Every April 30, Multi-Location Medical Practices Get This Wrong
By Raj Pannu, M.D. — Physician, Healthcare Operations
April 30 just passed. For most medical practices, it went by like any other day.
For the ones operating across multiple locations, it was a federal compliance deadline — and a significant number of them missed it without knowing it.
I’m talking about the OSHA 300A Annual Summary. And if you’re running more than a handful of clinical sites, there’s a reasonable chance your compliance posture on this form is shakier than you think.
What the 300A Actually Is
OSHA requires employers with 10 or more employees to maintain a log of work-related injuries and illnesses throughout the year. That’s OSHA Form 300 — the ongoing log.
The 300A is the annual summary derived from that log. Every year, between February 1 and April 30, it must be physically posted at each workplace establishment where employees can see it. It has to be certified by a company executive — not a manager, not a compliance coordinator, but someone with organizational authority. And it has to remain posted for the full three-month window.
That’s the requirement. Simple enough.
Now multiply it across 10, 20, or 40 locations.
Where Multi-Location Practices Break Down
The OSHA 300 log and the 300A summary are fundamentally site-specific obligations. Under OSHA’s recordkeeping rules, each physical location that operates independently — its own address, its own workforce — is treated as a separate establishment. That means a practice with 30 locations has 30 separate posting obligations. 30 separate logs. 30 certifications.
Most organizations handle this through some combination of email reminders, regional managers, and the assumption that someone is taking care of it at each site. That assumption fails more often than people realize — not because of negligence, but because no one has built a reliable system around it.
Here’s what typically happens: corporate compliance sends a reminder in January. Some locations post it in February. Others get to it in March. A few sites open mid-year and no one is sure whether the obligation applies for a partial year (it does). New managers at recently transitioned locations don’t know the process existed. And by the time April 30 arrives, there’s no centralized record of which sites complied and which didn’t.
That visibility gap is the problem.
The Stakes Are Real
OSHA recordkeeping violations carry civil penalties that escalate quickly. Serious violations can run up to $16,131 per violation. Willful or repeated violations — including situations where OSHA determines the employer should have known — can reach $161,323 per violation.
More practically: when an OSHA inspector shows up at one of your locations — triggered by an employee complaint, a reported injury, or a random inspection — one of the first things they’ll request is your 300 log and evidence of your 300A posting. If it’s not there, or if it wasn’t posted during the required window, that’s a citation.
For a growing multi-location practice, the risk scales with your footprint. More locations means more exposure, and more opportunity for the system to break down.
The Problem Gets Worse When You’re Growing Fast
Opening new clinical locations creates a particular compliance blind spot.
When a team is focused on buildout, credentialing, hiring, and getting the doors open, OSHA recordkeeping setup rarely makes anyone’s critical path. But the obligation exists from the first day an employee reports to work at that site. The 300 log needs to start immediately. If the location opens after February 1 in a given year, it still has a 300A obligation the following February — and if no one set up the log, there’s nothing to summarize.
Organizations expanding aggressively are essentially creating new compliance obligations faster than their centralized processes can absorb them. The gap between “we opened the site” and “we have a functioning compliance infrastructure at that site” is where the exposure lives.
What Getting This Right Actually Looks Like
Compliant multi-location OSHA recordkeeping isn’t complicated in principle. It requires:
A separate 300 log for each establishment, maintained continuously throughout the year. A reliable process for generating the 300A summary at year-end. A mechanism for getting the appropriate executive certification at each site. A system for verifying that the 300A was actually posted at each location by February 1. And documentation that it remained posted through April 30.
The challenge isn’t knowing what to do — it’s having a system that does it consistently across every location, every year, without depending on individual memory or informal processes.
For organizations at scale, that means treating compliance infrastructure as a first-class operational concern, not an afterthought handled by whoever has bandwidth in January.
One Question Worth Asking Your Team Today
Before the specifics of OSHA 300A recordkeeping fade back into the background, it’s worth a quick internal audit:
Which of our locations did not have a completed, certified, and posted 300A this year — and how would we know if they didn’t?
If the honest answer is “we’re not sure,” that’s the gap to close before next February.
The April 30 deadline passed. There’s nothing to be done for this cycle. But there are nine months before the next one, and that’s enough time to build a process that actually holds across every site you operate.
Raj Pannu, M.D. is a physician and healthcare operations founder focused on compliance infrastructure for multi-location medical practices. He can be reached at raj@sagenik.com.
Interested in discussing compliance operations for your organization? Book a call →
