OSHA / Safety Incident Log
Build a login-protected tool that records workplace injuries and illnesses with the required details, applies your recordability and classification rules with a safety-officer sign-off, tracks days away and restricted, and produces reviewed summaries and a CSV export in the required log format.
A login-protected web tool where injuries and illnesses are reported, captured with the required details, classified under your configured recordability rules, reviewed and approved by your safety officer before they hit the official log, tracked for days away and restricted duty, rolled up into a reviewed annual summary, and exported as a CSV in the required log format - all with a complete audit trail and protected medical details.
Before you start
- A free Supabase account
- A free Vercel account
- A free Resend account
- Claude Code installed and signed in
The problem this kills
Safety recordkeeping is one of those jobs where a small slip becomes a big problem. Injuries get logged on a clipboard, a shared spreadsheet, and three different inboxes. A "recordable" determination gets made in someone's head and never written down. Days-away counts drift. The privacy cases that should be redacted aren't. And when an auditor or an inspector asks to see the log, you're reconstructing a year of events from memory the night before.
The hard part isn't typing the incidents in - it's getting the recordable / not-recordable call and the case classification right and consistent, keeping the running day counts accurate, protecting employees' medical details, and being able to prove who decided what, and when.
This tool replaces the clipboard-and-spreadsheet scramble with one workflow: an incident is reported, the details are captured, your configured rules suggest a classification, your safety officer reviews and approves it before it touches the official log, day counts are tracked, and the annual summary is generated and signed off before it's posted - with a complete audit trail behind all of it.
What you'll build
A private web app, locked behind a login, where:
- A workplace injury or illness is reported through a clear intake form (date, employee, location, what happened, body part, treatment, classification, days away / restricted).
- Your recordability and classification rules (the ones you configure) are applied to suggest a determination - the tool drafts, it never decides.
- Your safety officer reviews and approves each recordable determination and case classification before the case is added to the official running log.
- Days away and restricted / transferred duty are tracked per case, with running totals.
- Employee medical details are protected, and privacy-case redaction is handled so sensitive cases don't expose a name.
- An annual summary is generated, reviewed, and approved before posting.
- Everything is recorded in an audit trail, and you can pull a CSV export in the required log format for posting or audit.
What's inside the Implementation Plan
The plan opens by interviewing you about your business - how incidents reach you today, who reports and who decides, the systems and spreadsheets you use, your exact employee and case-ID formats, your establishments and locations, your typical and peak incident volumes, your specific recordability and classification rules, your privacy-case rules, and the messy edge cases. It reads a short tailored spec back to you and waits for your thumbs-up before building anything. You get a tool shaped to your rules and your data, not a generic template.
From there it's a step-by-step build, each step ending with a ready-to-paste prompt for your AI coding agent: the data model and privacy design, login and per-establishment data isolation, the incident intake form with a duplicate guard, the rule engine that suggests recordability and classification, the safety-officer review-and-approve gate, day-count tracking, email notifications, the reviewed annual summary, the audit trail, and the required-format CSV export. It closes with a "how to know it works" checklist and a no-API CSV fallback so you can run it today with no integration at all.
The governance it includes (this is the point)
- Login so only your safety / HR team can get in.
- Row-level security so users only ever see their own organization's (and establishment's) cases - and medical details are access-limited even within the team.
- A complete audit trail - who reported, who classified, who approved, and when - for every case and every summary.
- A hard human-in-the-loop approval gate: the tool applies your rules to suggest a recordable determination and classification, but a case is added to the official log only after your safety officer reviews and explicitly approves it - and the annual summary is approved before it's posted.
- Duplicate guards keyed on the incident ID, one record per incident, so the same event can't be logged twice.
This is recordkeeping tooling that applies the rules you configure - it is not legal or safety advice and does not decide recordability for you. It keeps medical details protected and handles privacy-case redaction, so what you keep is accurate, complete, and defensible.
Who it's for
HR and safety officers responsible for injury and illness recordkeeping who maintain logs by hand - on paper or in a spreadsheet - and worry about errors, omissions, inconsistent classifications, exposed medical details, or a log that isn't audit-ready.
You've got this - paste the first prompt and let the plan interview you.