Sponsors (2)
The bill strengthens protections against sale and improper transfer of veterans' sensitive data and improves VA oversight, but does so at the cost of higher compliance and procurement expenses, potential short-term service disruptions, and possible limits on legitimate research unless implementation and enforcement are well-resourced.
Veterans' sensitive medical and identity records will be prohibited from being sold or monetized by VA contractors, reducing commercialization of veterans' data.
Veterans and health providers face lower risk of data breaches and misuse because the bill limits third-party transfers of VA-held sensitive information.
VA contracting will include clearer guidance, stronger contract clauses, vendor accountability, and congressional reporting, improving oversight, detection of misuse, and transparency.
Taxpayers and contractors will face higher costs because vendors will incur compliance expenses or VA may pay premiums for vendors that accept stricter data‑handling restrictions.
Veterans and health systems could experience short-term delays or service disruptions if existing contracts must be renegotiated or terminated to comply with the new requirements.
Contractors might evade restrictions by transferring data through subcontractors or other legal workarounds unless VA commits enforcement resources, limiting the law's practical effectiveness.
Based on analysis of 3 sections of legislative text.
Introduced January 27, 2026 by Nikki Budzinski · Last progress January 27, 2026
Prohibits the Department of Veterans Affairs from entering into contracts that allow contractors to sell, monetize, or otherwise disclose for payment any veterans’ protected health information or personally identifiable information. Requires the VA to add a standard contract clause banning such monetization, issue guidance to detect and prevent misuse, and report the clause, guidance, and compliance actions to congressional veterans’ committees within one year.