The Trump administration is quietly in search of unprecedented entry to medical information for tens of millions of federal employees and retirees, and their households.
A temporary discover from the Workplace of Personnel Administration may dramatically change which personally identifiable medical info the company obtains, giving it the ability to see prescriptions workers had stuffed or what therapy they sought from medical doctors. The regulation would require 65 insurance coverage firms that cowl greater than 8 million Individuals — together with federal employees, retired members of Congress, mail carriers, and their quick relations — to supply month-to-month stories to OPM with identifiable well being knowledge on their members.
The proposal is prompting unease from insurers in addition to well being coverage and authorized specialists, who’re involved in regards to the legality of OPM buying such a sweeping database of delicate well being info, and the company’s skill to safeguard it.
OPM may use the info to research prices and enhance the system, mentioned Sharona Hoffman, a well being legislation ethicist at Case Western Reserve College in Ohio.
“However,” she mentioned, “they will get very, very detailed and granular knowledge about every thing that occurs. The priority right here is the extra info they’ve, they might use it to self-discipline or goal people who find themselves not cooperating politically.”
OPM spokespeople didn’t reply to repeated requests for remark. The company’s discover asks insurers that provide Federal Workers Well being Advantages or Postal Service Well being Advantages plans to furnish “service use and price knowledge,” together with “medical claims, pharmacy claims, encounter knowledge, and supplier knowledge.” It says the info will “guarantee they supply aggressive, high quality, and inexpensive plans.”
The discover, posted and despatched to insurers in December, doesn’t instruct them to redact figuring out info — a burdensome course of that they would want federal steerage to finish.
As an alternative, it states that insurers are legally permitted to reveal “protected well being info” to OPM. A number of specialists in well being coverage and legislation consulted by KFF Well being Information mentioned they interpreted the request to imply the Trump administration was in search of identifiable knowledge.
The ask comes a 12 months right into a Republican administration that has been outlined by haphazard mass layoffs and firings of 1000’s of federal employees, together with dozens who say they had been focused in acts of political retaliation or for not embracing the White Home’s agenda. Beneath President Donald Trump, the federal government has additionally routinely examined the authorized bounds of sharing delicate and personally identifiable tax or well being info throughout authorities companies in its efforts to hold out mass immigration arrests or pursue determine fraud.
“You possibly can anticipate a state of affairs the place this info on 8 million Individuals is now within the palms of OPM and there’s an actual concern of how they use it,” mentioned Michael Martinez, senior counsel at Democracy Ahead, an advocacy group that filed a public remark opposing OPM’s proposal in February. Martinez beforehand labored at OPM.
“They’ve given no details about how they’d deal with that info as soon as they’ve it,” he mentioned.
Amongst Martinez’s considerations is how the administration may use details about workers who’ve sought abortions — 41 states have some sort of abortion ban — or transgender therapy, medical care that the Trump administration has tried to curb.
The American Federation of Authorities Workers, the biggest union representing federal employees, didn’t reply to requests for remark.
Martinez and others who reviewed the discover for KFF Well being Information mentioned the proposal was so obscure that they had been unsure, precisely, what medical information OPM needs to entry.
On the very least, they mentioned, the proposal would enable the company to entry the medical and pharmaceutical claims of sufferers with their figuring out info, resembling names and beginning dates. Claims knowledge additionally contains diagnoses, remedies, go to size, and supplier info.
OPM’s request to view “encounter knowledge” may enable the company to have a look at “something and every thing,” Hoffman famous.
That might embody detailed medical information, resembling a health care provider’s notes or after-visit summaries.
Jonathan Foley, who labored at OPM advising on the Federal Workers Well being Advantages program in the course of the Obama and Biden administrations, mentioned he doubts the company has the aptitude to ingest such trivia.
The company, nonetheless, may simply start assortment of personally identifiable medical and pharmaceutical claims info from insurers, he mentioned.
Foley mentioned he sees a profit to OPM having broader entry to de-identified claims knowledge. Lately, OPM has ramped up its evaluation of claims knowledge, which has allowed it to look at prescription drug prices and encourage plans to supply federal employees cheaper alternate options. He’s fearful, although, that the Trump administration’s proposal goes too far, as a result of it seems to hunt identifiable knowledge.
“It’s form of stunning to think about them having protected well being info with out having strict guardrails,” he mentioned.
The Well being Insurance coverage Portability and Accountability Act of 1996, or HIPAA, requires sure organizations that keep identifiable well being info — resembling hospitals and insurers — to guard it from being disclosed with out affected person consent.
These entities can disclose such info with out consent solely in particular eventualities, with a justification that it’s deemed “cheap” or “vital.” Even then, HIPAA mandates that they supply solely the minimal quantity of knowledge required.
OPM argues in its discover that it’s entitled to the data from insurers “for oversight actions.”
However a number of individuals who reviewed the discover questioned whether or not OPM’s clarification for requesting the data is enough.
“The language in it appears fairly broad and encompasses probably a variety of info and knowledge and is type of gentle on justification,” mentioned Jodi Daniel, a digital well being strategist who helped develop the authorized framework for HIPAA privateness guidelines over 20 years in the past.
A number of main insurers that provide federal worker well being plans — together with the Blue Cross Blue Defend Affiliation, Kaiser Permanente, and UnitedHealthcare — declined to touch upon their plans to adjust to the discover or supply perception on the place plans to implement the info sharing stood.
Just one insurer individually weighed in with a public touch upon OPM’s plan. In March, CVS Well being government Melissa Schulman urged the federal company to rethink its proposal.
“OPM’s request raises substantial HIPAA compliance points,” Schulman wrote, arguing that federal legislation permits the company to look at information however to not gather knowledge. Insurers can be breaking the legislation by offering private well being info for OPM’s “obscure and broad normal functions,” she added.
Schulman, who didn’t reply to further questions from KFF Well being Information, additionally raised considerations a few lack of knowledge privateness protections. She famous that insurers could possibly be answerable for safety breaches or different conditions “the place shopper well being info is inappropriately shared and outdoors of our management.”
In 2015, OPM introduced the non-public information of roughly 22 million Individuals had been stolen from the company in an information breach that has been blamed on the Chinese language authorities.
The Affiliation of Federal Well being Organizations, which represents CVS Well being and dozens of different federal well being plan carriers, additionally weighed in with a 122-page remark opposing the discover. In it, AFHO Chair Kari Parsons emphasised that insurance coverage carriers are sure by HIPAA to safeguard private well being info.
Federal legislation requires carriers “to furnish ‘cheap stories’ OPM determines to be vital,” Parsons wrote, “to not furnish the person claims knowledge of each particular person.”
This isn’t the primary time OPM has requested detailed knowledge from insurers. Within the AFHO remark, Parsons famous OPM had made an analogous proposal in 2010, prompting HIPAA considerations. She described how, after a number of years of negotiations with AFHO, they mentioned — however OPM by no means finalized — an settlement in 2019 for carriers to share de-identified knowledge with OPM.
However since then, Parsons wrote, OPM has collected such detailed info on enrollees and their households that, with OPM’s new request, the company could possibly hint even de-identified information to people.
OPM has not offered any replace since closing feedback in March. The company would want to publish a last determination earlier than something formally modifications.