HHS Publishes New General Policy on Criminal Referrals for Regulatory Violations
When individuals and entities violate Health and Human Services (HHS) regulations, HHS may choose to make a criminal referral to the Department of Justice (DoJ). For instance, when a healthcare employee accesses patient data without authorization for financial gain or in order to inflict harm on an individual, there may be criminal charges for the violation.
The HHS has recently published its plans to address regulations that impose criminal liability, following on from President Trump’s Executive Order on Fighting Overcriminalization in Federal Regulations (Executive Order 14294). The Executive Order is intended to reduce the regulatory burden on everyday Americans and ensure that no American faces criminal charges for violating a regulation that they have no reason to know exists.
The Executive Order states that the policy of the United States is criminal enforcement of criminal regulatory offenses is disfavored, and the prosecution of criminal regulatory offenses is most appropriate “for persons who know or can be presumed to know what is prohibited or required by the regulation and willingly choose not to comply, thereby causing or risking substantial public harm.” Strict liability offenses are “generally disfavored,” and when enforcement is appropriate, agencies should consider civil rather than criminal penalties.
All agencies promulgating regulations that could potentially result in criminal charges are required to explicitly describe the conduct subject to criminal enforcement, the statutes that authorize it, and the mens rea standard applicable to those resources. On June 24, 2025, the Office of the Secretary of the HHS published a notice in the Federal Register to advise the public that by May 9, 2026, the HHS will provide the Director of the Office of Management and Budget (OMB) with a list of all criminal regulatory offences, the range of potential penalties, and the applicable mens rea for each criminal regulatory offense, pursuant to the Executive Order.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
HHS has also shared a new general policy on the factors it will take into account when determining whether to make a criminal referral to the DoJ, matching those in the Executive Order.
- The harm or risk of harm, pecuniary or otherwise, caused by the alleged offense;
- The potential gain to the putative defendant that could result from the offense;
- Whether the putative defendant held specialized knowledge, expertise, or was licensed in an industry related to the rule or regulation at issue; and
- Evidence, if any is available, of the putative defendant’s general awareness of the unlawfulness of his conduct as well as his knowledge or lack thereof of the regulation at issue.
