In a move that has raised eyebrows and concerns, the Trump administration's Office of Personnel Management (OPM) is seeking access to the medical records of millions of federal workers and their families. This unprecedented request, buried in a brief notice, has sparked unease among insurers, health experts, and legal professionals alike.
The Unveiling of a Controversial Proposal
The OPM's proposal, posted in December, aims to obtain monthly reports from 65 insurance companies covering over 8 million individuals, including federal employees, retirees, and their immediate families. The request seeks 'service use and cost data,' which, when interpreted, implies access to identifiable health information. This includes prescription records, doctor visits, and detailed medical histories.
Legal and Ethical Concerns
Health law ethicist Sharona Hoffman highlights the potential misuse of such detailed data. She warns, "The concern here is the more information they have, they could use it to discipline or target people who are not cooperating politically." This concern is particularly relevant given the administration's track record of mass layoffs and firings, with allegations of political retaliation.
The proposal has also drawn criticism from Michael Martinez of Democracy Forward, who questions the administration's intentions and lack of transparency regarding data handling. He emphasizes the potential misuse of information related to sensitive issues like abortions and transgender healthcare, especially considering the Trump administration's efforts to curb such treatments.
Vague and Troubling Details
The proposal's vagueness has left many, including the American Federation of Government Employees, uncertain about the exact nature of the requested medical records. At the very least, it appears OPM aims to access identifiable medical and pharmaceutical claims data, including diagnoses and treatment details. The request to view 'encounter data' could potentially grant OPM access to even more detailed records, such as doctor's notes and after-visit summaries.
A Step Too Far?
While some, like Jonathan Foley, see benefits in OPM having broader access to de-identified claims data for cost analysis and encouraging cheaper alternatives for federal workers, the proposal's apparent focus on identifiable data has raised red flags. The Health Insurance Portability and Accountability Act (HIPAA) sets strict guidelines for the protection of identifiable health information, and OPM's justification for the request has been questioned by experts like Jodi Daniel, who finds the language 'quite broad' and 'light on justification.'
Insurers' Response and Privacy Concerns
Major insurers, including Blue Cross Blue Shield, Kaiser Permanente, and UnitedHealthcare, have declined to comment on their plans to comply with the notice. However, CVS Health's Melissa Schulman has publicly urged OPM to reconsider, arguing that the proposal raises substantial HIPAA compliance issues and that insurers would be breaking the law by providing personal health information for OPM's 'vague and broad general purposes.' She also highlights concerns about data privacy and the potential for security breaches.
A History of Data Breaches and Uncertainty
OPM's history of data breaches, including the 2015 incident where the personal records of 22 million Americans were stolen, has only added to the concerns surrounding the current proposal. The Association of Federal Health Organizations, representing CVS Health and other federal health plan carriers, has opposed the notice, emphasizing the need for strict data privacy protections.
As of now, OPM has not provided any updates since closing comments in March, and a final decision is yet to be published. The future of this controversial proposal remains uncertain, but its implications for the privacy and potential misuse of sensitive health information are undeniable.
