We Warned You: The MLC’s Quiet Push to Hand Over Our Prescription Data to United Healthcare
The City and MLC's push to save an extra $100m in "healthcare cost savings" includes sharing your welfare fund prescription data and history with Big Healthcare's United Healthcare/UMR
The Municipal Labor Committee has now put it in writing.
In a February 10, 2026 letter to union leaders, the MLC Executive Board confirms what The Wire has been warning about: a coordinated effort to extract prescription drug data from union welfare funds and hand it over to the insurance carriers behind the City’s new NYCE PPO — including UnitedHealthcare’s subsidiary, UMR.
This is not a new development.
It is an admission. A confession.
And it confirms what The Wire exposed in The $100 Million Secret: that the NYCE PPO was always partially built around data and weaponizing it in ways to cut their costs through denial and delay of care while more costs are transferred to us.
This Letter Confirms What the Deal Required All Along
When The Wire first reported on the NYCE PPO, union leaders insisted concerns about data were overblown. But the February 10 MLC letter makes clear that prescription drug data was never incidental to the plan — it was foundational.
The letter acknowledges that welfare funds are expected to “furnish” prescription drug data to carriers, and that once funds representing 75 percent of covered members comply, insurers receive contractual guarantees. That threshold is not accidental. It marks the point at which the dataset becomes large enough, clean enough, and complete enough to be operationalized.
In plain terms: the deal does not fully work unless the data flows.
Restructuring Drug Coverage — Not Improving It
The MLC wants members to believe this data will be used for benign “coordination.” But The $100 Million Secret explained why that language is misleading.
Prescription drug data tells insurers exactly where costs live — and exactly where restrictions can be imposed with the least resistance.
Once UnitedHealthcare and UMR have this data, they can see which drugs drive the most spending, which conditions are chronic, and which patients are dependent on long-term treatment. That is when coverage quietly changes. Formularies narrow. Drugs are reclassified into higher tiers. Prior authorizations multiply. Step therapy becomes routine.
This is not about improving care. It is about managing utilization by limiting access. And once carriers have the data, union welfare funds lose the leverage to fight those changes.
Data as a Weapon: Feeding UnitedHealthcare’s Algorithms
This is the part that is rarely said out loud — but was central to The $100 Million Secret.
UnitedHealthcare and its United Medical Resources (UMR) arm does not use data passively. It feeds it into proprietary AI systems and predictive algorithms designed to control cost and utilization at scale. Prescription drug data is among the most valuable inputs into those systems because it reveals not just past spending, but future risk.
With enough data, algorithms can predict which members are likely to require expensive drugs, which treatments can be delayed, and which patients are least likely to appeal denials. Those predictions are then used to automate decisions that used to require human judgment.
This is how denials become faster, coverage becomes narrower, and appeals become harder — without any single decision-maker taking responsibility.
Once union welfare fund data enters that system, it is no longer being used to help members. It is being used to train models that optimize insurer outcomes. The more complete the dataset, the more powerful the algorithms become.
And those algorithms do not disappear when a contract ends.
Undermining Welfare Funds Through “Efficiency”
As The $100 Million Secret warned, the long-term consequence of data sharing is not just tighter drug coverage. It is the erosion of union welfare funds themselves.
Armed with algorithmic analyses and utilization models, carriers can argue that independent welfare fund drug benefits are inefficient, redundant, or “out of alignment” with centralized systems. Data becomes the evidence used to justify consolidation.
Control shifts quietly — not through a vote, but through dashboards, models, and actuarial projections that only the insurer controls.
This is not partnership. It is displacement by design.
UFT and UMR: The Move Members Were Never Told About
There is another fact members deserve to know.
The UFT has used UMR as a third-party administrator for prescription drug benefits since 2020, as union 990 tax filings reveal — years before the City and MLC formally adopted UMR as part of the NYCE PPO.
Members were never informed. There was no announcement, no explanation, no vote. By the time UMR appeared publicly in City healthcare plans, it had already been embedded inside UFT welfare fund benefits. Nor any ownership about this decision that was likely affected by the big UHC data breach, in 2024.
Did Geof Sorkin, Welfare Fund Director, send us notification about any of this? No.
All of this matters. It means today’s push for prescription data is not a new request. It is the expansion of an arrangement that was deliberately kept out of view.
“HIPAA-Compliant” Is Not the Same as Safe — UnitedHealthcare’s Record Speaks Volumes
The MLC letter leans heavily on assurances of confidentiality and HIPAA compliance if welfare funds share member prescription data. But in the real world, compliance promises mean very little when the corporation at the center of the plan has presided over the largest healthcare data breach in U.S. history.
In February 2024, the tech unit of UnitedHealth Group — the parent of UnitedHealthcare and owner of Change Healthcare, a major healthcare IT and claims processing business in coordination with UMR— was hit by a devastating ransomware attack carried out by the BlackCat criminal group. According to data posted by the U.S. Department of Health and Human Services and reported by Reuters, the breach ultimately impacted approximately 192.7 million people, dwarfing any other healthcare breach on record in the United States.
What makes this breach especially consequential for our debate about data sharing is the type of information that was compromised. The breach affected:
diagnoses
treatment details
health insurance member IDs
billing codes
personal information including Social Security numbers
This wasn’t limited to generic metadata. It was the kind of sensitive information that welfare fund trustees would be asked to hand over if they consent to prescription data sharing under the NYCE PPO.
And the scale of the incident is staggering. Nearly the entire U.S. population was affected — more than half the country’s residents — simply because of one vulnerability in UnitedHealth’s systems.
This was no minor mishap. It was the largest breach ever recorded in the American healthcare system. Other insurers and healthcare IT vendors have experienced breaches affecting millions or tens of millions of records, but UnitedHealth’s incident stands apart in its breadth and severity.
If a company with that track record is asking for access to union welfare fund prescription data, simply because a memo says “we’ll comply with HIPAA,” that should set off alarm bells.
HIPAA compliance means following a set of rules; it does not mean a corporation can secure your data.
And if we’ve learned anything from the Change Healthcare breach — it’s that possessing enormous amounts of sensitive health information can make a company a prime target for hackers, and that when such data is breached, the fallout is massive and long-lasting.
Trust cannot be built on letters, emails and legal assurances alone.
It must be earned through security practices, contractual safeguards, transparency, and a track record of protecting what matters most: people’s lives and their personal information.
This Is the Moment to Refuse Consent
The MLC insists this process is voluntary. But tying financial guarantees to data surrender turns choice into pressure. Union leaders are being asked to trade permanent loss of control for temporary assurances — and to do so quietly.
They will be meeting on Friday, February 13th with the MLC bosses to strategize how to pressure the rest of us into this scheme.
Once prescription data is transferred, it cannot be retrieved. No agreement can undo the loss of leverage that follows.
This is the line.
Union welfare fund trustees and union leaders have a fiduciary duty to protect member benefits and privacy. That duty requires refusing consent, demanding full disclosure, and insisting that members — not back-room committees or algorithms — decide what happens to their data. And, when necessary, renegotiating for specific and meaningful safeguards in our healthcare agreements.
The Wire warned that this moment was coming. The MLC letter confirms it.
The only question left is whether anyone will stop it.
We must not consent.
No means no, Mr. Mulgrew and Mr. Sorkin.
Learn more:
Behind the Gates: How UMR Takes Over Utilization Management In Our Health Plan — and Why the AI & 'Clean Claim' Clauses Should Sound Alarms
Meet United Medical Resources (UMR). They’re not a household name, but under the new NYCEPPO plan, UMR will become the central authority deciding what care you can and cannot get. Acting as the Third Party Administrator for UnitedHealthcare and Emblem, UMR will be the interface every member has to go through for nearly all preauthorizations, claims, and…