Benjamin L. Wallace, US Attorney for the District of Delaware, announced on December 15, 2025, that a federal grand jury in Wilmington, Delaware, returned an indictment charging a South Dakota man, 34, with ordering thousands of opioid pills by stealing the identities of medical professionals with whom he worked. The grand jury also charged him with healthcare fraud for causing fraudulent claims to Medicaid and a private health insurer.
According to court documents, the defendant worked as a medical biller and credentialer, assisting medical professionals and organizations in contracting with health insurers, including Medicaid, and submitting claims for services. Through that work, he gained access to professional licensure information, which he used—without the knowledge or approval of the medical professionals—to order thousands of opioid pills for himself through wholesale pharmaceutical suppliers.
The defendant also falsified his own electronic medical records and other medical documents to present himself as a cancer patient requiring pain management. Based on these false representations, he received treatment from a pain management doctor, causing his private insurer to pay for services that included the installation of an intrathecal pain pump and prescriptions for opioids.
In addition, the defendant falsely represented himself as a licensed health professional. At times, he claimed to be a nurse and fraudulently obtained a medical assistant certification. Using these false credentials, he convinced a Nurse Practitioner to allow him to perform Transcranial Magnetic Stimulation (TMS) therapy on patients. He also misrepresented himself to patients as a nurse and submitted false claims to Medicaid for the TMS therapy.
He is charged with thirteen counts of Aggravated Identity Theft, two counts of Health Care Fraud, and seven counts of obtaining drugs by fraud.
Compliance Perspective
Issue
Healthcare organizations must ensure that access to sensitive information—such as employee credentials, licensure records, patient data, billing systems, and personally identifiable information (PII)—is granted only as needed and monitored appropriately. Individuals with legitimate access can still misuse information to commit fraud, divert controlled substances, or submit false claims if controls are inadequate. Organizations should implement safeguards, including access limitations, auditing of system use, and procedures for reviewing unusual activity, to detect and prevent misuse of sensitive data.
Discussion Points
- Review and update policies related to credentialing, access to sensitive systems, and billing practices. Ensure employees have only the access necessary for their roles and that supervisory oversight or system monitoring is in place for sensitive actions. Facilities may benefit from working with a consultant to assess current protocols, identify risk areas, and implement best-practice safeguards against misuse of legitimate access, identity theft, and fraudulent billing.
- Provide education and training to staff responsible for credentialing, billing, or handling sensitive data. Training should emphasize proper verification procedures, recognition of red flags such as inconsistencies in documentation or unusual access patterns, and reporting obligations when fraud or misrepresentation is suspected. Med-Net Academy offers courses such as Employee Recordkeeping Requirements and Education and The Importance of Proper Licensure – A Case Study, which provide practical guidance on maintaining compliance with staffing, licensure, and documentation standards.
- Conduct routine audits of employee credentials, system access, billing activity, and the handling of PII to ensure records are accurate, access is appropriately limited, PII is protected in accordance with policies and regulations, and internal reporting procedures are followed. Facilities may consider engaging a third-party consultant to perform independent audits, identify gaps, and support corrective actions. Regular reviews help maintain compliance, protect patient and provider information, and reduce the risk of regulatory or enforcement issues.
*This news alert has been prepared by Med-Net Concepts, Inc. for informational purposes only and is not intended to provide legal advice.*