The ruling could jeopardize the lone conviction obtained under medical privacy rules that took effect in 2003 and could stop federal prosecutors from pursuing some of the more than 13,000 complaints that have been filed alleging violations of those rules.

The health care industry has long sought to limit the effect of the rules and the 1996 privacy law, the Health Insurance Portability and Accountability Act, on which they are based, although officials at several industry trade groups said Tuesday they did not lobby the Justice Department on this topic.

Hospitals, insurers, doctors and other health care providers that bill for their services are subject to criminal prosecution under the law, according to the June 1 memo signed by Steven G. Bradbury, the Justice lawyer who heads the office of legal counsel.

But a hospital clerk, for example, and other employees cannot face criminal penalties because the law doesn't apply to them, Bradbury wrote.

The memo was the subject of extensive internal debate within the Bush administration, with at least one federal prosecutor voicing opposition to its conclusion.

"As prosecutors in the field, we're disappointed with the opinion," said Emily Langlie, spokeswoman for U.S. Attorney John McKay in Seattle.

Last August, McKay's office obtained a guilty plea from a technician at the Seattle Cancer Care Alliance. Richard W. Gibson was sentenced to 16 months in prison after admitting that he stole the identity of a cancer patient and used the information to obtain credit cards in the patient's name. Gibson bought $9,100 worth of jewelry, video games and a barbecue grill using the cards.

"This case should serve as a reminder that misuse of patient information may result in criminal prosecution," McKay said at the time.

Langlie said prosecutors are waiting to see if Gibson attempts to withdraw his plea or a federal judge intervenes. She said he could be prosecuted for identity theft.

Peter Swire, who was the Clinton administration's top privacy law expert, called the opinion bad law and public policy.

"It looks like they decided on the outcome for political reasons, namely the health care industry's desire to get out from criminal prosecution," said Swire, a law professor at Ohio State University.

Officials at the Justice and Health and Human Services departments declined to comment Tuesday. The existence of the memo was first reported by The New York Times.

Robert Gellman, a consultant on privacy and information policy, said the memo leaves the bulk of the health care work force outside that interpretation.

"In terms of the misuse of records, it's not health care professionals who are the likely problems," Gellman said. "This didn't seem to be such a big issue just a few months ago, when they had the prosecution. I find it puzzling."