California Senators Demand Department of Health and Human Services Identify the Authority Used to Share Personal Information from Medicaid with Homeland Security
Washington, D.C. – Today, U.S. Senators Adam Schiff and Alex Padilla (both D-Calif.) raised the alarm on potential violations of federal privacy laws in the transfer of the personal data of millions of Medicaid recipients to the U.S. Department of Homeland Security (DHS) that could be used to facilitate additional immigration raids furthering the Trump Administration’s mass deportation agenda.
California is one of seven states that was reportedly targeted by DHS for the disclosure of this personally identifiable data.
“We are deeply troubled that this administration intends to use individuals’ private health information for the unrelated purpose of possible enforcement actions targeting lawful noncitizens and mixed status families. The decision by HHS to share confidential health information with DHS is a remarkable departure from established federal privacy protections that should alarm all Americans,” the Senators wrote.
The Senators today asked DHS and the U.S. Department of Health & Human Services (HHS) to provide details and legal justification for how the sharing of data without individuals’ consent did not violate federal law under the Privacy Act, the Health Insurance Portability and Accountability Act (HIPAA) and other regulations governing the government’s use of personal information including addresses and private health information.
The Senators also demanded that DHS destroy any data already shared to prevent any misuse of the personally identifiable information, and to cease these data sharing partnerships with HHS.
The full text of the letter can be found here and below:
Dear Secretary Kennedy, Secretary Noem, and Administrator Oz:
We write to you today to express our alarm regarding reports that Trump administration officials at the U.S. Department of Health and Human Services (HHS) ordered the transfer of highly sensitive personally identifiable information (PII) belonging to millions of Medicaid enrollees to the Department of Homeland Security (DHS). These actions not only raise ethical issues but are contrary to longstanding HHS policy and raise significant concerns about possible violations of federal law under the Privacy Act of 1974, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the Social Security Act. We demand immediate clarification of the actions taken by HHS officials to provide DHS access to any such data. Additionally, we demand that HHS immediately cease sharing access to such data with DHS, and we request that DHS destroy any and all such data provided on the terms of any information sharing agreement between the agencies.
According to reports, on June 10, 2025, two senior advisors at HHS ordered the Centers for Medicare and Medicaid Services (CMS) to provide Medicaid enrollees’ PII – including addresses, names, social security numbers, and immigration status – to DHS, even though CMS officials made clear that “multiple federal statutory and regulatory authorities do not permit CMS to share this information with entities outside of CMS.” This comes as the Trump administration continues to target noncitizens. We are deeply troubled that this administration intends to use individuals’ private health information for the unrelated purpose of possible enforcement actions targeting lawful noncitizens and mixed status families. The decision by HHS to share confidential health information with DHS is a remarkable departure from established federal privacy protections that should alarm all Americans.
We request that you provide the following information by July 9, 2025:
- Identify the federal authority or authorities that HHS relied on to share states’ Medicaid data with other federal agencies, including whether it was for the purposes of immigration enforcement.
- Identify each state Medicaid program whose data was shared with DHS officials and the total number of Medicaid enrollees whose data was shared, including state-by-state totals.
- Identify each type of personal data shared with DHS, such as name, address, and other personally identifiable datapoints.
- Provide copies of each written request from DHS regarding the transfer of state Medicaid data to CMS, including the date of each request, the specific information requested, and the justification for DHS needing such information.
- Provide detailed information on the method used to transfer state Medicaid data from CMS to DHS.
- Provide a copy of a CMS memorandum, dated June 6, 2025, per public reports, signed by Medicaid’s Deputy Director, that outlines legal, regulatory, and ethical prohibitions to sharing state Medicaid data from HHS to DHS.
- Include any additional records, such as correspondence within HHS and between HHS and DHS, in response to the June 6, 2025, memorandum regarding the request and ultimate decision to share this data with DHS.
- Include a copy of the June 10, 2025, email from HHS directing the transfer of “the data to DHS by 5:30 ET today.”
- Provide a copy of any Memoranda of Understanding or Agreement between HHS and DHS regarding the framework of sharing states’ Medicaid data.
- Provide a detailed description of how DHS intends to utilize this information.
- Provide a list of all federal, state, and local agencies with existing access to this information and why it is necessary for each agency to have access to such information.
- Provide a list of all federal, state, and local agencies that your agencies intend to provide this information to and why it is necessary for each agency to have access to such information.
Authorized access, use, and disclosure of sensitive PII health data are subject to federal and state laws enacted to protect individuals and their right to privacy. We demand that this administration immediately reverse all actions contrary to existing privacy laws and restore trust and integrity to the Medicaid program.
###