2026年4月8日 美国东部时间凌晨5:00 / 哥伦比亚广播公司新闻
特朗普政府正悄然寻求获取数百万联邦员工、退休人员及其家属医疗记录的前所未有的权限。
美国人事管理办公室发布的简短通知可能会极大改变该机构可获取的个人可识别医疗信息范围,使其有权查看员工已配取的处方或他们就医的情况。该新规将要求覆盖超过800万美国人的65家保险公司——包括联邦员工、退休国会议员、邮递员及其直系亲属——每月向人事管理办公室提交包含其成员可识别健康数据的报告。
该提案引发了保险公司以及健康政策和法律专家的不安,他们担忧人事管理办公室获取如此大规模的敏感健康信息数据库的合法性,以及该机构保护这些数据的能力。
俄亥俄州凯斯西储大学的健康法律伦理学家莎罗娜·霍夫曼表示,人事管理办公室可以利用这些数据分析成本并改进系统。
“但”,她说,“他们将获取极其详细和具体的所有相关数据。这里的担忧在于,他们掌握的信息越多,就越可能利用这些信息惩戒或针对那些在政治上不配合的人。”
人事管理办公室发言人未回应多次置评请求。该机构的通知要求提供联邦员工健康保险或邮政服务健康保险计划的保险公司提供“服务使用和成本数据”,包括“医疗索赔、药房索赔、就诊数据和提供商数据”。通知称,这些数据将“确保他们提供具有竞争力、高质量且负担得起的保险计划”。
这份于12月发布并发送给保险公司的通知并未要求他们删除可识别信息——这是一个繁琐的流程,保险公司需要联邦政府的指导才能完成。
相反,通知称保险公司在法律上允许向人事管理办公室披露“受保护的健康信息”。凯撒家庭基金会健康新闻咨询的几位健康政策和法律专家表示,他们将该请求解读为特朗普政府正在寻求可识别数据。
此次要求提出之际,正值共和党政府执政一年,其标志性政策是随意大规模裁员和解雇数千名联邦员工,其中数十人表示他们是政治报复或不支持白宫议程的目标。在唐纳德·特朗普总统任期内,美国政府还 routinely 测试了跨政府机构共享敏感和个人可识别税务或健康信息的法律边界,以开展大规模移民逮捕或追查身份欺诈。
“可以预见,800万美国人的此类信息如今将落入人事管理办公室手中,人们真正担忧的是他们会如何使用这些信息,”民主前进组织的高级顾问迈克尔·马丁内斯说道,该组织于2月提交了公开评论反对人事管理办公室的提案。马丁内斯此前曾在人事管理办公室工作。
“他们未提供任何关于获取信息后将如何处理的信息,”他说。
马丁内斯的担忧之一包括政府可能如何利用寻求过堕胎服务的员工信息——41个州都有某种形式的堕胎禁令——或跨性别治疗的信息,而特朗普政府曾试图限制这些医疗服务。
代表联邦员工的最大工会美国联邦政府雇员联合会未回应置评请求。
马丁内斯和其他为凯撒家庭基金会健康新闻审查该通知的人士表示,该提案过于模糊,他们无法确切得知人事管理办公室想要获取哪些医疗记录。
他们表示,至少该提案将允许该机构访问带有患者识别信息(如姓名和出生日期)的医疗和药房索赔数据。索赔数据还包括诊断、治疗、就诊时长和提供商信息。
霍夫曼指出,人事管理办公室对“就诊数据”的查看请求可能会让该机构查看“任何和所有东西”。
这可能包括详细的医疗记录,如医生笔记或就诊后总结。
乔纳森·福利曾在奥巴马和拜登政府期间于人事管理办公室担任联邦员工健康保险项目顾问,他表示他怀疑该机构是否有能力处理如此琐碎的细节。
但他说,该机构可以轻松开始从保险公司收集个人可识别的医疗和药房索赔信息。
福利表示,他认为人事管理办公室更广泛地访问去识别化索赔数据是有好处的。近年来,人事管理办公室加强了对索赔数据的分析,这使其能够审查处方药成本并鼓励保险计划为联邦员工提供更便宜的替代方案。不过,他担心特朗普政府的提案走得太远,因为它似乎在寻求可识别数据。
“想到他们在没有严格防护措施的情况下持有受保护的健康信息,着实令人震惊,”他说。
1996年的《健康保险流通与责任法案》(HIPAA)要求某些持有可识别健康信息的机构——如医院和保险公司——保护这些信息,未经患者同意不得披露。
这些机构只有在特定情况下才能未经同意披露此类信息,且理由必须被认定为“合理”或“必要”。即便如此,HIPAA也要求他们仅提供所需的最低限度信息。
人事管理办公室在通知中辩称,它有权从保险公司获取这些信息“用于监督活动”。
但几位审查该通知的人士质疑人事管理办公室请求信息的解释是否充分。
“其中的语言似乎相当宽泛,可能涵盖大量信息和数据,且理由说明略显不足,”乔迪·丹尼尔说道,她是一位数字健康战略家,曾在二十多年前帮助制定了HIPAA隐私规则的法律框架。
几家提供联邦员工健康保险计划的大型保险公司——包括蓝十字蓝盾协会、凯撒医疗集团和联合健康集团——拒绝就其遵守通知的计划或实施数据共享的进展情况置评。
仅有一家保险公司单独就人事管理办公室的计划提交了公开评论。今年3月,CVS健康公司高管梅利莎·舒尔曼敦促联邦机构重新考虑其提案。
“人事管理办公室的请求引发了严重的HIPAA合规问题,”舒尔曼写道,她认为联邦法律允许该机构审查记录,但不允许其收集数据。她补充道,保险公司为人事管理办公室的“模糊且宽泛的一般目的”提供个人健康信息将构成违法。
舒尔曼未回应凯撒家庭基金会健康新闻的额外问题,她还提出了对数据隐私保护缺失的担忧。她指出,保险公司可能会为安全漏洞或“消费者健康信息被不当共享且超出我们控制范围”的其他情况承担责任。
2015年,人事管理办公室宣布约2200万美国人的个人记录在数据泄露事件中被盗,此次泄露被归咎于中国政府。
代表CVS健康公司和数十家其他联邦健康保险运营商的联邦健康组织协会也提交了一份122页的评论反对该通知。在评论中,联邦健康组织协会主席卡里·帕森斯强调,保险运营商受HIPAA约束,必须保护个人健康信息。
帕森斯写道,联邦法律要求运营商“向人事管理办公室提供其认定必要的‘合理报告’”,而非“提供每个个人的个人索赔数据”。
这并非人事管理办公室首次向保险公司索要详细数据。帕森斯在评论中指出,人事管理办公室在2010年曾提出过类似提案,当时引发了HIPAA相关担忧。她描述了在与联邦健康组织协会进行数年谈判后,双方曾讨论过——但人事管理办公室最终未敲定——2019年运营商向人事管理办公室分享去识别化数据的协议。
但自那以后,帕森斯写道,人事管理办公室已经收集了关于参保者及其家属的如此详细的信息,以至于随着人事管理办公室的新提案,该机构甚至可能将去识别化记录追踪到个人。
人事管理办公室在3月关闭评论后未提供任何最新进展。该机构需要在任何正式变更生效前发布最终决定。
凯撒家庭基金会健康新闻是一家专注于健康问题深度报道的全国性新闻编辑部,也是独立健康政策研究、民意调查和新闻资讯来源凯撒家庭基金会的核心运营项目之一。
Trump administration personnel agency is asking for federal workers’ medical records
April 8, 2026 5:00 AM EDT / CBS News
The Trump administration is quietly seeking unprecedented access to medical records for millions of federal workers and retirees, and their families.
A brief notice from the Office of Personnel Management could dramatically change which personally identifiable medical information the agency obtains, giving it the power to see prescriptions employees had filled or what treatment they sought from doctors. The regulation would require 65 insurance companies that cover more than 8 million Americans — including federal workers, retired members of Congress, mail carriers, and their immediate family members — to provide monthly reports to OPM with identifiable health data on their members.
The proposal is prompting unease from insurers as well as health policy and legal experts, who are concerned about the legality of OPM acquiring such a sweeping database of sensitive health information, and the agency’s ability to safeguard it.
OPM could use the data to analyze costs and improve the system, said Sharona Hoffman, a health law ethicist at Case Western Reserve University in Ohio.
“But,” she said, “they are going to get very, very detailed and granular data about everything that happens. The concern here is the more information they have, they could use it to discipline or target people who are not cooperating politically.”
OPM spokespeople did not respond to repeated requests for comment. The agency’s notice asks insurers that offer Federal Employees Health Benefits or Postal Service Health Benefits plans to furnish “service use and cost data,” including “medical claims, pharmacy claims, encounter data, and provider data.” It says the data will “ensure they provide competitive, quality, and affordable plans.”
The notice, posted and sent to insurers in December, does not instruct them to redact identifying information — a burdensome process that they would need federal guidance to complete.
Instead, it states that insurers are legally permitted to disclose “protected health information” to OPM. Several experts in health policy and law consulted by KFF Health News said they interpreted the request to mean the Trump administration was seeking identifiable data.
The ask comes a year into a Republican administration that has been defined by haphazard mass layoffs and firings of thousands of federal workers, including dozens who say they were targeted in acts of political retaliation or for not embracing the White House’s agenda. Under President Donald Trump, the government has also routinely tested the legal bounds of sharing sensitive and personally identifiable tax or health information across government agencies in its efforts to carry out mass immigration arrests or pursue identify fraud.
“You can anticipate a scenario where this information on 8 million Americans is now in the hands of OPM and there’s a real concern of how they use it,” said Michael Martinez, senior counsel at Democracy Forward, an advocacy organization that filed a public comment opposing OPM’s proposal in February. Martinez previously worked at OPM.
“They’ve given no information about how they would treat that information once they have it,” he said.
Among Martinez’s concerns is how the administration might use information about employees who have sought abortions — 41 states have some type of abortion ban — or transgender treatment, medical care that the Trump administration has tried to curb.
The American Federation of Government Employees, the largest union representing federal workers, did not respond to requests for comment.
Martinez and others who reviewed the notice for KFF Health News said the proposal was so vague that they were uncertain, exactly, what medical records OPM wants to access.
At the very least, they said, the proposal would allow the agency to access the medical and pharmaceutical claims of patients with their identifying information, such as names and birth dates. Claims data also includes diagnoses, treatments, visit length, and provider information.
OPM’s request to view “encounter data” could allow the agency to look at “anything and everything,” Hoffman noted.
That could include detailed medical records, such as a doctor’s notes or after-visit summaries.
Jonathan Foley, who worked at OPM advising on the Federal Employees Health Benefits program during the Obama and Biden administrations, said he doubts the agency has the capability to ingest such minutiae.
The agency, however, could easily begin collection of personally identifiable medical and pharmaceutical claims information from insurers, he said.
Foley said he sees a benefit to OPM having broader access to de-identified claims data. In recent years, OPM has ramped up its analysis of claims data, which has allowed it to examine prescription drug costs and encourage plans to offer federal workers cheaper alternatives. He’s worried, though, that the Trump administration’s proposal goes too far, because it appears to seek identifiable data.
“It’s kind of shocking to think of them having protected health information without having strict guardrails,” he said.
The Health Insurance Portability and Accountability Act of 1996, or HIPAA, requires certain organizations that maintain identifiable health information — such as hospitals and insurers — to protect it from being disclosed without patient consent.
Those entities can disclose such information without consent only in specific scenarios, with a justification that it is deemed “reasonable” or “necessary.” Even then, HIPAA mandates that they provide only the minimum amount of information required.
OPM argues in its notice that it is entitled to the information from insurers “for oversight activities.”
But several people who reviewed the notice questioned whether OPM’s explanation for requesting the information is sufficient.
“The language in it seems quite broad and encompasses potentially a lot of information and data and is sort of light on justification,” said Jodi Daniel, a digital health strategist who helped develop the legal framework for HIPAA privacy rules over two decades ago.
Several major insurers that offer federal employee health plans — including the Blue Cross Blue Shield Association, Kaiser Permanente, and UnitedHealthcare — declined to comment on their plans to comply with the notice or offer insight on where plans to implement the data sharing stood.
Only one insurer individually weighed in with a public comment on OPM’s plan. In March, CVS Health executive Melissa Schulman urged the federal agency to reconsider its proposal.
“OPM’s request raises substantial HIPAA compliance issues,” Schulman wrote, arguing that federal law allows the agency to examine records but not to collect data. Insurers would be breaking the law by providing personal health information for OPM’s “vague and broad general purposes,” she added.
Schulman, who did not respond to additional questions from KFF Health News, also raised concerns about a lack of data privacy protections. She noted that insurers could be liable for security breaches or other situations “where consumer health information is inappropriately shared and outside of our control.”
In 2015, OPM announced the personal records of roughly 22 million Americans had been stolen from the agency in a data breach that has been blamed on the Chinese government.
The Association of Federal Health Organizations, which represents CVS Health and dozens of other federal health plan carriers, also weighed in with a 122-page comment opposing the notice. In it, AFHO Chair Kari Parsons emphasized that insurance carriers are bound by HIPAA to safeguard personal health information.
Federal law requires carriers “to furnish ‘reasonable reports’ OPM determines to be necessary,” Parsons wrote, “not to furnish the individual claims data of every individual.”
This isn’t the first time OPM has requested detailed data from insurers. In the AFHO comment, Parsons noted OPM had made a similar proposal in 2010, prompting HIPAA concerns. She described how, after several years of negotiations with AFHO, they discussed — but OPM never finalized — an agreement in 2019 for carriers to share de-identified data with OPM.
But since then, Parsons wrote, OPM has collected such detailed information on enrollees and their families that, with OPM’s new request, the agency may be able to trace even de-identified records to individuals.
OPM has not provided any update since closing comments in March. The agency would need to publish a final decision before anything officially changes.
KFF Health News is a national newsroom that produces in-depth journalism about health issues and is one of the core operating programs at KFF — the independent source for health policy research, polling, and journalism.
发表回复