In December, the U.S. Office of Personnel Management (OPM) posted a little-noticed document and sent it to health insurers participating in the Federal Employees Health Benefits (FEHB) and Postal Service Health Benefits (PSHB) programs. The notice asked carriers to begin providing a far more expansive set of data about the people they cover, including medical claims, pharmacy claims, provider information, and so-called “encounter data,” which can capture detailed records of patient care.

The notice was posted on December 12, 2025, and its public comment period closed on February 10, 2026. Despite affecting health plans that cover more than 8 million people, the docket drew just six public comments. The issue remained largely out of public view until KFF Health News reported on it on April 7, 2026, translating a technical notice into something far more consequential.

At first glance, this might read like a routine update to how the government oversees its health plans. Yet the more closely you look, the more it becomes clear that this is not one story. It is several layered together, each one raising its own set of concerns. When those layers stack, the issue stops looking administrative and starts looking like a broader test of trust.

The Employer Line That Is Being Crossed

Let’s start with the most intuitive concern. Employers generally do not have routine access to detailed, person-level medical information about their employees. That boundary exists for a reason. Health data is among the most sensitive categories of personal information, and workplace access to it raises immediate questions about privacy, fairness, and potential misuse.

OPM itself has long reflected that norm. Its public guidance states that it typically does not retain an individual’s medical records unless that person files a disputed claim requiring review. In practice, this usually requires a signed consent from the client. The existing model is therefore limited and case-specific, not continuous and comprehensive.

Screenshot from the OPM website, taken on April 8, 2026

The December notice suggests something different. It points toward a system in which detailed health data could flow regularly from insurers to the federal government. Even if the intent is oversight rather than intervention, the shift matters. Once an employer has access to individualized medical information at scale, the nature of the relationship changes. Oversight of a program begins to blur into visibility into people.

Even if the information is never misused, it creates the possibility of abuse, which strengthens discrimination claims. Human Resources 101: Never request or hold more information than you absolutely must have to ensure a plausible deniability defense can hold.

Leave a comment

From Program Data to People Data

There is also a more technical, yet equally important, issue at play. Health systems routinely rely on aggregated or de-identified data to evaluate performance, control costs, and compare insurers. This kind of data answers program-level questions without exposing individual identities.

The distinction is not trivial. Aggregated data can show trends in utilization, spending, and outcomes. Identifiable data, by contrast, can reveal who is receiving what care, when, and from whom. That shift introduces a different set of risks and responsibilities. It also requires heightened justifications.

Federal privacy law, particularly the Health Insurance Portability and Accountability Act (HIPAA), includes a principle known as the “minimum necessary” standard. It holds that entities should only access or disclose the amount of protected health information needed for a specific purpose. The closer a request gets to large-scale, person-level data, the harder it becomes to explain why less sensitive alternatives are insufficient.

OPM’s notice stresses that insurers are “legally permitted” to share protected health information. That framing sidesteps the more important question. Federal law may allow certain disclosures, but it also imposes a “minimum necessary” standard intended to limit precisely this kind of expansive data sharing. The issue is not simply whether this can be done. The question is whether it should be done at all, much less at this scale and with this level of sensitivity.

The inclusion of this language suggests an attempt to circumvent the legality issue to encourage compliance, which is in itself very telling. When making a routine request, there is no need to provide legal cover.

Share The Coffman Chronicle

Not Just Workers, but Families

The scope of this issue extends beyond the federal workforce itself. FEHB and PSHB coverage includes spouses, children, and retirees in addition to current employees. Many of those individuals never chose the federal government as an employer, yet their medical information could be swept into the same data stream.

That detail changes the ethical framing. This is not only about workplace privacy. It is about the potential visibility of deeply personal health information belonging to millions of people who are indirectly connected to the federal government.

A spouse managing a chronic illness, a dependent seeking mental health care, or a retiree navigating complex treatments may all be part of this dataset. The justification for collecting identifiable information becomes harder to defend when it reaches so far beyond the employer-employee relationship.

The American Health Care Context

This proposal also lands in a uniquely American environment. The United States does not have a universal health care system. Instead, it relies on a complex mix of employer-sponsored coverage, public programs, and private insurers operating within a largely for-profit framework.

That system is expensive and often frustrating. Americans pay more per person for health care than residents of other wealthy countries, yet they frequently encounter prior authorization requirements, claim denials, and administrative hurdles. Many people experience the system as adversarial rather than supportive.

In that context, requests for more detailed health data are not received neutrally. They are filtered through years of frustration and distrust. When people hear that another powerful institution wants deeper access to their medical information, they are likely to interpret it as increased scrutiny rather than improved care.

The role of lobbying and industry influence adds another layer. Health policy in the United States is shaped by a dense network of stakeholders with competing interests. That reality can make even well-intentioned policy changes feel suspect, particularly when they involve sensitive personal data.

Share

When the Employer Is the Federal Government

The stakes rise further when the employer in question is the federal government. Unlike a private company, the government holds regulatory authority, administers benefits, and operates at a scale that no private employer can match.

That combination of roles creates a different kind of power dynamic. The concern is not only what the data could be used for today, but what it could enable tomorrow. Policies change, administrations change, and data systems often outlast both.

This is one reason the government angle feels different from an ordinary employer privacy dispute. A private company may be able to affect your job. The federal government can affect your job, your benefits, your regulatory exposure, and other parts of civic life as well. The broader the institution, the harder it is for people to trust that sensitive information will remain confined to one narrow purpose forever.

Americans have a long-standing skepticism of concentrated government power, especially when it intersects with private life. That skepticism is not an abstract political theory. It is a lived instinct that shapes how people interpret actions like this one. Call it the rebel gene or the inherited revolutionary spirit, but it is alive and well. In 2024, a Pew survey found that only 22% of Americans said they trust the federal government to do what is right “just about always” or “most of the time.” A large majority said they trust it only some of the time or never. A survey the year prior found that 71% of Americans were worried about how the government uses people’s data.

PEW 2024 Research on Trust of the Government

Leave a comment

The Present Political Climate

Context matters, and the current political environment cannot be separated from this discussion. The fear isn’t about how a future administration may use such data. The Trump administration has taken strong positions on issues such as abortion and transgender health care, accompanied by forceful rhetoric. That rhetoric has also informed highly restrictive state laws that have effectively limited or shuttered many women’s health procedures or treatments used for a variety of ailments, many of which are not related to abortion.

There is no need to assume data misuse to understand the effect of that context. For individuals seeking reproductive care or gender-affirming treatment, the combination of policy positions and expanded data access can create a sense of vulnerability. Many may postpone needed treatment to avoid scrutiny, and the risk of denials or discrimination claims may rise.

Trust is influenced by timing. A data request that might seem uncomfortable but potentially justifiable under one administration can feel threatening under another. That does not make the fear irrational. It reflects the reality that policy and data do not exist in isolation.

Share The Coffman Chronicle

Pressure Without Saying a Word

Another layer of the story lies in the relationship between OPM and the insurers it oversees. FEHB and PSHB represent a massive market, with dozens of carriers competing to serve millions of covered lives. OPM sets the terms of participation, evaluates performance, and negotiates key aspects of coverage.

In that environment, insurers are not simply vendors dealing with a client. They are participants in a system where the government holds significant leverage. Even without explicit pressure, the dynamics are clear.

If one or two insurers comply with the data request, others may feel compelled to follow. No carrier wants to risk appearing uncooperative in a market of this size. The possibility of being seen as difficult, or of losing ground in future negotiations, can shape behavior without a single threat being made.

This is what institutional pressure looks like in practice. It does not need to be spoken to be understood.

Share

Centralization, Memory, and Risk

The final layer is about what happens when all of this data is brought together. Centralization creates efficiencies, yet it also creates vulnerabilities. A single, large repository of sensitive information becomes an attractive target for cyberattacks and a potential source of widespread harm if breached.

OPM’s own history makes this concern concrete. In 2015, after discovering an intrusion that had begun the year before, the Office of Personnel Management disclosed a massive cyberattack affecting more than 21 million people. The compromised records included not only basic identifiers, but deeply personal background investigation data. This impacted not just employees, but also families and applicants.

That breach is not a distant footnote. It is a reminder that even the most sensitive government systems can fail. When considering a proposal to centralize medical data for millions of people, that history cannot be ignored.

There is also the issue of mission creep. Once a data pipeline exists, its uses can expand over time. What begins as oversight can evolve into something broader, especially as new policy priorities emerge. The existence of the data makes new uses possible in ways that would not otherwise be feasible. It also begs the question of what other information OPM will justify next.

Leave a comment

A Stack of Red Flags

Each of these elements would be enough to warrant scrutiny on its own. An employer seeking detailed medical data raises immediate questions. The distinction between aggregated and identifiable information adds a layer of legal and ethical concern. The inclusion of family members broadens the impact. The structure of the American health care system shapes how the request is perceived. The role of the federal government raises the stakes further. The current political climate intensifies fear. The dynamics between OPM and insurers introduce subtle but real pressure. The history of a major data breach underscores the risks of centralization.

Taken together, they form something larger than the sum of their parts.

This is not a routine policy adjustment. It is a convergence of privacy, power, and trust. In a system where trust is already fragile, that convergence matters.

The question is not simply whether the government can collect this data. It is whether it should, and whether it can do so in a way that earns the confidence of the people whose lives are contained within it.

If the government wants our medical data, the least it could do is provide free universal healthcare first. Until then, we see your red flags and know it does not mean a carnival.

Sources:

• April 8, 2026, KFF Health News, Trump’s Personnel Agency Is Asking for Federal Workers’ Medical Records.

• December 12, 2025, Regulations.gov / Office of Personnel Management, Federal Employees Health Benefits and Postal Service Health Benefits Program Carrier Data Request Notice.

• U.S. Office of Personnel Management, Does OPM have copies of my medical records?.

• July 26, 2013, U.S. Department of Health and Human Services, Minimum Necessary Requirement.

• March 14, 2025, U.S. Department of Health and Human Services, Summary of the HIPAA Privacy Rule.

• June 24, 2024, Pew Research Center, Americans’ Trust in Federal Government and Attitudes Toward It.

• October 18, 2023, Pew Research Center, How Americans View Data Privacy.

• July 9, 2015, U.S. Department of the Interior, Cybersecurity Update.

• November 16, 2015, U.S. Office of Personnel Management, Agency Financial Report 2015.

• January 24, 2025, The White House, Enforcing the Hyde Amendment.

• January 25, 2025, The White House, Fact Sheet: President Donald J. Trump Enforces Overwhelmingly Popular Demand to Stop Taxpayer Funding of Abortion.