House and Senate Democrats are urging the Office of Personnel Management to halt its plans for collecting detailed medical data on potentially millions of enrollees in the government’s health insurance programs.
Citing “significant legal, ethical and security concerns,” two recent letters sent to Trump administration officials identified potential legal violations and the possibility of targeting enrollees across the Federal Employees Health Benefits (FEHB) and Postal Service Health Benefits (PSHB) programs.
“The collection of broad, personally identifiable data regarding medical care and treatment raises concerns that OPM could target certain federal employees seeking vital health care services that the administration disagrees with on political grounds,” House Democrats on the Oversight and Government Reform Committee wrote in an April 17 letter, addressed to OPM and the Office of Management and Budget.
“This proposal is another step in the stated goal of traumatizing the federal workforce,” Senate Democrats, led by Sens. Adam Schiff (D-Calif.) and Mark Warner (D-Va.), wrote in a separate April 19 letter to OPM Director Scott Kupor. “We are deeply concerned this information will be used in employment actions, including actions related to hiring, suitability determinations, appeals, reductions in force, disability accommodation requests, labor-management relations and performance reviews.”
Democrats also raised data privacy and security concerns, citing OPM’s data breach in 2015, as well as the Department of Government Efficiency’s access to OPM’s data systems in early 2025.
“Expanding OPM’s access to employee data to include detailed personal health information would significantly heighten the risk of misuse, unauthorized disclosure or exploitation by bad actors,” House lawmakers wrote.
“Past incidents across industries demonstrate that even ‘secure’ systems are vulnerable, and breaches involving health data have historically exposed millions of individuals to identity theft, discrimination and long-term privacy harms,” Senate Democrats wrote.
The two letters come after OPM proposed an information collection request in December 2025, outlining plans to begin requiring the government’s 65 health insurance carriers to submit “service use and cost data,” down to claims-level data from enrollees in the FEHB and PSHB programs, and without expressly restricting carriers from including personal health information.
Democrats are now demanding that OPM stop its health data collection plans and reverse any actions already underway, warning of significant legal and privacy risks.
“Any effort to modernize or improve data systems must prioritize strict privacy protections, transparency and respect for individual rights,” the Senate letter stated.
“The federal government has a role in conducting oversight of federal health insurance programs, but that oversight must be done responsibly and safeguard employees’ privacy,” the House letter stated.
OPM declined to comment on the letters or provide details on the purpose, scope and security measures surrounding the data collection plans. OMB referred all questions on the FEHB data collection to OPM.
In December, OPM’s information collection request stated that the claims-level medical data would be used for “oversight activities” and was necessary for OPM to “manage the FEHB program effectively.”
“This data will enable OPM to oversee health benefits programs and ensure they provide competitive, quality and affordable plans,” OPM wrote.
But stakeholders have raised concerns that the planned data collection would exceed OPM’s statutory authority. Some worried about an invasion of enrollees’ health privacy, the possibility of security breaches and the risk of carriers violating the 1996 Health Insurance Portability and Accountability Act (HIPAA).
In its December proposal, OPM stated that HIPAA allows carriers “to disclose protected health information (PHI), including service use and cost data, to health oversight agencies, such as OPM, for oversight activities.”
While HIPAA allows health carriers to disclose personal health information, HIPAA privacy rules require that health insurers provide personal health information only to “the minimum necessary to accomplish the intended purpose.”
Kari Parsons, chairperson of the Association of Federal Health Organizations, warned that FEHB carriers’ compliance with OPM’s request would inherently violate HIPAA privacy rules.
“OPM does not have the legal authority to request FEHB carriers provide OPM with the [personal health information] of every FEHB member to populate its health claims data warehouse,” Parsons wrote.
OPM’s request has the potential to impact up to 8 million federal employees, retirees and family members enrolled in the FEHB and PSHB programs. The specifics of OPM’s planned use of the claims data, however, remain unclear.
Melissa Schulman, CVS Health’s senior vice president of government and public affairs, said OPM’s collection request goes “far beyond” the norm. She called the proposal “unprecedented in its scope and lack of specificity.”
“Rather than seeking necessary and targeted data in an audit or examination setting, OPM is proposing the wholesale collection of vast amounts of granular data from all FEHB and PSHB carriers,” Schulman wrote in public comments.
The National Active and Retired Federal Employees Association also took issue with OPM’s lack of detail in explaining why it needs the health claims data, how it would be used, and how it would be secured.
“OPM may have legitimate reasons to obtain and analyze the data to reduce costs and help improve health outcomes, but they have not articulated them,” NARFE said last week. “OPM should also commit to only seeking personally de-identified data, to reduce the risks the data could be used inappropriately against employees and to mitigate security risks of unintended disclosure and theft.”
The American Federation of Government Employees pointed to broader concerns of OPM’s information collection request, calling it an “urgent” problem.
“This proposal does not exist in isolation. It comes in the context of coordinated attacks on federal employees and repeated stretching of the legal boundaries for sharing sensitive personal data across government agencies,” AFGE National President Everett Kelley said last week. “OPM has … offered no information about how the data would be protected or how it would be used. That silence is not reassuring.”
Jonathan Foley, former OPM advisor for the FEHB program during both the Obama and Biden administrations, called OPM’s request “a disaster waiting to happen.”
“This is the most sensitive information that they could collect, and they’re not telling you how it’s going to be used, they’re not telling you how they’re going to manage it, and they have a terrible track record,” Foley said in an interview with Federal News Network. “It just leaves you with a lot of questions.”
In public comments on OPM’s December regulations, Foley suggested that as a more secure alternative, OPM could consider using a third-party data management company to collect, manage and store de-identified health data, rather than housing enrollee data directly at OPM.
“Claims data, which is appropriately de-identified, can really deepen the understanding that OPM has and can lead to lots of good initiatives. But you have to collect it and manage it in an appropriate way,” Foley said. “If the data are not handled properly, the privacy risks of this outweigh whatever good OPM could do in managing the FEHB program.”
If you would like to contact this reporter about recent changes in the federal government, please email drew.friedman@federalnewsnetwork.com or reach out on Signal at drewfriedman.11
Copyright
© 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
