The U.S. Office of Personnel Management (OPM) has issued details of its plan to seek claims-level access to the medical records of millions of federal workers and retirees as well as their families.

As KFF Health News reported, the brief OPM notice “could dramatically change which personally identifiable medical information the agency obtains, giving it the power to see prescriptions employees had filled or what treatment they sought from doctors.”

According KFF Health News, the regulation would require 65 insurance companies covering more than 8 million Americans—including federal employees, mail carriers and their immediate family members—to provide monthly reports to OPM with identifiable health data on their members.

The proposal is encountering pushback from a number of sources in recent days.

For example, an April 19 letter to OPM Director Scott Kupor expressed a group of 16 Democratic senators’ “grave concern” regarding the notice.

Providing OPM with the type of excess to personal health information that it seeks “would violate the core principles of the Health Insurance Portability and Accountability Act (HIPAA), which was enacted to strictly regulate how protected health information can be disclosed to ensure that patient data is shared only for limited, clearly defined purposes,” the senators wrote.

“Mass, centralized access to identifiable medical records absent individualized consent, clear necessity, or narrowly tailored legal authority undermines those protections and lacks a valid statutory basis.”

The National Active and Retired Federal Employees Association (NARFE) weighed in as well.

In an April 14 statement, NARFE National President William Shackelford said the notice “fails to explain adequately why OPM needs the data, how it will use it, how it will secure it and what safeguards will be in place to protect the privacy of federal employees and retirees.”

OPM “may have legitimate reasons to obtain and analyze the data to reduce costs and help improve health outcomes, but they have not articulated them,” Shackleford continued. He also called on OPM to “commit to only seeking personally de-identified data, to reduce the risks the data could be used inappropriately against employees and to mitigate security risks of unintended disclosure and theft.”

An April 10 statement from Everett Kelley, national president of the American Federation of Government Employees (AFGE), shared similar sentiments.

“OPM has provided no meaningful explanation for why it needs identifiable data rather than the de-identified claims data that would serve any legitimate cost-management purpose,” said Kelley.

Adding that health law experts, former OPM officials and major insurance carriers “have raised serious legal concerns about whether this proposal complies with HIPAA,” Kelley said OPM has also “offered no information about how the data would be protected or how it would be used. That silence is not reassuring.

“Federal employees are public servants,” Kelley continued. “They deserve a government that treats their medical privacy with the same dignity and care they bring to serving the American people every day. This proposal does neither.”

PUBLISHED DATE

07 May 2026

AUTHOR
Mark McGraw, PSHRA

Category

HR News Article

Related Posts

View more

May 2026

Union Leaders Call for Safety Reform After Maryland Highway Worker Deaths

Learn More

May 2026

Report: Financial Stress is Negatively Affecting Employee Productivity

Learn More

May 2026

New Analysis Finds the Value of Volunteering on the Rise

Learn More