DOGE POUND Act of 2025
- Bill Number
- H.R. 2363
- Origin Chamber
- House
- Congress
- 119th Congress, Session 1
- Policy Area
- Commerce
- Status
- Introduced
- Latest Action
- 2025-03-26: Referred to the House Committee on Energy and Commerce.
- Last Updated
- 2025-05-14T14:07:55Z
AI-Generated Summary
Purpose
The legislation aims to protect sensitive health data by restricting access to certain Department of Health and Human Services (HHS) systems that contain personally identifiable health information (data that can identify individuals, such as medical records). It prevents unauthorized individuals, particularly those appointed after January 20, 2025, from accessing these systems without meeting strict eligibility criteria, to safeguard privacy, cybersecurity, and national security.
Key Provisions
- Access Restrictions: No one can access, control, or use data from "specified systems" (HHS-maintained databases with individually identifiable health information) unless they are:
- An existing HHS officer, employee, or contractor who was eligible to access the system before January 20, 2025, and remains eligible afterward; or
- A non-HHS individual who meets all of the following:
- Holds an appropriate-level security clearance granted under federal national security procedures.
- Their access does not violate federal conflict-of-interest laws (18 U.S.C. § 208), with exceptions applied.
- Is not a "special government employee" (a temporary or intermittent federal worker).
- Has at least one year of continuous civil service experience (full-time federal employment under Title 5 of the U.S. Code).
- Has completed required training on privacy laws, cybersecurity, and national security.
- Has signed a written ethics agreement with HHS or the Office of Government Ethics.
- Penalties for Violations: Anyone who knowingly accesses or authorizes access in violation of these rules faces up to 5 years in prison, fines under federal law, or both. The statute of limitations for prosecution is extended to 10 years (longer than the standard 5 years for most federal crimes).
- Reporting Requirements: The HHS Inspector General must investigate any unauthorized access and report to Congress within 30 days. Reports must detail the incident, assess risks to privacy, security, or system integrity, and describe any halted payments or operations during the breach.
Significant Changes to Existing Law
- Introduces new, specific barriers to access for HHS health data systems, overriding other laws to prioritize pre-2025 eligibility or rigorous qualifications for newcomers.
- Adds criminal penalties and an extended 10-year prosecution window tailored to these systems, which were not previously detailed in this way under laws like the Health Insurance Portability and Accountability Act (HIPAA), which focuses on privacy but lacks these access controls.
- Mandates rapid Inspector General reporting to Congress, enhancing oversight beyond standard internal HHS procedures.
Potential Impacts
- On Government Agencies: HHS operations may face delays during administrative transitions (e.g., new presidential appointees post-January 20, 2025), as access is limited to vetted personnel, potentially slowing policy implementation or data-driven decisions. The Inspector General's workload increases with mandatory investigations and reports.
- On Citizens: Strengthens protection of personal health data from unauthorized use, reducing risks of privacy breaches, identity theft, or misuse, but could indirectly affect service delivery if access restrictions hinder timely healthcare administration.
- On International Relations: Minimal direct impact, though enhanced cybersecurity for health data could indirectly support U.S. positions in global data privacy discussions (e.g., with allies on health information sharing).
Main Stakeholders Affected
- HHS Employees and Contractors: Existing staff benefit from continued access; new or external hires face hurdles to gain eligibility.
- Political Appointees and New Administrators: Individuals appointed after January 20, 2025 (e.g., during a presidential transition), may be barred unless they meet civil service and ethics requirements, limiting their role in health data management.
- Citizens and Patients: Those whose health data is stored in HHS systems gain enhanced privacy protections.
- Congress and Oversight Bodies: Gains detailed reports for accountability, empowering legislative oversight of HHS.
- Federal Ethics and Security Officials: Involved in clearances, training, and agreements, increasing their responsibilities.
Notable Legal, Constitutional, or Political Implications
- Legal: Reinforces federal privacy and conflict-of-interest laws (e.g., by referencing 18 U.S.C. § 208) but creates potential enforcement challenges, as courts may need to interpret "specified systems" broadly under HIPAA definitions. The 10-year statute of limitations exceeds norms, possibly facing due process challenges if seen as overly punitive.
- Constitutional: Could raise separation of powers concerns if it unduly restricts the executive branch's (President's) authority to appoint and manage agency personnel, potentially conflicting with appointment powers under Article II of the Constitution.
- Political: The bill's timing (effective around a presidential inauguration) and acronym ("DOGE POUND Act," referencing a meme-associated figure) suggest partisan motivations to limit incoming administrations' access to sensitive data, which might fuel debates on executive transitions and government continuity without altering the bill's neutral protections for health information integrity.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Cosponsors (5)
Rep. Goldman, Daniel S. [D-NY-10], Rep. Carter, Troy A. [D-LA-2], Rep. Pressley, Ayanna [D-MA-7], Rep. Sánchez, Linda T. [D-CA-38], Rep. Quigley, Mike [D-IL-5]
Recent Actions
- 2025-03-26: Referred to the House Committee on Energy and Commerce.
- 2025-03-26: Introduced in House
- 2025-03-26: Introduced in House
Bill Versions
- Data Of Government health Entities must be Protected from Overreach by Unelected Nonsecure Disruption Act of 2025 — issued 2025-03-26 — PDF (5 pages)