Jay Clayton, the United States Attorney for the Southern District of New York, announced on May 30, 2025, that a Florida man was sentenced to 42 months in prison for participating in a multimillion-dollar conspiracy to defraud Medicare.
From approximately 2016 through April 2019, the defendant operated a call center which cold-called Medicare beneficiaries and used their personal and medical information without the beneficiaries’ knowledge or consent, to prepare prescriptions for durable medical equipment (DME). He then sold these DME prescriptions to co-conspirators who illegally obtained purported signatures or “authorizations” of healthcare providers, so that fraudulent claims could be submitted to Medicare for reimbursement.
From approximately 2017 through April 2019, the defendant also operated two DME supply companies: Company 1, which he used primarily to bill Medicare directly under Medicare Part B; and Company 2, which he used primarily to bill private insurance companies under Medicare Part C, also known as “Medicare Advantage.” To obtain the DME prescriptions used to support his unlawful claims, the defendant purchased prescriptions outright and used patient information obtained from his call center. He also purchased the purported signatures or authorizations of healthcare providers. He caused the two DME supply companies that he controlled to submit claims to Medicare for more than $18 million—through a billing company operated by two co-defendants—of which Medicare paid out nearly $6 million.
In addition to the prison term, the defendant, 52, of West Palm Beach County, Florida, was sentenced to three years of supervised release. He was also ordered to forfeit $6,650,929.76 and pay Medicare restitution in the same amount.
Compliance Perspective
Issue
Submitting claims to Medicare or Medicaid that are known or should be known to be false or fraudulent is illegal and may result in significant penalties. Facilities must have controls in place to ensure billing accuracy and maintain a nonretaliatory environment that encourages staff to report concerns. Additionally, the unauthorized use or disclosure of personal or medical information, including using such information to generate claims without a patient’s knowledge or consent, may violate federal privacy laws such as the Health Insurance Portability and Accountability Act (HIPAA). Violations can result in both civil and criminal penalties. Facilities must implement safeguards to protect patient information and ensure it is only used and disclosed for lawful, authorized purposes.
Discussion Points
- Review your facility’s compliance policies and procedures regularly, at least on an annual basis, to ensure they adequately address the prevention and reporting of false claims. Policies should also address the proper use and protection of patients’ personal and medical information in accordance with HIPAA. Procedures such as the Triple Check Process for verifying the accuracy of Medicare claims should be included and reflect current regulations and best practices.
- Train all staff on compliance, ethics, and privacy policies during orientation and annually. Staff should understand what constitutes a false claim, how to handle patient information appropriately, and their responsibility to report any suspicious activity. They must also understand the importance of only using patient information with proper authorization and reporting privacy violations through appropriate channels such as a supervisor, compliance officer, or the anonymous hotline.
- Conduct periodic internal audits to assess staff awareness of compliance responsibilities, including HIPAA privacy requirements, and to verify that they understand how to report concerns. Audit the use of the Triple Check Process to ensure it is being properly followed, and confirm that any discrepancies are promptly addressed and corrected before claims are submitted.
*This news alert has been prepared by Med-Net Concepts, Inc. for informational purposes only and is not intended to provide legal advice.*