The Trump administration’s Office of Personnel Management (OPM) has issued a proposal requesting extensive medical records from insurers that cover more than 8 million federal employees, retirees, and their families. This unprecedented data collection would include personally identifiable health information such as medical claims, pharmacy prescriptions, and healthcare provider details.
The proposal, posted in December and sent to insurance companies offering Federal Employees Health Benefits and Postal Service Health Benefits plans, requires monthly reports containing sensitive health data. OPM states the information will be used to ensure the provision of competitive, quality, and affordable health plans.
Experts in health policy and law have expressed significant concerns over the legality and privacy implications of the request. The proposal does not require insurers to redact personal identifiers, and there is ambiguity regarding what extent of medical information—potentially including doctors’ notes and after-visit summaries—would be accessible to OPM. This raises fears about OPM’s ability to safeguard such sensitive data.
Sharona Hoffman, a health law ethicist, noted that while OPM could use the data for cost analysis and system improvements, the scope of information requested poses risks of misuse, including potential political targeting. Michael Martinez, senior counsel at Democracy Forward and a former OPM employee, highlighted worries about how the data could be exploited, especially concerning employees who sought controversial treatments, such as abortion or transgender healthcare, amid shifting state laws and federal policies.
Several major insurers such as Blue Cross Blue Shield, Kaiser Permanente, and UnitedHealthcare have declined comment on their compliance plans. CVS Health publicly opposed the request, citing conflicts with the Health Insurance Portability and Accountability Act (HIPAA), warning that sharing identifiable health information broadly could violate federal privacy laws and expose insurers to liability.
The HIPAA framework restricts disclosure of protected health information without patient consent except under specific and justified circumstances, requiring only the minimum necessary data to be shared. Legal experts have criticized OPM’s justification of the request as insufficiently specific and potentially overreaching for “oversight activities.”
OPM has not responded to requests for clarity on how it will protect the data or address privacy concerns. The agency’s history includes a major data breach in 2015 that compromised the records of approximately 22 million people. The proposed rule is still under consideration, pending a final decision that would formalize any changes.
Why it matters
If implemented, OPM’s proposal would grant the federal agency access to a vast database containing highly sensitive and identifiable medical information of millions of Americans employed by or affiliated with the federal government. The lack of clear safeguards and broad scope could jeopardize workers’ privacy and raise legal challenges under HIPAA. This development also occurs in the context of political tensions involving mass federal workforce layoffs and disputes over health-related rights, adding to concerns about possible misuse or political exploitation of the data.
Background
The Federal Employees Health Benefits program is the largest employer-sponsored health insurance program in the United States, covering millions of current and retired federal workers. OPM historically has used de-identified claims data to monitor costs and encourage plan improvements but has faced criticism when attempts were made to collect more detailed personal health information. Past proposals, including one in 2010 and negotiations through 2019, involved similar data requests but ended without implementation due to legal and privacy concerns. The current proposal marks a significant expansion in the agency’s data access ambitions.
Read more Politics stories on Goka World News.