March 2, 2025: Deadline for Electronic Submission of 2025 Workplace Injury and Illness Data

Posted by Steve Alder

The deadline for submitting electronic workplace injury and illness information to the Occupational Safety and Health Administration (OSHA) is March 2, 2026. Failure to submit timely data can result in a citation or penalty.

OSHA maintains a secure website hosting its Injury Tracking Application (ITA), which can be used by certain employers to submit data from their OSHA recordkeeping forms (OSHA Forms 300A, 300, and 301). Covered employers must use the ITA to submit their data ahead of the reporting deadline, which for calendar year 2025 is March 2, 2026. To ensure that data is submitted on time, establishments should use the ITA to submit their data well ahead of the deadline in case of any technical issues.

Online submission of workplace injury and illness data is required for establishments if the answer to either of the questions below is yes.

  1. Your establishment had 250 or more part-time, full-time, and seasonal employees at any time during calendar year 2025 and is not on the exempt industry list.
  2. Your establishment had between 20 and 249 part-time, full-time, and seasonal employees at any time in calendar year 2025 if you are in a designated industry.

Designated industries include, but are not limited to, general medical and surgical hospitals, psychiatric and substance abuse hospitals, specialty (except psychiatric and substance abuse) hospitals, other ambulatory health care services, nursing care facilities, residential mental retardation, mental health and substance abuse facilities, community care facilities for the elderly, and other residential care facilities. If your establishment qualifies for electronic reporting, then electronic reporting is mandatory. OSHA will not accept paper submissions of workplace injury and illness data.

If the answer to one of the above questions is yes, your establishment is required to use the ITA to submit OSHA Form 300A data. Establishments must also use the ITA to submit Form 300/301 data if they have more than 100 employees in designated industries, which include the aforementioned healthcare and social care sectors, as listed in Appendix B to Subpart E of 29 CFR Part 1904.

It is the responsibility of each establishment to determine whether it is required to submit its workplace injury and illness data electronically, as OSHA does not generally notify establishments if they must submit data electronically. If in any doubt, OSHA has an ITA coverage application that can be used to determine if the ITA must be used to submit Form 300A and 300/301 data.

The post March 2, 2025: Deadline for Electronic Submission of 2025 Workplace Injury and Illness Data appeared first on The HIPAA Journal.

Carespring Health Care Management & LifeBridge Health Settle Class Action Data Breach Lawsuits

Posted by Steve Alder

Carespring Health Care Management in Ohio and LifeBridge Health in Maryland have agreed to settle class action lawsuits stemming from data breaches.

Carespring Health Care Management

Carespring Health Care Management has agreed to settle a class action lawsuit stemming from an October 2023 cyberattack and data breach. Hackers gained access to the protected health information of 64,609 individuals, including names, dates of birth, Social Security numbers, financial information, health insurance information, and medical information.

The first class action lawsuit over the data breach was filed by plaintiff Phyllis Rise on August 29, 2024. Four related actions were subsequently filed by other affected individuals. The five lawsuits were consolidated – Rice, et al., v. Carespring Health Care Management, LLC – in the Court of Common Pleas for Clermont County, Ohio, as the lawsuits had overlapping claims.

The consolidated lawsuit asserted several claims, including negligence/negligence per se, breach of contract, breach of implied contract, breach of fiduciary duty, breach of confidence, invasion of privacy, fraud, misrepresentation, unjust enrichment, bailment, wantonness, and the failure to provide adequate notice about the data breach. Carespring Health Care Management denies all claims asserted in the lawsuit.

To avoid the expense, delay, and uncertainties of litigation, all parties agreed to a settlement, with no admission of liability or wrongdoing. Carespring Health Care Management will pay up to $305,000 to cover attorneys’ fees and expenses, service awards of $2,500 for each of the five class representatives, and benefits for the class members. Class members may submit a claim for two years of single-bureau credit monitoring services, and a claim for up to $4,500 as compensation for documented, unreimbursed losses resulting from the data breach. If a claim is not submitted for reimbursement of losses, class members may claim an alternative $50 cash payment

The deadline for objection to and exclusion from the settlement is March 17, 2026. Claims must be submitted by April 16, 2026, and the final fairness hearing has been scheduled for April 28, 2026.

LifeBridge Health

LifeBridge Health Inc., a Maryland-based holding company for four Maryland hospitals and other affiliated entities, has agreed to pay $575,000 to settle class action litigation stemming from a cybersecurity incident detected in November 2024. LifeBridge Health determined that a hacker intermittently accessed its computer systems between August 27, 2024, and September 21, 2024, and potentially obtained patients’ protected health information. The affected individuals were notified about the data breach on April 1, 2025.

A lawsuit was filed in the Circuit Court for Baltimore County, Maryland, in response to the data breach, alleging it could have been prevented had LifeBridge Health implemented reasonable and appropriate cybersecurity measures. The lawsuit – Ragin v. LifeBridge Health, Inc. – asserted claims of negligence, alleged breach of implied contract, and breach of the implied covenant of good faith and fair dealing. LifeBridge Health denies all allegations in the lawsuit and maintains there was no wrongdoing. While believing that it would have prevailed at trial, the decision was taken to settle the litigation to avoid the cost, distraction, and uncertainty of trial and related appeals.

A $575,000 settlement fund will be established to cover attorneys’ fees and expenses, settlement administration costs, and service awards for the class representatives. The remainder of the fund will be used to pay for benefits for the class members. LifeBridge Health has also agreed to make data security enhancements to better protect patient data.

A claim may be submitted for reimbursement of documented, unreimbursed losses due to the data breach up to a maximum of $5,000 per class member. A claim may also be submitted for a flat cash payment, which will be paid pro rata after all valid claims have been paid. The cash payment is estimated to be $100 per class member, but may be higher or lower depending on the number of valid claims received. The deadline for objection to and exclusion from the settlement is February 28, 2026. The deadline for submitting a claim is February 28, 2026, and the final fairness hearing has been scheduled for March 20, 2026.

The post Carespring Health Care Management & LifeBridge Health Settle Class Action Data Breach Lawsuits appeared first on The HIPAA Journal.