Understanding Privacy Cases

  • Published on Apr 29, 2025
  • 1 minute(s) read
Prev Next

Some workplace injuries or illnesses involve sensitive or personally identifiable information (PII) that should not be visible to all users — or publicly disclosed in regulatory reports. To support this, Serenity includes a Privacy Case feature that aligns with OSHA recordkeeping requirements for confidential cases.

What Does OSHA Say About Privacy Cases?

According to OSHA’s Recordkeeping Standard (29 CFR 1904.29(b)(7)), employers must withhold the employee’s name for certain types of injuries or illnesses when recording them on the OSHA 300 Log. These cases are referred to as privacy concern cases.

OSHA defines a privacy case as any injury or illness that:

  • Involves an intimate body part or the reproductive system

  • Results from a sexual assault

  • Involves mental illness

  • Is a needle stick or cut from a sharp object that may be contaminated

  • Is a HIV, hepatitis, or tuberculosis infection

  • Is another illness where the employee voluntarily requests privacy

ℹ️ Source: OSHA 1904.29(b)(7)

Enabling a Privacy Case in Serenity

Users with the Privacy Case Viewer role can flag any injury as a privacy case directly from the injury report screen.

To enable privacy features:

  1. Open the injury record

  2. Click the lock icon labeled “Enable privacy case” (top right corner)

Once enabled, the system will automatically:

✅ Restrict visibility of the injury record to only users with the privacy case role

✅ Redact personally identifiable information (e.g., name, contact info) on OSHA 300 and 300A forms

Managing Privacy Settings

Users with the privacy case role can also:

  • Click “Disable privacy case” to remove the restriction (if no longer applicable)

  • Continue editing and finalizing the report as normal

  • See a yellow banner indicating the case is privacy-restricted

🔒 If you're unable to view the details of a privacy case, contact your administrator to verify your user role includes Privacy Case Viewer access.

✅ Best Practices

  • Review each injury for potential privacy sensitivity during intake or review

  • Enable the privacy flag immediately if applicable — especially for mental health or reproductive cases

Ensure only trained EHS staff with privacy clearance have access to these records

Related articles