The Trump administration's request for federal workers' medical records has sparked concern among experts and the public alike. This unprecedented move by the Office of Personnel Management (OPM) could potentially expose sensitive health information of millions of Americans, including federal workers, retirees, and their families. The proposal, which was posted and sent to insurers in December, aims to gather detailed medical data, including prescriptions, treatments, and diagnoses, from 65 insurance companies covering over 8 million people. While OPM claims this data will help improve the system and analyze costs, the potential for misuse and the lack of clear safeguards have raised red flags.
One of the main concerns is the potential for political targeting. Sharona Hoffman, a health law ethicist, warns that OPM's access to granular data could be used to discipline or target individuals who do not align with the administration's political agenda. This is particularly alarming given the recent history of mass layoffs and firings of federal workers under the Trump administration, often cited as acts of political retaliation. The administration's history of pushing the legal boundaries of data sharing, especially in the context of immigration arrests and identity fraud, further adds to the unease.
The proposal's vagueness is another cause for concern. Experts like Michael Martinez and Jonathan Foley question what specific medical records OPM wants to access. The request for 'encounter data' could potentially include detailed medical records, such as doctor's notes, which could be traced back to individuals. This raises serious privacy and security issues, especially considering OPM's history of data breaches, including the theft of personal records of 22 million Americans in 2015.
The Health Insurance Portability and Accountability Act (HIPAA) mandates that organizations protect identifiable health information and only disclose it under specific circumstances. OPM's justification for the request, citing 'oversight activities,' has been questioned by experts like Jodi Daniel, who finds the language too broad and lacking in sufficient justification. Insurers are bound by HIPAA to safeguard personal health information, and breaking this law could have severe consequences.
The insurance industry has responded with caution. CVS Health executive Melissa Schulman has raised concerns about HIPAA compliance and the lack of data privacy protections. The Association of Federal Health Organizations, representing major insurers, has also filed a 122-page comment opposing the notice, emphasizing the importance of safeguarding personal health information. The lack of a final decision from OPM and the need for a public comment period further highlight the ongoing uncertainty surrounding this controversial proposal.
