Legislation Search

H.R. 2363: Data Of Government health Entities must be Protected from Overreach by Unelected Nonsecure Disruption Act of 2025

This bill, known as the Data Of Government health Entities must be Protected from Overreach by Unelected Nonsecure Disruption Act of 2025, aims to impose restrictions on who can access systems containing individually identifiable health information managed by the Department of Health and Human Services (HHS). Here is an outline of the main provisions in the bill:

Authorization Restrictions

The bill prohibits unauthorized individuals from accessing specific systems that contain sensitive health information. Access is limited to:

  • Current HHS Officials: Officers, employees, or contractors of the HHS who were eligible to access the system before January 20, 2025, and maintain that eligibility.
  • Individuals with Security Clearances: Those not part of HHS may still access the information if they hold an appropriate security clearance issued following the procedures of the National Security Act, adhere to legal regulations, and meet other specified criteria.

Criteria for Access

For individuals not described as current HHS officials, the bill sets out several criteria for accessing health information, including:

  • Holding a valid security clearance.
  • Not being classified as a special government employee.
  • Having at least one year of continuous service in the civil service by the access date.
  • Completing relevant training in privacy laws and cybersecurity protocols.
  • Signing an ethics agreement with HHS or the Office of Government Ethics.

Penalties for Unauthorized Access

The bill establishes criminal penalties for individuals who knowingly access the specified systems or data without authorization, including possible imprisonment of up to five years or fines. Additionally, there is a statute of limitations of ten years for prosecuting such offenses.

Reporting Requirements

The Inspector General of the HHS is tasked with investigating and reporting any instances of unauthorized access. These reports must detail:

  • A description of the unauthorized actions taken.
  • An assessment of any risks to privacy, national security, and cybersecurity arising from the breach.
  • Information about any halted payments that occurred during the unauthorized access.

Defined Terms

The term "specified system" refers to any system managed by the HHS that contains individually identifiable health information, as defined in the Social Security Act.

Relevant Companies

  • None found

This is an AI-generated summary of the bill text. There may be mistakes.

Show More

Sponsors

6 bill sponsors

Actions

2 actions

Date Action
Mar. 26, 2025 Introduced in House
Mar. 26, 2025 Referred to the House Committee on Energy and Commerce.

Corporate Lobbying

0 companies lobbying

None found.

* Note that there can be significant delays in lobbying disclosures, and our data may be incomplete.

Potentially Relevant Congressional Stock Trades

No relevant congressional stock trades found.