The "DOGE POUND Act of 2025" aims to protect government health data by restricting access to authorized personnel, mandating security measures, and penalizing unauthorized access with potential imprisonment and fines.
Diana DeGette
Representative
CO-1
The "DOGE POUND Act of 2025" aims to protect sensitive health data by restricting access to Department of Health and Human Services (HHS) systems. It limits access to authorized personnel with proper security clearances, training, and ethical agreements, and imposes penalties for unauthorized access. The Act also mandates the HHS Inspector General to report instances of unauthorized access to Congress.
New Bill Proposes Strict Access Rules for Government Health Data Systems, Sets Penalties
This legislation, dubbed the DOGE POUND Act of 2025, aims to tighten the security around sensitive health information held by the Department of Health and Human Services (HHS). It lays out specific rules about who can access HHS computer systems containing data that could identify individuals, essentially creating two tiers of access.
Who Gets the Keys?
Under Section 2, access to these critical systems is automatically granted only to HHS officers, employees, or contractors who were already eligible before January 20, 2025, and have kept that eligibility. Think of it like being grandfathered in. Anyone else needing access faces a stricter checklist. They must hold the right security clearance, avoid specific conflicts of interest (as defined in Title 18, Section 208 of the US Code), not be a "special Government employee," have at least one continuous year of civil service under their belt, complete mandatory privacy and security training, and sign an ethics agreement. The goal is clear: limit access to sensitive health records to vetted, long-term personnel.
Real-World Hurdles and Penalties
While securing data is crucial, these requirements could create practical challenges. Imagine a sudden public health crisis requiring rapid onboarding of experts or contractors – the one-year service rule or clearance process might slow things down. Researchers needing timely access to anonymized data for studies could also face delays navigating these new hoops. The bill doesn't take violations lightly; anyone knowingly accessing systems improperly or authorizing someone else to do so could face up to five years in prison and significant fines. There's also a lengthy 10-year window to prosecute these offenses.
Keeping Watch
To ensure compliance, the bill tasks the HHS Inspector General with investigating every instance of unauthorized system use or access. Within 30 days of an incident, the IG must report findings to Congress, detailing the breach, assessing risks to privacy and security, and noting any impact on government payments processed through the affected systems. This adds a layer of oversight intended to hold the agency accountable for protecting the data defined as residing within any "specified system" – essentially, any HHS system holding identifiable health information.