Skip to main content
Enforcement Edge
June 14, 2023

Things Ain’t What They “Use[d]” to Be: SCOTUS Narrows the Aggravated Identity Theft Statute

Enforcement Edge: Shining Light on Government Enforcement

Last Thursday, on June 8, 2023, the U.S. Supreme Court’s decision in Dubin v. United States unanimously vacated a conviction under the aggravated identify theft statute, 18 U.S.C. § 1028A(a)(1), and ended federal prosecutors’ ability to charge such theft simply because a healthcare fraud defendant used patient information to bill insurers for services actually provided.  Section 1028A(a)(1) imposes a mandatory 2-year prison sentence on a defendant who, “during and in relation to” certain enumerated felonies (including fraud offenses) “knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person.” This mandatory sentence must run consecutively to any sentence imposed for the underlying felony, so the specter of indictment on one or more counts of aggravated identity theft in addition to healthcare or other fraud charges can force defendants to weigh plea offers against the risks of trial and mandatory consecutive prison terms. (Indeed, one of this post’s authors defended just such a healthcare fraud case – successfully, as the charges of aggravated identity theft were all dismissed by the court mid-trial, followed by a jury acquittal on all remaining charges.) While circuits have long been divided on this issue, Dubin narrows the scope of aggravated identity theft statute by holding that defendants only “use” another person’s means of identification “in relation to” a predicate offense when that use is at the “crux” of what makes the conduct criminal, and not merely “an ancillary feature of a billing method.”

Petitioner David Dubin had been charged with Medicaid fraud for submitting a payment claim for psychological testing that overstated the testing provider’s qualifications. Dubin was convicted both of criminal healthcare fraud under 18 U.S.C. § 1347, and of aggravated identity theft under § 1028A, because the prosecution argued that he “used” a “means of identification” in the form of the patient’s Medicaid reimbursement number. Dubin was sentenced to 1 year in prison for the fraud offense and 2 additional years after that for the supposed identity theft. The conviction was affirmed by the Fifth Circuit en banc, but with 8 judges dissenting.

Vacating the Fifth Circuit’s judgment, Justice Sotomayor’s opinion for the Supreme Court criticized “the staggering breadth of the Government’s reading” of this criminal statute, finely parsing the statutory text and context in order to tailor its scope and avoid “implausible” outcomes. The Court emphasized that although “aggravated identity theft” was only used in the statute’s title (rather than its text), that title nonetheless informed the meaning of the statutory term “uses.”  Moreover, the Court concluded that “uses” must be read narrowly, or else it would render superfluous the other covered verbs “transfers” and “possesses.” Ultimately, the government’s “boundless interpretation” of the statute would subject all common billing schemes to prosecution and mandatory 2-year federal sentences--even trivial wire frauds committed by “[a] lawyer who rounds up her hours from 2.9 to 3 and bills her client electronically” or “a waiter who serves flank steak but charges for filet mignon using an electronic payment method.”

The Court concluded that § 1028A(a)(1) is triggered only when the “use” of the person’s identity is “at the crux of what makes the conduct criminal.” Borrowing from Sixth Circuit precedent, the Court elaborated that such “use” must be “fraudulent or deceptive,” with the deception “go[ing] to ‘who’ is involved, rather than just ‘how’ or ‘when’ services were provided.”  In Dubin’s case, the Court concluded, “the crux of [his] overbilling was inflating the value of services actually provided, while the patient’s means of identification was an ancillary part of the Medicaid billing process.” (Concurring separately, Justice Gorsuch lamented that even the Court’s “crux” test could not save the law from being unconstitutionally vague.) As a result, the Court held that Dubin “did not use the patient’s means of identification in relation to a predicate offense within the meaning of §1028A(a)(1),” vacated that conviction, and remanded for further proceedings.

Dubin brings welcome clarity to § 1028A(a)(1), resolving an issue that has vigorously divided circuit courts. By reining in this law, the Supreme Court both honors congressional intent and ensures that aggravated identity theft can no longer serve as a routine threat in federal healthcare fraud and other covered investigations. Instead, going forward, prosecutors should only be able to pursue such charges when the conduct poses the harm of identity theft that the statute was intended to address.

Arnold & Porter represents healthcare providers, life sciences companies, and others facing healthcare fraud and related enforcement actions. For questions on these or any other subject, please reach out to the authors or any of their colleagues in Arnold & Porter’s White Collar Defense & Investigations practice group.

© Arnold & Porter Kaye Scholer LLP 2023 All Rights Reserved. This blog post is intended to be a general summary of the law and does not constitute legal advice. You should consult with counsel to determine applicable legal requirements in a specific fact situation.