Lawfully Obtained ID Info Can Be Used Unlawfully

US v. Abdelshafi: Abdelshafi owned and ran a medical transport (aka ambulance) service that contracted with Medicaid to transport patients in Virginia. As part of the routine transportations that Abdelshafi's company would do, it would collect bits of personal identifying information such as birth dates and Medicaid IDs. Eventually, investigators discovered that Abdelshafi's company was overcharging for some transports and charging for transports that never took place. He was charged with (among other things) two counts of aggravated identity theft. Abdelshafi moved for an acquittal on those counts, arguing that he did not possess the patients' identifying information "without lawful authority" since it had been gained during the normal course of lawful business. The district court disagreed, denied the motion, and convicted Abdelshafi. He was sentenced to 62 months in prison.

On appeal, Abdelshafi challenged his conviction and sentence, both of which the Fourth Circuit affirmed. As to the conviction, Abdelshafi renewed his argument that he did not possess identifying information "without lawful authority." The court disagreed, holding that information originally obtained legitimately cane become used "without lawful authority" once it is used beyond the scope which is proper. As to his sentence, Abdelshafi argued that the district court erred by imposing a two-level enhancement for abuse of a position of trust. The court disagreed, concluding that Abdelshafi enjoyed a position of trust "in regard to patients' identifying information" comparable to that of a hospital orderly, an example found in the commentary to USSG 3B1.3.