Following a pair of massive data breaches, The Office of Personnel Management (OPM) rewrote its privacy regulations to allow legislators and outside entities to look through its databases for signs of data breaches.

Systems holding medical files and nearly 40 other types of records will be available for probing, Nextgov reported. The update allows for personal information to be shared with outside entities when the agency suspect or confirms a compromised system.

These entities can include external agencies, firms or any “appropriate persons and entities.”

The agency will continue to look into security weak spots and has already identified the e-QIP system as a liability.

The public has 30 days to comment on the rewritten policy and can do so online.

To date, OPM breaches impacted more than 25 million individuals and prompted the resignation of agency Director Katherine Archuleta.