Introduced:
Mar 26, 2025
Policy Area:
Commerce
Congress.gov:
Bill Statistics
3
Actions
5
Cosponsors
0
Summaries
1
Subjects
1
Text Versions
Yes
Full Text
AI Summary
AI Summary
No AI Summary Available
Click the button above to generate an AI-powered summary of this bill using Claude.
The summary will analyze the bill's key provisions, impact, and implementation details.
Error generating summary
Latest Action
Mar 26, 2025
Referred to the House Committee on Energy and Commerce.
Actions (3)
Referred to the House Committee on Energy and Commerce.
Type: IntroReferral
| Source: House floor actions
| Code: H11100
Mar 26, 2025
Introduced in House
Type: IntroReferral
| Source: Library of Congress
| Code: Intro-H
Mar 26, 2025
Introduced in House
Type: IntroReferral
| Source: Library of Congress
| Code: 1000
Mar 26, 2025
Subjects (1)
Commerce
(Policy Area)
Cosponsors (5)
(D-IL)
Apr 21, 2025
Apr 21, 2025
(D-LA)
Mar 26, 2025
Mar 26, 2025
(D-NY)
Mar 26, 2025
Mar 26, 2025
(D-MA)
Mar 26, 2025
Mar 26, 2025
(D-CA)
Mar 26, 2025
Mar 26, 2025
Full Bill Text
Length: 5,254 characters
Version: Introduced in House
Version Date: Mar 26, 2025
Last Updated: Nov 14, 2025 6:23 AM
[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[H.R. 2363 Introduced in House
(IH) ]
<DOC>
119th CONGRESS
1st Session
H. R. 2363
To prohibit the authorization of certain individuals to access certain
systems containing individually identifiable health information.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
March 26, 2025
Ms. DeGette (for herself, Mr. Goldman of New York, Mr. Carter of
Louisiana, Ms. Pressley, and Ms. Sanchez) introduced the following
bill; which was referred to the Committee on Energy and Commerce
_______________________________________________________________________
A BILL
To prohibit the authorization of certain individuals to access certain
systems containing individually identifiable health information.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
[From the U.S. Government Publishing Office]
[H.R. 2363 Introduced in House
(IH) ]
<DOC>
119th CONGRESS
1st Session
H. R. 2363
To prohibit the authorization of certain individuals to access certain
systems containing individually identifiable health information.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
March 26, 2025
Ms. DeGette (for herself, Mr. Goldman of New York, Mr. Carter of
Louisiana, Ms. Pressley, and Ms. Sanchez) introduced the following
bill; which was referred to the Committee on Energy and Commerce
_______________________________________________________________________
A BILL
To prohibit the authorization of certain individuals to access certain
systems containing individually identifiable health information.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1.
This Act may be cited as the ``Data Of Government health Entities
must be Protected from Overreach by Unelected Nonsecure Disruption Act
of 2025'' or the ``DOGE POUND Act of 2025''.
SEC. 2.
CERTAIN SYSTEMS CONTAINING INDIVIDUALLY IDENTIFIABLE
HEALTH INFORMATION.
(a) In General.--Notwithstanding any other provision of law, no
individual may be authorized to use, exercise administrative control
over, or otherwise access any specified system (as defined in
subsection
(d) ), or any data from any such system, unless--
(1) such individual is an officer, employee, or contractor
of the Department of Health and Human Services who--
(A) was otherwise eligible to access such system or
data prior to January 20, 2025; and
(B) continued to be otherwise eligible to access
such system or data between January 20, 2025, and the
date of access to such system or data; or
(2) in the case of an individual not described in paragraph
(1) --
(A) such individual holds a security clearance at
the appropriate level with respect to such system or
data and such clearance was granted pursuant to the
procedures established under
HEALTH INFORMATION.
(a) In General.--Notwithstanding any other provision of law, no
individual may be authorized to use, exercise administrative control
over, or otherwise access any specified system (as defined in
subsection
(d) ), or any data from any such system, unless--
(1) such individual is an officer, employee, or contractor
of the Department of Health and Human Services who--
(A) was otherwise eligible to access such system or
data prior to January 20, 2025; and
(B) continued to be otherwise eligible to access
such system or data between January 20, 2025, and the
date of access to such system or data; or
(2) in the case of an individual not described in paragraph
(1) --
(A) such individual holds a security clearance at
the appropriate level with respect to such system or
data and such clearance was granted pursuant to the
procedures established under
section 801 of the
National Security Act of 1947 (50 U.
National Security Act of 1947 (50 U.S.C. 3161);
(B) such individual's access to such system or
data, or use thereof, does not constitute a violation
of
(B) such individual's access to such system or
data, or use thereof, does not constitute a violation
of
section 208 of title 18, United States Code
(determined after the application of subsection
(b) );
(C) such individual is not a special Government
employee (as defined in
(determined after the application of subsection
(b) );
(C) such individual is not a special Government
employee (as defined in
(b) );
(C) such individual is not a special Government
employee (as defined in
section 202 of title 18, United
States Code);
(D) such individual's current continuous service in
the civil service (as that term is defined in
States Code);
(D) such individual's current continuous service in
the civil service (as that term is defined in
(D) such individual's current continuous service in
the civil service (as that term is defined in
section 2101 of title 5, United States Code) as of the date of
such access is for a period of at least 1 year;
(E) such individual has completed any required
training or compliance procedures with respect to
privacy laws and cybersecurity and national security
regulations and best practices; and
(F) such individual has signed a written ethics
agreement with either the Department of Health and
Human Services or the Office of Government Ethics.
such access is for a period of at least 1 year;
(E) such individual has completed any required
training or compliance procedures with respect to
privacy laws and cybersecurity and national security
regulations and best practices; and
(F) such individual has signed a written ethics
agreement with either the Department of Health and
Human Services or the Office of Government Ethics.
(b) Application of Penalties.--
(1) In general.--Whoever knowingly--
(A) uses, exercises administrative control over, or
otherwise accesses any system or data described in
subsection
(a) in violation of such subsection, or
(B) authorizes the use, exercise of administrative
control over, or other access to any system or data
described in subsection
(a) in violation of such
subsection,
shall be imprisoned not more than 5 years or fined under title
18, United States Code, or both.
(2) Statute of limitations.--Notwithstanding
(E) such individual has completed any required
training or compliance procedures with respect to
privacy laws and cybersecurity and national security
regulations and best practices; and
(F) such individual has signed a written ethics
agreement with either the Department of Health and
Human Services or the Office of Government Ethics.
(b) Application of Penalties.--
(1) In general.--Whoever knowingly--
(A) uses, exercises administrative control over, or
otherwise accesses any system or data described in
subsection
(a) in violation of such subsection, or
(B) authorizes the use, exercise of administrative
control over, or other access to any system or data
described in subsection
(a) in violation of such
subsection,
shall be imprisoned not more than 5 years or fined under title
18, United States Code, or both.
(2) Statute of limitations.--Notwithstanding
section 3282
of title 18, United States Code, no person shall be prosecuted,
tried, or punished for any offense under this subsection unless
the indictment is found or the information is instituted not
later than 10 years after the date on which the offense was
committed.
of title 18, United States Code, no person shall be prosecuted,
tried, or punished for any offense under this subsection unless
the indictment is found or the information is instituted not
later than 10 years after the date on which the offense was
committed.
(c) Reports on Unauthorized Use.--The Inspector General of the
Department of Health and Human Services shall investigate, and submit a
report to Congress on such investigation, each instance of unauthorized
use or other access of any specified system. Any such report shall be
submitted not later than 30 days after any such instance and shall
include--
(1) a detailed description of the unauthorized use or
access, including any actions the individual carried out;
(2) a risk assessment of any threat to privacy, national
security, cybersecurity, or the integrity of the applicable
system as a result of such unauthorized use or access; and
(3) a detailed description of any stopped payments during
the unauthorized use or access.
(d) Specified System.--For purposes of this section, the term
``specified system'' means any system maintained by the Department of
Health and Human Services that contains individually identifiable
health information (as defined in
tried, or punished for any offense under this subsection unless
the indictment is found or the information is instituted not
later than 10 years after the date on which the offense was
committed.
(c) Reports on Unauthorized Use.--The Inspector General of the
Department of Health and Human Services shall investigate, and submit a
report to Congress on such investigation, each instance of unauthorized
use or other access of any specified system. Any such report shall be
submitted not later than 30 days after any such instance and shall
include--
(1) a detailed description of the unauthorized use or
access, including any actions the individual carried out;
(2) a risk assessment of any threat to privacy, national
security, cybersecurity, or the integrity of the applicable
system as a result of such unauthorized use or access; and
(3) a detailed description of any stopped payments during
the unauthorized use or access.
(d) Specified System.--For purposes of this section, the term
``specified system'' means any system maintained by the Department of
Health and Human Services that contains individually identifiable
health information (as defined in
section 1171
(6) of the Social
Security Act (42 U.
(6) of the Social
Security Act (42 U.S.C. 1320d
(6) )).
<all>