News & Insights

Client Alert

June 14, 2023

Supreme Court Rejects Government's Broad Use of the Aggravated Identity Theft Statute to Impose Two-Year Mandatory Minimum Sentences in Fraud Cases

The aggravated identity theft statute, 18 U.S.C. §1028A, imposes a mandatory two-year sentencing enhancement upon a defendant who “uses” without lawful authority another’s means of identification “during and in relation to” an enumerated predicate felony. Healthcare fraud, mail fraud and wire fraud are some of the enumerated predicate felonies.1See 18 U.S.C. §1028A(c)(5). This statute is extraordinary in that it bars a court, among other things, from (1) imposing probation in any case in which this statute applies, and (2) taking this two-year mandatory minimum into account in determining the length of sentence for any other offenses to be imposed on the defendant. See 18 U.S.C. §1028A(b). While this Client Alert focuses on the statute’s application in a case involving the submission or causing to submit healthcare claims, other commonly charged federal fraud offenses, including wire fraud and mail fraud, qualify as predicate offenses. See 18 U.S.C. §1028A(c). Because “use” can mean many things and most fraud fact patterns involve some use of a person’s means of identification, the Government has taken an expansive view to the application of this statute in fraud cases.

For example, in United States v. Abdelshafi, a case out of the Fourth Circuit, the Government charged the defendant with aggravated identity theft in connection with allegedly inflating the distance it took him to transport Medicaid beneficiaries and submitted claims to Medicaid based on the allegedly inflated distance.2United States v. Abdelshafi, 592 F.3d 602 (4th Cir. 2010). The Government brought this case notwithstanding that its position in the case meant that “every single incident of health care fraud by a provider would also constitute aggravated identity theft.”3Id. at 609.

As illustrated by Abdelshafi, federal courts have struggled to find a logical limitation to the application of this statute in federal fraud cases involving the submission of a claim for payment for healthcare services, the use of someone’s identifying information in connection with communicating about an investment and in other common fact patterns underlying fraud cases as all necessarily involve the “use,” in some sense, of a person’s identity to facilitate the communication involved in the matter. On June 8, 2023, the Supreme Court addressed the meaning of the word “use” under this statute in Dubin v. United States, rejected the Government’s expansive view of the statute and limited its application. In a unanimous decision, the Court held that a defendant’s use of a means of identification must form “the crux of the underlying criminality” and cannot simply be a but-for cause of the commission of the underlying predicate offense.4Dubin v. United States, 599 U. S.   (2023) (slip op., at 10).

This is a positive development in the law insofar as the Court has made it clear that the aggravated identity theft statute does not apply, as the Government had urged, to any and all cases in which a person’s identity was used during the alleged commission of a predicate fraud offense. Given the remaining difficulty in determining when the use of a means of identification will be the “crux” of an offense, however, we can predict that federal prosecutors, defense counsel and lower courts will struggle notwithstanding this decision to determine when this offense may be rightly charged.


In Dubin, federal prosecutors charged the manager of a psychological services company for submitting a claim that falsely stated that a licensed psychologist performed a test on a patient, when in fact only a psychological associate performed the test.5Id. (slip op., at 2). This inflated the claim.6Id. The manager submitted the claim to the government using the patient’s Medicaid reimbursement number, and prosecutors seized on this fact to charge him with aggravated identity theft under §1028A.7Id. (slip op., at 2–3). On these facts, the sentencing judge applied the two-year mandatory minimum in addition to sentencing the defendant on the healthcare fraud offenses of which he had been convicted.8Id. On appeal, a three-judge Fifth Circuit panel affirmed the conviction, holding that under a plain meaning of the term “use,” the defendant used the patient’s information by submitting a claim for reimbursement that misrepresented the service provided.9United States v. Dubin, 982 F.3d 318, 326–27 (5th Cir. 2020), reh'g en banc granted, opinion vacated, 989 F.3d 1068 (5th Cir. 2021), and on reh'g en banc, 27 F.4th 1021 (5th Cir. 2022), vacated and remanded, 599 U. S.   (2023). An en banc panel upheld the conviction for the same reasons.10See United States v. Dubin, 27 F.4th 1021 (5th Cir.), cert. granted, 214 L. Ed. 2d 231, 143 S. Ct. 416 (2022), and vacated and remanded, 599 U. S.   (2023) (affirming “for the reasons set forth in the panel's majority opinion.”).

The Court granted certiorari to resolve a circuit split over the scope of §1028A with the question presented being whether §1028A applies automatically to every instance of healthcare fraud because it necessarily requires the unlawful use of a patient’s means of identification in relation to the offense.11Dubin, 599 U. S., at   (slip op., at 4).

In rejecting the Government’s position, the Court noted that the case turns on the meaning of the words “use” and “in relation to.”12Id. The Government urged the Court to read the words to include conduct whereby the “means of identification ‘facilitates or furthers’ the predicate offense in some way.”13Id. Petitioner instead urged the Court to read §1028A to require a “a genuine nexus” between the predicate offense and use of the identification.14Id. (slip op., at 4–5).

The Court concluded that “[a] defendant ‘uses’ another person’s means of identification ‘in relation to’ a predicate offense when this use is at the crux of what makes the conduct criminal.”15Id. (slip op., at 19–20). It identified five chief reasons for its holding:

  • The title of 18 U.S.C. §1028A is “Aggravated identity theft.” A defendant commits identity theft by “us[ing] the means of identification itself to defraud or deceive.”16Id. (slip op., at 11). That “supports a reading of [§1028A] where use of the means of identification is at the crux of the underlying criminality,” where “the means of identification specifically is a key mover in the criminality.”17Id. (slip op., at 10) (emphasis in original).

  • Section 1028A applies not only to the unlawful use of another’s identification, but to transferring and possessing the same, which “connote[s] theft.”18Id. (slip op., at 12–13). Transferring and possessing the unlawful identification thus require interpreting “in relation to” as something more exacting than just “facilitates or furthers the predicate offense in some way.”19Id. (slip op., at 15) (internal quotations omitted).

  • A mandatory two-year minimum sentencing enhancement should be applied to “situations where the means of identification itself plays a key role” instead of automatically applying to a fraud offense.20Id. (slip op., at 17).

  • The sweeping reading urged by the Government has virtually no bound and would allow prosecutors to “hold the threat of charging an additional 2-year mandatory prison sentence over the head of any defendant who is considering going to trial.”21Id. (slip op., at 19).

As applied to the facts before it, the Court determined that “petitioner’s use of the patient’s name was not at the crux of what made the underlying overbilling fraudulent. The crux of the healthcare fraud was a misrepresentation about the qualifications of petitioner’s employee.”22Id. The decision of the Court of the Appeals for the Fifth Circuit was vacated and remanded.23Id. (slip op., at 21).


The Court’s holding in Dubin makes it clear that use of another’s personal identifying information that is merely incidental to the commission of a specified offense will likely not pass the “crux” test. That should clarify for practitioners and courts alike that the aggravated identify theft enhancement does not apply in cases where excessive reimbursement is sought for services that were provided in whole or in part. Less clear, however, is how this “crux” test may apply in cases in which reimbursement is sought under other fact patterns involving alleged fraud.

Assume that a psychological evaluation clinic serves government healthcare beneficiaries. Assume also that instead of submitting reimbursement requests that misrepresent the nature of the services provided, the operator instead uses his existing patient’s personal identifying information to submit a claim for a psychological examination that was never performed. The operator did not steal the information such that it would be commonly understood as identity theft.

Indeed, the only difference between this hypothetical and the facts in Dubin is that there the clinic performed a service. Did the use of the information form the crux of the underlying healthcare fraud? Does it make a difference if the claim for services that were never performed was submitted along with claims for which services were provided? How about if the clinic serviced the person at one time but the clinic later uses the person’s identification in the submission of a claim for payment for alleged services that were never performed?

In Dubin, the Supreme Court stated that the use of a means of identification in relation to the predicate offense must play a “key role” in the predicate offense.24Id. (slip op., at 17). In each of the scenarios, the predicate offense could not have been committed but for the use of the person’s identification and Supreme Court stated expressly in Dubin that but-for causation is not enough for the statute to be applied. But where the service was not performed, does the use of the identity to seek payment for the claim play a “key role?” If past is prologue, disagreement and litigation about when the aggravated identity statute rightly applies will continue, in spite of this decision.25See id. (Gorsuch, J., concurring in judgment) (concurring slip op., at 1) (“The United States came to this Court with a view of 18 U.S.C. §1028A(a)(1) that would affix that unfortunate label on almost every adult American. Every bill splitter who has overcharged a friend using a mobile-payment service like Venmo. Every contractor who has rounded up his billed time by even a few minutes. Every college hopeful who has overstated his involvement in the high school glee club. All of those individuals, the United States says, engage in conduct that can invite a mandatory 2-year stint in federal prison. The Court today rightly rejects that unserious position. But in so holding, I worry the Court has stumbled upon a more fundamental problem with §1028A(a)(1). That provision is not much better than a Rorschach test. Depending on how you squint your eyes, you can stretch (or shrink) its meaning to convict (or exonerate) just about anyone. Doubtless, creative prosecutors and receptive judges can do the same. Truly, the statute fails to provide even rudimentary notice of what it does and does not criminalize. We have a term for laws like that. We call them vague. And in our constitutional order, a vague law is no law at all.” (citation and quotations omitted).

Notwithstanding this potential for continued disagreement and litigation, Dubin does rein in a significant tool that prosecutors have used all too expansively in federal healthcare prosecutions. It is now up to federal prosecutors and the lower courts to determine whether this narrowing of the statute can be implemented in a clear and consistent fashion so that reasonable notice of when this statute applies is knowable for putative defendants and their counsel.