[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[H.R. 7241 Introduced in House (IH)]
<DOC>
119th CONGRESS
2d Session
H. R. 7241
To amend title 38, United States Code, to prohibit the Secretary of
Veterans Affairs from entering into a contract pursuant to which the
contractor may sell sensitive personal information maintained by the
Secretary and to ensure the protection of personal information in
certain contracts of the Department.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
January 27, 2026
Ms. Budzinski (for herself and Mr. Barrett) introduced the following
bill; which was referred to the Committee on Veterans' Affairs
_______________________________________________________________________
A BILL
To amend title 38, United States Code, to prohibit the Secretary of
Veterans Affairs from entering into a contract pursuant to which the
contractor may sell sensitive personal information maintained by the
Secretary and to ensure the protection of personal information in
certain contracts of the Department.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Protect Veterans from the Theft of
Health and Identifying Information in Electronic Forms Act'' or the
``Protect Veterans from the THIEF Act''.
SEC. 2. PROHIBITION OF THE SALE OF SENSITIVE PERSONAL INFORMATION
MAINTAINED BY THE SECRETARY OF VETERANS AFFAIRS.
Section 5725 of title 38, United States Code, is amended by adding
at the end the following new subsection:
``(d) Prohibition of Sale of Sensitive Personal Information.--The
Secretary may not enter into a contract that permits the contractor to
sell (or otherwise disclose for consideration) sensitive personal
information to another entity.''.
SEC. 3. PROTECTION OF PERSONAL INFORMATION IN CONTRACTS OF THE
DEPARTMENT OF VETERANS AFFAIRS.
(a) In General.--Not later than one year after the date of the
enactment of this Act, the Secretary of Veterans Affairs shall--
(1) ensure that each covered contract includes, or is
modified to include, a clause prohibiting covered information
from being monetized, sold, or otherwise misused by any
contractor, including any subcontractor or affiliate thereof,
or other non-Department of Veterans Affairs entity; and
(2) issue a directive or other policy providing guidance to
employees and contractors of the Department on how to identify
the monetization, sale, or misuse of covered information in
order to ensure contractors are in compliance with clauses in
covered contracts included pursuant to paragraph (1).
(b) Report.--Not later than one year after the date of the
enactment of this Act, the Secretary shall submit to the appropriate
congressional committees a report that includes--
(1) a copy of the contract clause required by subsection
(a)(1);
(2) the guidance required by subsection (a)(2); and
(3) a summary of any other actions taken to comply with
subsection (a).
(c) Definitions.--In this section:
(1) The term ``appropriate congressional committees'' means
the Committees on Veterans' Affairs of the House of
Representatives and the Senate.
(2) The term ``covered contract'' means a contract of the
Department of Veterans Affairs that provides for the handling
of covered information and is entered into--
(A) after the date of the enactment of this Act; or
(B) before the date of the enactment of this Act
and does not expire before the date of the enactment of
this Act.
(3) The term ``covered information''--
(A) means protected health information or
personally identifiable information, including such
information that has been anonymized; and
(B) includes information protected under--
(i) section 552a of title 5, United States
Code;
(ii) section 5701 or 7332 of title 38
United States Code;
(iii) parts 160, 161, and 164 of title 45,
Code of Federal Regulations; and
(iv) any other provision of law, as
determined by the Secretary.
<all>