The Trump administration is quietly searching for unprecedented entry to medical data for hundreds of thousands of federal employees and retirees, and their households.
A temporary discover from the Workplace of Personnel Administration may dramatically change which personally identifiable medical info the company obtains, giving it the ability to see prescriptions staff had crammed or what therapy they sought from medical doctors. The regulation would require 65 insurance coverage firms that cowl greater than 8 million Individuals — together with federal employees, retired members of Congress, mail carriers, and their instant members of the family — to supply month-to-month stories to OPM with identifiable well being information on their members.
The proposal is prompting unease from insurers in addition to well being coverage and authorized specialists, who’re involved in regards to the legality of OPM buying such a sweeping database of delicate well being info, and the company’s capability to safeguard it.
OPM may use the information to research prices and enhance the system, stated Sharona Hoffman, a well being regulation ethicist at Case Western Reserve College in Ohio.
“However,” she stated, “they will get very, very detailed and granular information about every thing that occurs. The priority right here is the extra info they’ve, they might use it to self-discipline or goal people who find themselves not cooperating politically.”
OPM spokespeople didn’t reply to repeated requests for remark. The company’s discover asks insurers that supply Federal Staff Well being Advantages or Postal Service Well being Advantages plans to furnish “service use and price information,” together with “medical claims, pharmacy claims, encounter information, and supplier information.” It says the information will “guarantee they supply aggressive, high quality, and inexpensive plans.”
The discover, posted and despatched to insurers in December, doesn’t instruct them to redact figuring out info — a burdensome course of that they would want federal steering to finish.
As a substitute, it states that insurers are legally permitted to reveal “protected well being info” to OPM. A number of specialists in well being coverage and regulation consulted by KFF Well being Information stated they interpreted the request to imply the Trump administration was searching for identifiable information.
The ask comes a yr right into a Republican administration that has been outlined by haphazard mass layoffs and firings of 1000’s of federal employees, together with dozens who say they have been focused in acts of political retaliation or for not embracing the White Home’s agenda. Beneath President Donald Trump, the federal government has additionally routinely examined the authorized bounds of sharing delicate and personally identifiable tax or well being info throughout authorities companies in its efforts to hold out mass immigration arrests or pursue establish fraud.
“You possibly can anticipate a situation the place this info on 8 million Individuals is now within the palms of OPM and there’s an actual concern of how they use it,” stated Michael Martinez, senior counsel at Democracy Ahead, an advocacy group that filed a public remark opposing OPM’s proposal in February. Martinez beforehand labored at OPM.
“They’ve given no details about how they might deal with that info as soon as they’ve it,” he stated.
Amongst Martinez’s considerations is how the administration would possibly use details about staff who’ve sought abortions — 41 states have some sort of abortion ban — or transgender therapy, medical care that the Trump administration has tried to curb.
The American Federation of Authorities Staff, the most important union representing federal employees, didn’t reply to requests for remark.
Martinez and others who reviewed the discover for KFF Well being Information stated the proposal was so obscure that they have been unsure, precisely, what medical data OPM desires to entry.
On the very least, they stated, the proposal would enable the company to entry the medical and pharmaceutical claims of sufferers with their figuring out info, corresponding to names and delivery dates. Claims information additionally contains diagnoses, remedies, go to size, and supplier info.
OPM’s request to view “encounter information” may enable the company to take a look at “something and every thing,” Hoffman famous.
That would embrace detailed medical data, corresponding to a physician’s notes or after-visit summaries.
Jonathan Foley, who labored at OPM advising on the Federal Staff Well being Advantages program throughout the Obama and Biden administrations, stated he doubts the company has the potential to ingest such trivialities.
The company, nevertheless, may simply start assortment of personally identifiable medical and pharmaceutical claims info from insurers, he stated.
Foley stated he sees a profit to OPM having broader entry to de-identified claims information. In recent times, OPM has ramped up its evaluation of claims information, which has allowed it to look at prescription drug prices and encourage plans to supply federal employees cheaper alternate options. He’s nervous, although, that the Trump administration’s proposal goes too far, as a result of it seems to hunt identifiable information.
“It’s sort of stunning to consider them having protected well being info with out having strict guardrails,” he stated.
The Well being Insurance coverage Portability and Accountability Act of 1996, or HIPAA, requires sure organizations that keep identifiable well being info — corresponding to hospitals and insurers — to guard it from being disclosed with out affected person consent.
These entities can disclose such info with out consent solely in particular eventualities, with a justification that it’s deemed “cheap” or “needed.” Even then, HIPAA mandates that they supply solely the minimal quantity of data required.
OPM argues in its discover that it’s entitled to the knowledge from insurers “for oversight actions.”
However a number of individuals who reviewed the discover questioned whether or not OPM’s clarification for requesting the knowledge is enough.
“The language in it appears fairly broad and encompasses doubtlessly numerous info and information and is type of gentle on justification,” stated Jodi Daniel, a digital well being strategist who helped develop the authorized framework for HIPAA privateness guidelines over twenty years in the past.
A number of main insurers that supply federal worker well being plans — together with the Blue Cross Blue Defend Affiliation, Kaiser Permanente, and UnitedHealthcare — declined to touch upon their plans to adjust to the discover or provide perception on the place plans to implement the information sharing stood.
Just one insurer individually weighed in with a public touch upon OPM’s plan. In March, CVS Well being government Melissa Schulman urged the federal company to rethink its proposal.
“OPM’s request raises substantial HIPAA compliance points,” Schulman wrote, arguing that federal regulation permits the company to look at data however to not gather information. Insurers could be breaking the regulation by offering private well being info for OPM’s “obscure and broad common functions,” she added.
Schulman, who didn’t reply to further questions from KFF Well being Information, additionally raised considerations a few lack of information privateness protections. She famous that insurers could possibly be answerable for safety breaches or different conditions “the place shopper well being info is inappropriately shared and out of doors of our management.”
In 2015, OPM introduced the non-public data of roughly 22 million Individuals had been stolen from the company in a knowledge breach that has been blamed on the Chinese language authorities.
The Affiliation of Federal Well being Organizations, which represents CVS Well being and dozens of different federal well being plan carriers, additionally weighed in with a 122-page remark opposing the discover. In it, AFHO Chair Kari Parsons emphasised that insurance coverage carriers are sure by HIPAA to safeguard private well being info.
Federal regulation requires carriers “to furnish ‘cheap stories’ OPM determines to be needed,” Parsons wrote, “to not furnish the person claims information of each particular person.”
This isn’t the primary time OPM has requested detailed information from insurers. Within the AFHO remark, Parsons famous OPM had made the same proposal in 2010, prompting HIPAA considerations. She described how, after a number of years of negotiations with AFHO, they mentioned — however OPM by no means finalized — an settlement in 2019 for carriers to share de-identified information with OPM.
However since then, Parsons wrote, OPM has collected such detailed info on enrollees and their households that, with OPM’s new request, the company could possibly hint even de-identified data to people.
OPM has not offered any replace since closing feedback in March. The company would want to publish a remaining choice earlier than something formally modifications.
