Skip to content
Case studiesPricingSecurityCompareBlog

Europe

Americas

Oceania

Industry9 min read

Fake Sick Notes: How to Detect Forged Medical Certificates

How HR teams and income protection insurers detect fake or AI-generated fit notes and medical certificates โ€” red flags, UK legal framework, and 2026 fraud trends.

CheckFile Team
CheckFile Teamยท
Illustration for Fake Sick Notes: How to Detect Forged Medical Certificates โ€” Industry

Summarize this article with

A fake sick note is a fabricated, purchased, or altered fit note used to justify absence to an employer or to claim statutory sick pay, income protection benefits, or disability insurance the claimant is not entitled to. Fake fit notes are being sold online for as little as ยฃ25, near-identical to genuine GP documents, with some versions including a working QR code and links to what looks like a government website, according to reporting on the "Fast Med Notes" scheme that offered buyers up to seven months of statutory sick leave and benefits potentially worth thousands of pounds.

This article is provided for informational purposes only and does not constitute legal or regulatory advice. Regulatory references are accurate as of the date of publication.

Why HR Teams and Insurers Are the Primary Target

Fit notes are among the easiest documents to forge and the hardest for a line manager or claims handler to verify without dedicated tooling. Unlike a payslip, there is no employer database or payroll software to cross-check against โ€” an HR team has no simple way to confirm that a named GP actually issued a specific note on a specific date.

Generators available online produce fit notes that are visually indistinguishable from the genuine NHS format, complete with a plausible practice address and a functioning-looking QR code. This level of sophistication defeats the visual checks HR teams and claims handlers traditionally rely on, in the same way AI-generated payslips and bank statements now defeat manual underwriting review, as covered in our guide to AI document fraud detection techniques.

Three groups face the highest exposure: employers who pay contractual sick pay above the statutory minimum (and can therefore request supporting evidence), income protection and group risk insurers who pay claims without direct access to NHS records, and recruitment or background-check processes where a certificate is used to explain an employment gap.

Five Signals That Expose a Forged Fit Note

Missing or duplicated unique ID number

Every genuine fit note carries a unique identifying number at the bottom of the form, distinct from any other note issued, per guidance summarised by employment law specialists DavidsonMorris. A note with no visible ID, or an ID that matches a previously submitted document from a different date, is an immediate red flag that a structural document check catches in seconds.

QR code that does not resolve to a genuine record

Fit notes issued through digital channels can carry a QR code that a counter-fraud team can scan to confirm the name of the person it was issued to. A QR code that fails to resolve, resolves to an unrelated or generic page, or is a static image rather than a functional code, indicates the document was generated outside any legitimate issuing system.

Spelling, grammar, or formatting inconsistencies

A GP or one of the healthcare professionals authorised to sign fit notes since the Statutory Sick Pay (Medical Evidence) Regulations 2022 extended eligibility to registered nurses, pharmacists, physiotherapists and occupational therapists, is very unlikely to make a spelling error on a standard clinical form. Handwritten notes are particularly vulnerable to alteration โ€” a genuine four-day absence can be extended to fourteen days with a single amended digit.

Absence of issuer name, profession, and practice address

Since the 2022 regulatory changes removed the requirement for an ink signature, a fit note must instead display the issuer's name, profession, and practice address to be valid for both Social Security and Statutory Sick Pay purposes. A document missing any of these three fields, or listing a practice address that does not correspond to a real, traceable surgery, cannot be confirmed as genuine through the standard verification route.

Duration inconsistent with the stated condition and self-certification threshold

Employees do not need a fit note for absences of seven calendar days or less, as self-certification applies under DWP guidance on Statutory Sick Pay. A pattern of notes clustering just above the seven-day threshold, or a note claiming an unusually long absence for a condition typically resolved in days, is a scoring signal โ€” not proof of fraud on its own, but a trigger for further review.

Regulatory Framework for UK Employers and Insurers

Regulation Requirement Authority
Statutory Sick Pay (Medical Evidence) Regulations 2022 Defines valid fit note issuers and required fields DWP
Fraud Act 2006, s.2 False representation offence for forged documents used to obtain benefit CPS
Forgery and Counterfeiting Act 1981 Forgery of an instrument, including altered medical certificates CPS
UK GDPR / Data Protection Act 2018 Special category data (health) processing safeguards for document checks ICO
FCA Consumer Duty (PS22/9) Applies to income protection insurers assessing claims on verified evidence FCA

Employers should accept a valid fit note as proof of sickness unless there is strong evidence to the contrary, and where an employee is absent for more than seven days without providing one, the employer may withhold contractual or statutory sick pay, per guidance summarised by HR Hype. Where suspicion is well-founded, an employer can contact the issuing GP practice: doctors cannot disclose clinical detail without patient consent, but they can confirm whether a specific serial number was genuinely issued.

Submitting a forged fit note to obtain sick pay, insurance proceeds, or state benefits can constitute a false representation offence under the Fraud Act 2006, carrying penalties that scale with the value obtained and any aggravating factors such as organised resale of fake notes.

Ready to automate your checks?

Free pilot with your own documents. Results in 48h.

Request a free pilot

What Compliance and HR Teams Ask in Professional Forums

HR and claims teams raise recurring practical questions in sector discussions that go beyond a simple visual check.

"Can we contact the GP practice to confirm a note is real without breaching patient confidentiality?" Yes, within limits: a practice can confirm whether it issued a note bearing a specific reference number, without disclosing any diagnosis or clinical information, provided the employer has a genuine, documented concern rather than a routine query on every submission.

"Our absence management team cannot manually verify every fit note submitted across a large workforce." This is the core argument for automating the first tier of review: a document analysis platform checks document structure, QR code validity, and field completeness in seconds, flagging only the minority of submissions that warrant a closer look or a call to the issuing practice.

Tier 1 โ€” Automated systematic check: structural validation of the fit note format, unique ID and QR code verification, detection of AI-generation signals and metadata anomalies, cross-check of issuer fields for completeness.

Tier 2 โ€” Score-triggered review: cross-validation against other documents in the file (for income protection claims, consistency with prior medical evidence), review of timing patterns against the seven-day self-certification threshold.

Tier 3 โ€” Manual investigation: contact with the issuing GP practice to confirm the serial number, referral to counter-fraud teams, disciplinary process where employment fraud is confirmed.

CheckFile's AI-generation signal detection supports Tiers 1 and 2 of this protocol as a complement to existing HR and claims controls โ€” it does not replace GP verification or clinical judgement. For related detection techniques, see our analysis of fake payslip detection in consumer lending and our guide to insurance document fraud detection in claims. For a broader view of sector-specific verification, see our industry verification guide.

CheckFile also provides resources on document verification pricing and security practices for sensitive data for teams industrialising this control without slowing down absence management or claims processing.

Submitting or using a forged fit note carries overlapping legal exposure:

  • Fraud by false representation (Fraud Act 2006, s.2): criminal liability where the note was used to obtain sick pay, insurance proceeds, or state benefits
  • Forgery (Forgery and Counterfeiting Act 1981): applies to alteration of a genuine note as well as fabrication of a new one
  • Employment consequences: use of a fake sick note is treated as gross misconduct in most workplaces and has been upheld by tribunals as fair grounds for summary dismissal

These consequences extend to operators selling fake sick note templates or services, who face liability as accessories to the underlying fraud.

Frequently Asked Questions

Can an employer legally refuse a fit note submitted digitally?

No, provided it meets the requirements of the Statutory Sick Pay (Medical Evidence) Regulations 2022 โ€” issuer name, profession, and practice address, sent through a legitimate digital channel. An employer can, however, request further verification where the document shows structural inconsistencies.

What happens if an employee is caught using a bought fake sick note?

Most employers treat this as gross misconduct justifying summary dismissal, and courts have generally upheld such terminations. Where the note was used to obtain statutory sick pay or insurance proceeds, the employee also faces potential prosecution under the Fraud Act 2006.

Is automated fit note verification compatible with UK GDPR?

Yes, provided the check is limited to structural and metadata verification rather than the underlying clinical content. Health data is a special category under UK GDPR, so the lawful basis should be a documented legitimate interest or legal obligation, with data retention limited to the duration of the absence or claims process.

How do income protection insurers verify a certificate without access to NHS records?

Insurers generally cannot query NHS systems directly. They rely on structural and metadata analysis of the submitted document, consistency checks against prior medical evidence in the same claim, and, for high-value or long-duration claims, an independent medical assessment before benefits are confirmed.

Are all handwritten fit notes suspicious?

No. Handwritten notes remain valid under the 2022 regulations, which removed the ink-signature requirement but did not ban handwriting. The red flag is not the format itself but inconsistencies within it โ€” mismatched ink, an altered digit in the duration field, or a missing unique ID number.

Stay informed

Get our compliance insights and practical guides delivered to your inbox.

Ready to automate your checks?

Free pilot with your own documents. Results in 48h.