Trump’s Personnel Agency Is Asking for Federal Workers’ Medical Records

The Office of Personnel Management’s latest regulatory notice marks a dramatic expansion of federal data collection, asking health insurers to transmit detailed, name‑linked medical and pharmacy claims for millions of federal workers and retirees. Under the proposal, insurers would report monthly on prescriptions filled, diagnoses, provider visits and even encounter notes, sidestepping the usual de‑identification safeguards mandated by HIPAA. While OPM frames the effort as a tool for cost‑control and plan quality improvement, the absence of clear redaction protocols raises immediate legal red flags for insurers tasked with protecting protected health information.

Privacy advocates and legal scholars warn that the aggregation of such granular health data could be weaponized for political purposes, especially given the administration’s recent history of targeting dissenting federal employees. The potential to scrutinize claims related to abortions, gender‑affirming care, or other politically sensitive treatments amplifies concerns about civil‑rights infringements. Moreover, OPM’s own track record—most notably the 2015 breach that exposed 22 million federal records—underscores the risk of a massive data repository falling prey to cyber‑attacks or internal misuse, a scenario that could erode trust in federal health benefits.

Industry response has been cautious and, in some cases, confrontational. Major carriers such as Blue Cross Blue Shield, Kaiser Permanente and UnitedHealthcare have either declined comment or highlighted the legal exposure inherent in providing personally identifiable data. A lone public comment from CVS Health’s executive warned that the request may violate HIPAA’s minimum‑necessary rule, potentially making insurers liable for any subsequent breach. As OPM awaits final rulemaking, stakeholders will be watching for clarifications on data security safeguards, redaction requirements, and the scope of permissible use, all of which will shape the balance between governmental oversight and employee privacy.