DOGE POUND Act of 2025

This bill aims to better protect personal health information stored in federal systems run by the Department of Health and Human Services. It tightly limits who can access these systems and sets clear rules and penalties for breaking them. These rules cover any HHS system that holds individually identifiable health information.

Only certain people can get access. HHS staff or contractors who already had access before January 20, 2025 can keep it. Others must meet strict standards: have a federal security clearance, no conflicts with ethics rules, not be a “special” temporary government worker, have at least one year of continuous civil service, finish required privacy and cybersecurity training, and sign a written ethics agreement. If someone knowingly accesses or authorizes access in the wrong way, they can face up to five years in prison, fines, or both, and prosecutors have up to 10 years to bring a case. If there’s any unauthorized access, the HHS Inspector General must investigate and report to Congress within 30 days, including what happened, any risks to privacy or security, and whether any payments were stopped during the incident.

Key points:

• Who is affected: People working in or with HHS who seek access to systems holding personal health information; indirectly, patients whose data is stored there.
• What changes: Tighter access rules, required clearances and training, and mandatory ethics steps; tough penalties for violations; fast reporting on any unauthorized access.
• When: Uses January 20, 2025 as a cutoff for who already had access; other requirements apply going forward once enacted.