OPM Wants Your Medical Claims File. Power Has to Prove the Need.

I have seen this play before: a windowless committee room, coffee that tastes like toner, and a surveillance idea introduced as “modernization.” Paper shuffles. Acronyms march. Someone says “oversight” like it is a lullaby. And then your private life becomes a spreadsheet with a federal logo.

This time, the plot lands in health care. The Office of Personnel Management (OPM) is seeking ongoing access to detailed, identifiable health-claims data tied to federal workers, retirees, and their families. If you are among the more than 8 million people covered under the Federal Employees Health Benefits (FEHB) and Postal Service Health Benefits (PSHB) programs, this is not abstract. It is your prescriptions, your diagnoses, and the map of your bad days.

What OPM is asking for

Reported by CBS News and KFF Health News, OPM’s notice would require 65 insurance carriers to send monthly claims-level data to OPM, plus quarterly manufacturer rebate data. The notice labels the collection “service use and cost data,” and describes categories including medical claims, pharmacy claims, encounter data, and provider data.

CBS reports the notice did not instruct insurers to remove identifying details. Multiple experts told CBS they read the request as aiming for identifiable data, not merely de-identified trend lines.

OPM argues the goal is oversight and affordability. In its Paperwork Reduction Act notice, it cites HIPAA’s health oversight pathway as a basis for carriers to disclose protected health information to an oversight agency for authorized oversight activities.

CBS also reports the notice was posted and sent to insurers in December, comments closed in March, and OPM had not provided an update as of the report.

The Orwell check: “service use and cost data” is a euphemism

Translate the phrase. Claims data can reveal what treatment you sought, where you got it, how long the visit was, and which drugs you filled. Calling that “service use and cost data” makes a life story sound like printer ink.

The Paine test: liberty vs. centralized power

The Paine test is simple: does this expand liberty or concentrate power? Centralizing identifiable health information concentrates power. Even if today’s intent is good, the tool can be misused in politics, abused by a future administration, or breached by criminals.

CBS reports legal and policy experts raised concerns about whether the justification is specific enough under HIPAA standards, including the “minimum necessary” principle. That is not a nitpick. That is the bargain.

The liberty ledger and the tradeoff

Potential benefit: OPM gets a powerful dataset to analyze costs, utilization, and plan performance, which in theory could help push down waste and improve pricing.

Real cost: Enrollees take on risk. Identifiable claims data is leverage and exposure. Carriers also face compliance pressure and potential liability if information is shared and later breached, as CBS reports.

OPM’s published privacy materials on its Research and Oversight Repository (ROVR) describe using record-level identifiable data to build person-level longitudinal records across years and across plan changes, and note such data is generally not used for a specific individual except in cases like suspected fraud, waste, or abuse.

And one fact belongs in the header of every memo: CBS notes that in 2015 OPM disclosed a massive breach in which personal records of roughly 22 million people were stolen.

If OPM wants the vault keys, it should earn them in plain language: why identifiable data is necessary, how the collection is minimized, and what independent audits, strict access controls, logging, and retention limits will actually be enforced.