About a year ago, I was stationed in downtown D.C. on an especially chilly spring day, watching hundreds of federal employees line up outside their office buildings.
In a humbling exercise, employees were waiting to test whether their entry badges still worked at the Department of Health and Human Services — or whether they’d be walked back out by security because they were among the 10,000 unlucky ones whose jobs had suddenly been eliminated.
I thought back to that day recently as I researched and reported on a significant, under-the-radar proposal from the Office of Personnel Management, which oversees federal workers.
According to a notice posted in December, OPM is seeking personally identifiable medical and pharmaceutical claims information on federal employees and retirees, as well as their family members, who are enrolled in the Federal Employees Health Benefits or Postal Service Health Benefits programs. Just over 8 million Americans get coverage through such plans.
Right now, 65 insurance companies maintain data the agency wants, including information on prescriptions, diagnoses, and treatments. That would put a tremendous amount of personal information about federal employees in the hands of an administration that has earned a reputation for taking retaliatory action against some workers and sharing sensitive data across agencies as part of its immigration and fraud crackdowns.
My colleague Maia Rosenfeld and I wanted to know what lawyers and ethicists who work on health policy issues think about this proposal.
On the one hand, sources told us, this sort of detailed data could be used by the federal government to improve the largest employer-sponsored health insurance system in the country.
But doubts about the Trump administration’s motives percolated through every conversation we had.
“The concern here is the more information they have, they could use it to discipline or target people who are not cooperating politically,” Sharona Hoffman, a health law ethicist at Case Western Reserve University, told me.
And, though the notice states that insurers are legally permitted to disclose “protected health information” to the agency for “oversight,” Hoffman and others raised questions about OPM’s access to such a sweeping database of medical records under federal health privacy laws.
Insurance companies — several of which declined to comment — would have to provide monthly reports to OPM with data on their members. One insurer, CVS Health, said in a public comment that insurers would be breaking the law by providing the information for OPM’s “vague and broad general purposes.” The association that represents many of those companies also has voiced objections to the proposal, which has not yet been finalized.
OPM spokespeople did not respond to our repeated requests for comment.
