Pathogen
                   Standard (Confidentiality Issues)

This memorandum is in response to an inquiry from Mr. Frank Strasheim forwarded to this office.

The Bloodborne Pathogens Standard specifically indicates that the exposed employee's blood cannot be collected or serologically tested for HIV or HBV without the employee's consent. It also specifies the information that can be included in the health care professional's written opinion. HBV or HIV status is not a permissible part of that written opinion and must remain confidential.

We know of no reference document citing federal laws on medical confidentiality. The Federal Privacy Act [5 USC 552a, PL 93-579] deals with access to the medical files of federal employees. Regulations promulgated under this Act require that each federal agency issues internal instructions describing how its Employee Medical File System (EMFS) is maintained and managed. Quoting from relevant sections of these regulations:

These instructions must;

(d) Designate which agency office(s) will be responsible for deciding when and what occupational medical records are to be disclosed either to other agency officials or outside the agency;

(e) Ensure proper records retention and security, and preserve confidentiality of doctor/patient relationships;


(n) Set forth a policy that distinguishes, particularly for purposes of records disclosure, records in the nature of physician treatment records (which are generally not appropriate for disclosure to non-medical officials) from other medical reports properly available to officials making management decisions concerning the employee; [5 CFR 293.503]

In addition, the regulations stipulate that:

...Disclosure of an employee's occupational medical records to agency officials (both medical and non-medical) will be granted only when the specific information sought is needed for the performance of official duties. [5 CFR 293.504(b)]

These provisions do not apply to non-federal employees. Furthermore, matters of confidentiality, public health and medical testing are primarily governed by state law. California could have laws with more stringent requirements concerning the confidentiality of medical test results.

Some institutions offer exposed employees the option of independent post-exposure testing and evaluation. This gives them the fullest assurance of confidentiality, encourages the widest utilization of post-exposure testing and follow-up services, and is in keeping with the intent and spirit of the confidentiality provisions of the Standard. However, the Bloodborne Pathogens Standard permits the employer to offer the required post-exposure serology testing, medical evaluation and follow up through its own in-house facilities and personnel, if appropriately qualified and if a mechanism to ensure confidentiality is in place.

We hope that we have answered your questions, and that you will feel free to contact us if you have further concerns.