LegisTrack
Back to all bills
HR 2363119th CongressIn Committee

DOGE POUND Act of 2025

Introduced: Mar 26, 2025
View on Congress.gov
Standard Summary
Comprehensive overview in 1-2 paragraphs

The DOGE POUND Act of 2025 is a security-focused bill that would significantly restrict who may access U.S. Department of Health and Human Services (HHS) systems that contain individually identifiable health information. It creates a two-track eligibility standard: (a) current or continuing access for HHS officers, employees, or contractors who were eligible before January 20, 2025 and remained eligible; or (b) access for others only if they hold an appropriate security clearance under the National Security Act, meet privacy, cybersecurity, and ethics requirements, have at least one year of continuous civil service, and have completed required training. The act imposes penalties for improper access, requires the Inspector General to report unauthorized access to Congress within 30 days of any incident, and defines the scope of “specified systems” as HHS systems containing identifiable health information. Overall, it aims to harden controls around health data access and increase accountability, potentially slowing or narrowing who can work with such data.

Key Points

  • 1Short title and purpose: The bill designates the act as the DOGE POUND Act of 2025 (and its full long-form title) and establishes a nationwide standard to limit access to systems containing individually identifiable health information.
  • 2Access restrictions (two pathways):
  • 3- Path 1: An HHS officer, employee, or contractor who was eligible to access the system before January 20, 2025 and continued to be eligible thereafter.
  • 4- Path 2: A non-HHS individual who (A) holds an appropriate security clearance under the National Security Act procedures, (B) would not violate 18 U.S.C. 208, (C) is not a Special Government Employee, (D) has at least one year of current continuous civil service, (E) completed required privacy, cybersecurity, and national security training, and (F) signed a written ethics agreement with HHS or the Office of Government Ethics.
  • 5Penalties for violations: Violators who knowingly access or authorize access in violation of the act could be imprisoned up to 5 years, fined, or both; the statute of limitations for such offenses extends up to 10 years after the offense.
  • 6IG reporting requirement: The HHS Inspector General must investigate every instance of unauthorized access and report to Congress within 30 days, detailing what occurred, risk assessments, and any stopped payments tied to the unauthorized access.
  • 7Scope of systems covered: The term “specified system” covers any HHS system that contains individually identifiable health information, as defined in Social Security Act section 1171(6).

Impact Areas

Primary group/area affected- HHS personnel (officers, employees, and contractors) and their access to systems with identifiable health information, subject to the eligibility criteria.Secondary group/area affected- Individuals outside HHS who might access such systems, but only if they obtain an appropriate security clearance and meet the defined conditions (privacy/cybersecurity training, ethics agreement, tenure, etc.).Additional impacts- Strengthened data security and privacy oversight for health information, with penalties and mandatory IG reporting increasing accountability.- Potential administrative and operational costs related to processing clearances, training, and ongoing compliance.- Possible effects on data-sharing, research, and interagency collaboration if access requirements slow or constrain permissible access to health information systems.
Generated by gpt-5-nano on Nov 18, 2025