On October 8, 2025, Arizona Attorney General Kris Mayes announced that a man had been sentenced to 3.5 years in prison, followed by 7 years of supervised probation, and ordered to pay $45,000 in restitution after defrauding the medical practice where he was employed.
The defendant was sentenced after pleading guilty to Fraudulent Schemes and Artifices, a Class 2 felony, and Money Laundering in the Second Degree, a Class 3 felony.
From June 2017 through March 2021, the defendant was employed by a medical clinic in Mohave County. Over time, the doctor who owned the clinic came to trust him, and the defendant was eventually promoted to office manager. In this role, he was responsible for managing various aspects of the practice, including access to the doctor’s login credentials for the clinic’s electronic medical records and prescription system.
In 2020 and 2021, the defendant used this access on multiple occasions to send unauthorized prescriptions for himself and another employee.
Additionally, between February and December 2020, he created multiple false patient visit records for himself in the clinic’s system, falsely indicating he was receiving physical therapy treatment from the doctor. He was not a patient of the doctor, nor was he treated as portrayed in these records. These fabricated entries generated billing records submitted to two insurance companies as part of a personal injury claim related to a car accident. Based on these submissions, the insurers paid at least $45,000 in settlement.
Separately, on February 18, 2022, the defendant was sentenced in Maricopa County Superior Court in another case prosecuted by the Attorney General’s Office. In that case, he had submitted false income information to the Arizona Health Care Cost Containment System (AHCCCS) to obtain healthcare benefits. He was ordered to pay restitution to AHCCCS as part of his sentence.
The defendant was indicted for both cases in December 2022 following an investigation conducted by the Arizona Attorney General’s Criminal Division, Health Care Fraud and Abuse Section (HCFA).
“My office has one of the best Health Care Fraud and Abuse divisions in the country. I’m proud of the work they did on this case to uncover the fraud and illegal actions of this medical employee and their relentless effort to ensure AHCCCS dollars and other healthcare spending in Arizona is protected from waste, fraud, and abuse,” said Attorney General Mayes.
Compliance Perspective
Issue
Unauthorized access to electronic medical records and improper use of provider credentials can result in serious legal consequences, including fraud charges and significant financial penalties. When facility systems lack proper controls over access and data entry, individuals may be able to create or alter records for personal gain — such as generating false billing records or obtaining unauthorized prescriptions. These actions can lead to government investigations, civil or criminal liability, and loss of payer trust. Facilities must maintain strong internal systems to protect medical records and ensure that all clinical and billing documentation is legitimate, accurate, and fully authorized.
Discussion Points
- Review policies and procedures related to electronic record access, including user permissions, credential management, and billing record validation. Ensure that staff access is role-based and that system logs are reviewed regularly. Collaborating with a trusted consultant can help identify gaps and implement best practices aligned with current regulatory expectations.
- Provide ongoing training for staff on the appropriate use of clinical and billing systems, including how to protect provider credentials and avoid actions that could be interpreted as fraudulent. Training should also include instruction on recognizing and reporting suspicious activity or system misuse. Med‑Net Academy offers courses that support these objectives, such as Data Security Part 4: Identity Theft, which addresses how to identify red flags in documentation or resident information, and Fraud Series Module 7: Auditing, Monitoring, Responding, Investigating, and Litigating, which discusses how a company demonstrates compliance through auditing and monitoring medical and financial records, identifies the system for responding to compliance issues, and outlines the steps to take when reports or activities trigger investigations.
- Conduct regular audits of electronic medical record access, prescription activity, and billing submissions to ensure they align with actual services rendered. These reviews should verify that records are accurate, supported by documentation, and properly authorized. Facilities may benefit from external audit support to provide an objective assessment and recommendations for corrective action where necessary.
*This news alert has been prepared by Med-Net Concepts, Inc. for informational purposes only and is not intended to provide legal advice.*