Mark Brnovich, Arizona Attorney General, Dominic Draye, Solicitor General, Joseph T. Maziarz, Chief Counsel, Criminal Appeals Section, Michael T. O'Toole (argued), Assistant Attorney General, Phoenix, Attorneys for State of Arizona

James J. Haas, Maricopa County Public Defender, Mikel Steinfeld (argued), Deputy Public Defender, Phoenix, Attorneys for Chalice Renee Zeitner

Randy McDonald, Perkins Coie, LLP, Phoenix, Attorneys for Amicus Curiae Arizona Attorneys for Criminal Justice

JUSTICE LOPEZ authored the opinion of the Court, in which CHIEF JUSTICE BALES, VICE CHIEF JUSTICE BRUTINEL, and JUSTICES PELANDER (Retired), TIMMER, and BOLICK, and JUDGE BREARCLIFFE joined.

JUSTICE LOPEZ, opinion of the Court:¶1 The issue in this case is whether the Arizona Health Care Cost Containment System ("AHCCCS") statutory scheme, A.R.S. §§ 36-2901 to -2999.57, abrogates, or creates an exception to, Arizona’s statutory physician-patient privilege, A.R.S. § 13-4062(4), in cases of suspected AHCCCS fraud. We hold that it does in two ways. First, the Arizona legislature’s grant of broad authority to AHCCCS to investigate suspected fraud necessarily implies an exception to the privilege for internal AHCCCS investigations and proceedings. And, second, the AHCCCS statutes implicitly abrogate the privilege in the criminal investigation and prosecution of suspected AHCCCS fraud because the disclosure requirements in the AHCCCS statutes and the legislature’s clear intent to support criminal prosecution of AHCCCS fraud preclude harmonizing the physician-patient privilege with the AHCCCS statutes.

I.

¶2 Chalice Zeitner visited a Phoenix obstetrician for an abortion in early March 2010, claiming she had discovered she was pregnant after recently undergoing extensive radiation and chemotherapy treatments for cancer. The obstetrician referred her to a specialist, whom Zeitner told she had been diagnosed with a malignant uterine tumor and was undergoing chemotherapy. In late March 2010, Zeitner successfully applied for AHCCCS benefits, stating on her application that she had a serious chronic illness and her pregnancy was high-risk and life-threatening.

¶3 On March 31, the obstetrician received an email seemingly following up on a procedure the obstetrician had proposed to Zeitner. The email, signed by "Al Zeitner," emphasized the urgency of the procedure, claiming Zeitner would resume cancer treatments on April 9 and needed to have her tumor removed within four weeks. A few days later, Zeitner provided the obstetrician a letter purportedly written by a doctor at the out-of-state hospital Zeitner claimed had treated her for cancer. The letter recommended that Zeitner "receive an urgent [abortion] ... to relieve third term life-threatening certainties to the patient." The obstetrician, relying on this information, concluded that an abortion was necessary to protect Zeitner’s health. Based on his opinion, AHCCCS authorized payment for the procedure, and the obstetrician performed the abortion on April 9.

¶4 While performing a caesarean section on Zeitner for another pregnancy nearly a year later, the obstetrician found no physical evidence to support Zeitner’s previous claims of uterine cancer. Upon further investigation, he discovered the letter delivered by Zeitner in early April was not authored by the doctor whose name appeared on the letter. The obstetrician reported his suspicions about Zeitner to her health plan, which forwarded the matter to AHCCCS for investigation.

¶5 A grand jury eventually indicted Zeitner on eleven counts, including charges for defrauding AHCCCS, which generally does not cover abortions except when necessary to save a woman’s life or to protect a woman’s health. See A.R.S. § 35-196.02(A)–(B). The State alleged that Zeitner lied about having cancer so her abortion would fall within the exception to that rule. The State also alleged Zeitner committed identity theft and forgery by impersonating a doctor recommending that she receive her abortion. Zeitner pleaded not guilty to every charge and moved to preclude all information her physicians obtained from her, including records of her communications with the physicians and their examinations of her, arguing they were protected under Arizona’s physician-patient privilege. The State opposed the motions, arguing the privilege was abrogated by statute, and the trial court denied the motions before trial. After an eleven-day trial, in which the court admitted Zeitner’s medical records and allowed her physicians to testify, the jury convicted Zeitner on all charges.

¶6 Zeitner’s sole argument on appeal was that the superior court erred by admitting her medical records and allowing her physicians to testify against her. The court of appeals affirmed, holding that the AHCCCS statutes abrogated "the [physician-patient] privilege ... in cases of suspected AHCCCS fraud." State v. Zeitner , 244 Ariz. 217, 219 ¶ 1, 224 ¶ 28, 418 P.3d 990, 992, 997 (App. 2018). The court reasoned that while no common-law exception to the physician-patient privilege applies in Arizona, the legislature has created exceptions to the privilege. Id. at 222 ¶ 22, 418 P.3d at 995. The court noted that the AHCCCS statutes require health-care providers to report suspected fraud to AHCCCS, A.R.S. § 36-2918.01(A), and to turn over patient records to fraud investigators, A.R.S. § 36-2903(I). Id. at 222–23 ¶ 23, 418 P.3d at 995–96. Therefore, the court concluded, the AHCCCS statutes "abrogate the privilege by implication when fraud is suspected by imposing disclosure obligations on physicians that are entirely inconsistent with the privilege." Id. at 223 ¶ 24, 418 P.3d at 996.

¶7 We granted review because whether the AHCCCS statutory scheme abrogates Arizona’s physician-patient privilege presents an issue of statewide importance. We have jurisdiction under article 6, section 5(3) of the Arizona Constitution.

II.

¶8 We review issues of statutory interpretation de novo. In re Estate of Wyatt , 235 Ariz. 138, 139 ¶ 5, 329 P.3d 1040, 1041 (2014). We likewise review de novo whether and to what extent a privilege applies. Twin City Fire Ins. Co. v. Burke , 204 Ariz. 251, 253–54 ¶ 10, 63 P.3d 282, 284–85 (2003).

¶9 In 1965, Congress established the federal Medicaid program to provide medical care to qualified low-income individuals. See 42 U.S.C. §§ 1396 to 1396w–5. States may voluntarily participate in the program and acquire federal funding by developing a medical-assistance plan, but state plans must satisfy the requirements established by the federal statutory scheme and accompanying administrative regulations. See id. § 1396a; 42 C.F.R. §§ 431.1 to 431.1010. A state’s failure to comply with an approved Medicaid plan may result in a loss of federal funding. See 45 C.F.R. § 201.6(a). Arizona’s AHCCCS program administers this state’s Medicaid plan. See Sw. Fiduciary, Inc. v. Ariz. Health Care Cost Containment Sys. Admin. , 226 Ariz. 404, 406 ¶ 8, 249 P.3d 1104, 1106 (App. 2011).

¶10 Federal law, both by statute and regulation, requires state Medicaid plans to include specific procedures to ensure disclosure of patient records during fraud investigations. Pursuant to 42 U.S.C. § 1396a(27), a state plan must provide for agreements with service providers to keep records of services provided and to furnish those records to the state Medicaid agency upon request. Although a state plan must provide safeguards "that restrict the use or disclosure of information concerning applicants and beneficiaries" to specific purposes, 42 C.F.R. § 431.301, those purposes include "[c]onducting or assisting an investigation, prosecution, or civil or criminal proceeding related to the administration of the plan," 42 C.F.R. § 431.302(d).

¶11 Federal law also requires state Medicaid agencies to support independent prosecutorial entities in their investigation and prosecution of fraud. Under 42 U.S.C. § 1396a(61), states must operate fraud control units, independent of their Medicaid agencies, to prosecute fraud. See also 42 U.S.C. § 1396b(q) (establishing the requirements and duties of states' fraud control units regarding fraud prosecutions). Furthermore, state Medicaid agencies must conduct internal investigations of any report of fraud, 42 C.F.R. § 455.14, and must refer suspected provider or beneficiary fraud to the state’s fraud control unit or "appropriate law enforcement agency," respectively, 42 C.F.R. § 455.15. A state’s fraud control unit must have "[a]ccess to ... any records or information kept by the agency or its contractors ... [or] by providers to which the agency is authorized access." 42 C.F.R. § 455.21(a)(2)(i), (iii). It must also "make available to [f]ederal investigators or prosecutors all information in its possession concerning fraud in the provision or administration of medical assistance under the [s]tate plan." 42 C.F.R. § 1007.11(e).

¶12 As evinced by these federal laws, the disclosure of patient information relevant to a law enforcement investigation and prosecution of fraud against a state’s Medicaid agency is closely tied to the administration of a state’s plan. See generally In re Grand Jury Investigation , 441 A.2d 525, 531 (R.I. 1982)("The federal policy requiring disclosure of patient records for fraud investigations is very necessary to the continued viability of the Medicaid program.").

¶13 Arizona statutes and AHCCCS rules have implemented the same investigation and disclosure requirements mandated by federal law. Section 36-2903(H)"require[s] as a condition of a contract with any contractor that all records relating to contract compliance are available for inspection by [AHCCCS]." AHCCCS must "prescribe by rule the types of information that are confidential and circumstances under which such information may be used or released, including requirements for physician-patient confidentiality." § 36-2903(I). In compliance with this provision, AHCCCS provides that it "may release safeguarded information without the [beneficiary’s] written or verbal consent, for the purpose of conducting or assisting an investigation, prosecution, or criminal or civil proceeding related to the administration of the AHCCCS program." Ariz. Admin. Code R9–22–512(A)(2).

¶14 Internally, AHCCCS must investigate every report of suspected fraud, § 36-2918.01(A), and it has broad authority to subpoena any witness or record necessary to support that investigation, A.R.S. § 36-2918(G). If the results of the investigation cause the AHCCCS director or the director’s designee to believe that fraud has occurred, AHCCCS must refer the matter to the attorney general. § 36-2918.01(A).

¶15 Within the Attorney General’s Office, Arizona has established the Medicaid Fraud Control Unit ("MFCU"), which is responsible for investigating and criminally prosecuting Medicaid provider fraud. See Dep't of Health and Human Servs., Office of Inspector Gen., OEI-07-15-00280, Arizona State Medicaid Fraud Control Unit: 2015 Onsite Review 1, 3–4 (2015) ("2015 Onsight Review "). If the MFCU requests a beneficiary’s medical record during its investigation of suspected fraud, AHCCCS must release the record without the beneficiary’s consent, "[n]otwithstanding any law to the contrary." § 36-2903(I).

¶16 Zeitner argues that the sole purpose of any release or disclosure to the attorney general is intended to further "an internal process for evaluating claims of fraud so that administrative [rather than criminal] measures can be taken." We disagree. Instead, we are persuaded by the court of appeals' conclusion that the legislature intended claims of fraud to be referred from AHCCCS to the attorney general for independent investigation and criminal prosecution. See Zeitner , 244 Ariz. at 223 ¶ 25, 418 P.3d at 996. The legislature has granted AHCCCS broad independent authority to pursue administrative and civil penalties against beneficiaries and providers engaged in fraud against AHCCCS without the attorney general’s involvement. See A.R.S. §§ 36-2905.04(D), (G) and -2918(B)–(C), (F). More importantly, AHCCCS must provide medical records to the MFCU without a beneficiary’s consent in cases of suspected fraud, § 36-2903(I), and the MFCU prosecutes only criminal Medicaid fraud cases, not civil cases, see 2015 Onsite Review 4. Although Arizona’s MFCU prosecutes only provider fraud, the AHCCCS statutes provide that, "[i]n addition to the requirements in state law, the [M]edicaid fraud and abuse controls that are enacted under federal law apply to all persons eligible for the system." § 36-2905.04(C) (emphasis added). Thus, any disclosure requirements contemplated by the federal Medicaid scheme to control fraud, including those involving beneficiaries, are expressly adopted by the state Medicaid scheme.

¶17 For these reasons, we conclude that both the federal and state Medicaid schemes contemplate and require the disclosure of confidential patient information to assist in the criminal prosecution of providers and beneficiaries who engage in fraud against the Medicaid system. We next examine whether, despite these federal and state statutory and regulatory disclosure mandates, the physician-patient privilege prohibits such disclosure of confidential patient information.

III.

¶18 Arizona’s physician-patient privilege statute, applicable in criminal cases, prohibits the examination of "[a] physician or surgeon, without consent of the physician’s or surgeon’s patient, as to any information acquired in attending the patient which was necessary to enable the physician or surgeon to prescribe or act for the patient." § 13-4062(4). We have held that the privilege protects "[a]ll information obtained by the physician, whether from examination, testing, or direct communication," State v. Mincey , 141 Ariz. 425, 439, 687 P.2d 1180, 1194 (1984), and, although framed as a testimonial privilege, the privilege also protects patient medical records, see Tucson Med. Ctr., Inc. v. Misevch , 113 Ariz. 34, 37, 545 P.2d 958, 961 (1976) (citing Tucson Med. Ctr. Inc. v. Rowles , 21 Ariz. App. 424, 520 P.2d 518 (1974) ).

¶19 "The primary purpose of the physician[-]patient privilege is to protect communications made by a patient to his or her physician for the purpose of treatment." Mincey , 141 Ariz. at 439, 687 P.2d at 1194 (citing State v. Santeyan , 136 Ariz. 108, 110, 664 P.2d 652, 654 (1983) ). The privilege is also intended "to [e]nsure that [a] patient will receive the best medical treatment by encouraging full and frank disclosure of medical history and symptoms by a patient to his doctor." Lewin v. Jackson , 108 Ariz. 27, 31, 492 P.2d 406, 410 (1972). That purpose is served by "protect[ing] information obtained in the physician-patient relationship from disclosure to third parties." Samaritan Health Servs. v. City of Glendale , 148 Ariz. 394, 397, 714 P.2d 887, 890 (App. 1986).

¶20 But the physician-patient privilege is not absolute, and the legislature has imposed limitations when "the public good requires [the privilege to] give way to serve a greater good." See Martin v. Reinstein , 195 Ariz. 293, 320 ¶ 96, 987 P.2d 779, 806 (App. 1999) ; see also State v. Wilson , 200 Ariz. 390, 394–95 ¶ 11, 26 P.3d 1161, 1165–66 (App. 2001). In many instances, the legislature has created express exceptions to the privilege within the language of the applicable statutes. See, e.g. , A.R.S. § 46-453(A) ("[T]he physician-patient privilege ... shall not pertain in any civil or criminal litigation in which a vulnerable adult’s exploitation, abuse or neglect is an issue ...."); A.R.S. § 23-908(D) ("[I]nformation obtained by any physician or surgeon examining or treating an injured person shall not be considered a privileged communication ....").

¶21 In other instances, the legislature has created exceptions by merely mandating disclosure of information otherwise protected by the physician-patient privilege. See, e.g. , A.R.S. § 13-3806(A) (requiring physicians to disclose to law enforcement wounds which may have resulted from illegal activity); A.R.S. § 36-621 (requiring physicians to disclose to the health department evidence of contagious or infectious diseases). Collectively, "[t]hese [exceptions] indicate that the legislature has found certain societal interests sufficiently important to override the state’s general interest in protecting confidential patient information from disclosure to third parties." Samaritan , 148 Ariz. at 397, 714 P.2d at 890 ; see also Johnson v. O'Connor , 235 Ariz. 85, 92 ¶ 29, 327 P.3d 218, 225 (App. 2014) ("The public policy of apprehending and prosecuting criminals often trumps the policy of the privilege.") (citing A.R.S. §§ 13-3620(A) and -3620(K)(1)); State ex rel. Udall v. Superior Court , 183 Ariz. 462, 463, 466, 904 P.2d 1286, 1287, 1289 (App. 1995) (holding that the physician-patient privilege did not shield the medical records of a mother charged with murdering her infant); Benton v. Superior Court , 182 Ariz. 466, 468, 897 P.2d 1352, 1354 (App. 1994) ("[T]he public’s interest in protecting victims outweighs the privacy interest reflected in the physician-patient privilege.").

¶22 Although we acknowledge that abrogation by implication "is generally disfavored," we have concluded that "it is required when conflicting statutes cannot be harmonized to give each effect and meaning." Cave Creek Unified School Dist. v. Ducey , 233 Ariz. 1, 7 ¶ 24, 308 P.3d 1152, 1158 (2013) (citing UNUM Life Ins. Co. of Am. v. Craig , 200 Ariz. 327, 333 ¶¶ 28–29, 26 P.3d 510, 516 (2001) ; Ariz. State Tax Comm'n v. Reiser , 109 Ariz. 473, 479, 512 P.2d 16, 22 (1973) ). Here, even absent an express exception, the statutory scheme reflects the legislature’s intent to exempt AHCCCS from the comprehensive constraints imposed by the physician-patient privilege. Based on its purpose and scope, the privilege would generally prohibit the type of disclosures required by the AHCCCS statutes (i.e., disclosure of confidential patient information to a third party). Nevertheless, physicians providing AHCCCS services must report "any cases of suspected fraud," and AHCCCS must investigate these reports. § 36-2918.01(A). In conducting its investigations, AHCCCS may subpoena and "examine any person under oath" and "compel the production of any record ... necessary to support an investigation." § 36-2918(G). We cannot infer that the legislature, in granting such broad investigatory authority, intended the privilege to stand as a bulwark against AHCCCS fraud investigations. Accordingly, considering the nature of legislative exceptions to the privilege and the purposes those exceptions serve—the prosecution of crime or the protection of a "greater good"—we conclude that the provisions expressly granting AHCCCS the authority to compel disclosure of patient information to investigate reports of fraud— §§ 36-2903 and -2918(G)—create an exception to the privilege for internal AHCCCS investigations and proceedings.

¶23 We likewise conclude that the MFCU possesses authority to compel disclosure of patient information to investigate and prosecute fraud. It is illogical to believe that the legislature intended AHCCCS to withhold information relevant to a criminal investigation and prosecution of fraud after expressly mandating that all matters of suspected fraud be referred to the attorney general. See § 36-2918.01(A). The critical issue in a Medicaid beneficiary fraud case is whether the beneficiary lied to her physician to obtain AHCCCS coverage. This is particularly true, as here, where the beneficiary’s fraud is designed to obtain AHCCCS coverage for services not generally covered by the program. We fail to see how the attorney general can fulfill his duty—and the legislature’s intent—to prosecute beneficiary fraud, or how a jury can determine whether the beneficiary committed fraud against AHCCCS, without having access to the beneficiary’s and physician’s relevant communications. It is the very information contained within these communications that forms the foundation of the fraud charges. Because the physician-patient privilege would prohibit the same disclosures that the AHCCCS statutes require, we conclude that the privilege cannot be harmonized with the AHCCCS statutes "to give each effect and meaning." See Cave Creek , 233 Ariz. at 7 ¶ 24, 308 P.3d at 1158. Accordingly, we also hold that the AHCCCS statutes implicitly abrogate the privilege in the attorney general’s investigation and prosecution of suspected AHCCCS fraud.

¶24 Zeitner contends that, even if the statutory scheme abrogates the physician-patient privilege as to AHCCCS, patient information disclosed to the attorney general (through the MFCU) remains subject to its protections. We are unpersuaded. In addition to lacking statutory support, this contention does nothing to advance the purpose of the privilege. After AHCCCS begins its internal investigation of fraud, the protective curtain of confidentiality—intended to promote full and frank disclosures between a patient and her physician—is already stripped away. And even if such an interpretation did somehow advance the privilege’s purpose, the state and public’s legitimate and substantial interests in deterring and prosecuting fraud and preserving the state’s federal Medicaid funding carry the day over the patient’s residual privacy interests. See generally Benton , 182 Ariz. at 468, 897 P.2d at 1354 (holding that in instances where a victim invokes the privilege to protect her abuser, "the public’s interest in protecting victims outweighs the privacy interest reflected in the physician-patient privilege").

¶25 Zeitner next argues that § 36-2903(I) distinguishes between the "use" and "release" of privileged information and only provides for the "release" of such information, thereby prohibiting the attorney general from introducing the privileged information at trial. We disagree. The basic statutory premise of Zeitner’s argument is flawed. Section 36-2903(I), which contains the distinguishing language between use and release, requires the AHCCCS director to create rules governing the use or release of confidential information, which unquestionably includes information generally protected by the physician-patient privilege. These rules, however, govern only the actions of the agency and those who contract to provide services for the agency. See Ariz. Admin. Code R9–22–512(A) (limiting the release of safeguarded information by "[t]he Administration, contractors, providers, and noncontracting providers"). Consequently, after AHCCCS refers a matter to the attorney general for prosecution of beneficiary fraud, the agency’s rules no longer apply, and the distinction between use and release is immaterial.

¶26 Furthermore, interpreting the AHCCCS statutory scheme as precluding the use of the very information that the statutes require to be released to support the investigation and prosecution of fraud would generate an absurd result. See, e.g. , State ex rel. Montgomery v. Harris , 237 Ariz. 98, 101 ¶ 13, 346 P.3d 984, 987 (2014) (noting that "[s]tatutes should be construed sensibly to avoid reaching an absurd conclusion"). Zeitner’s position is untenable because it would defeat the purpose of those statutes and regulations which contemplate disclosure and prosecution—to deter and punish AHCCCS fraud by providers and beneficiaries.

¶27 Zeitner further argues that, even if the privilege is abrogated, it is only abrogated to the extent expressly contemplated by the AHCCCS statutes—the release or disclosure of patient medical records, not physician testimony. This argument, too, is unavailing. We agree with the court of appeals that "[i]t would serve little purpose, and would make little sense, for a patient to retain the power to prevent her physician from testifying when the physician can be legally compelled to release the patient’s medical records." Zeitner , 244 Ariz. at 224 ¶ 26, 418 P.3d at 996–97. Arizona courts have expanded the physician-patient privilege beyond its original testimonial protections to include patients’ medical records because "the privilege ... would be rendered meaningless if it were destroyed the moment that a physician transcribed communications from a patient or knowledge he has obtained from his examination of a patient into hospital records." Rowles , 21 Ariz. App. at 427, 520 P.2d 518. Applying that same reasoning in reverse, protecting the physician’s testimony after compelling disclosure of a patient’s medical records would not advance the privilege—the curtain of confidentiality has already been pulled aside. Thus, the only purpose served by restricting disclosure to medical records would be to impede the attorney general in his investigation and prosecution of AHCCCS fraud, a result wholly inconsistent with the AHCCCS statutory fraud control scheme.

IV.

¶28 The comprehensive fraud control measures embodied in the federal and state Medicaid schemes, including sweeping patient record disclosure requirements, make clear that the physician-patient privilege must yield to the State’s interest in combatting fraud where providers and beneficiaries are suspected of AHCCCS fraud. The legislature’s express provisions in the AHCCCS statutes granting AHCCCS broad authority to investigate matters of suspected fraud— §§ 36-2903 and -2918(G)—necessarily imply an exception to the privilege for AHCCCS investigations and proceedings. These same provisions also exhibit an intent to provide law enforcement access to patient information when investigating and prosecuting AHCCCS fraud, thereby implicitly abrogating the privilege in the attorney general’s investigation and prosecution of suspected provider and beneficiary AHCCCS fraud.

¶29 Accordingly, we affirm the court of appeals' opinion and affirm Zeitner’s convictions and resulting sentences.