Exposure records help protect employee health in the long term, but many employers fall short when it comes to keeping them for the required period. According to OSHA regulations, certain medical and exposure records must be kept for at least 30 years. However, audits and enforcement actions show a different picture.
This article highlights why many companies, especially smaller ones, struggle to meet this requirement and what risks they face. From lack of awareness to legal consequences, we’ll cover the main reasons behind this data gap and how it can be addressed.
1. What Are Exposure Records?
Exposure records include any information that shows an employee’s contact with hazardous chemicals, biological agents, or harmful physical environments. These could be:
- Results of air or water testing in the workplace
- Medical tests related to workplace exposure
- Documentation of protective measures used
Under OSHA’s rules, such records must be kept for 30 years after an employee’s final exposure. This helps future doctors understand potential health risks even decades later.
2. A Shocking Look at Real-World Compliance
Real audits tell a troubling story. In one OSHA review of a single company, over 700 cases of improper recording were found in a sample of nearly 3,500 employee medical files. This audit at Avondale Industries uncovered missing documents and denial of access to required files.
Such failures can harm both employees and employers. Workers may not get proper treatment later, while companies could face large fines.
3. Small Companies Face Bigger Challenges
While all businesses must follow the same rules, smaller ones often fall behind. Research shows that employers with fewer than 100 employees are more likely to have poor injury and illness records. Although the study focused on incident tracking, experts believe similar problems exist with exposure records due to limited staffing and resources.
This puts small businesses at risk of non-compliance, often not out of bad intentions, but due to lack of information or tools.
4. Confusion About the 30-Year Rule
Many employers either misunderstand the rule or don’t know about it at all. Some believe that if no exposure is detected, the records don’t need to be kept, which is incorrect.
Auditors have found that employers fail to retain even those records showing “non-detect” or below-threshold exposures. But under OSHA rules, these still fall under the 30-year retention requirement. The confusion around what qualifies as an exposure record leads to major gaps in documentation.
5. Compliance Gets Even Harder Across Borders
For companies that operate in multiple regions or countries, following the rules can get even more complicated. For example, in Canada, exposure record retention laws vary greatly:
- Some provinces require just 3 years
- Others demand up to 40 years, depending on the type of record
This jurisdictional variation makes it difficult for large employers to stay compliant everywhere. Without a centralized approach, records may be lost or deleted too early in some locations.
6. The Cost of Non-Compliance: Fines and Legal Trouble
The risks of ignoring the 30-year rule go beyond poor recordkeeping. In some cases, failure to provide access or maintain exposure records is seen as a willful violation.
According to OSHA, employers can be fined up to $70,000 per violation for serious failures in record retention. These fines are not just for missing files, even denying an employee or their doctor access to the records can lead to penalties.
7. Missing the Full Picture: Gaps in Documentation
Another issue is that many companies only keep some of the records they should. Audits often find that documents are missing or incomplete, such as testing logs, employee requests for records, or documentation about safety measures.
Even when exposure was low or undetectable, these records matter. They show that proper checks were done and that the employer followed legal steps. Failing to keep full documentation can hurt you during inspections or legal disputes, even if you followed safety protocols.
8. Steps to Close the Data Gap
While the problems are serious, there are simple ways to improve:
- Train staff on what records must be kept and for how long
- Use digital storage with clear backup systems
- Centralize compliance tracking especially if operating in multiple locations
- Regular internal audits to find and fix missing records early
- Document all safety checks, even if exposures are low
By following a clear system, businesses can reduce the risk of fines and keep workers safer in the long term.
9. Why Retention Really Matters
Exposure to dangerous materials can lead to health problems years, even decades later. Keeping long-term records helps healthcare providers connect the dots if an employee develops a condition linked to workplace exposure.
It’s not just about laws or penalties. Holding onto these records means workers have the right information to protect their health long after they’ve left the job.
Final Thoughts
The 30-year record retention rule exists for a reason: to protect people’s health. But the data shows that many employers fall short, whether from confusion, lack of resources, or system errors.
With penalties reaching $70,000 per violation and audits revealing hundreds of missing records, this is not a risk worth taking. Businesses, large and small, need to treat exposure records as long-term health tools, not short-term paperwork.
By taking small but steady steps, every employer can close the data gap and create a safer, smarter workplace.
