Identifying & preventing fraud

Fraud preventionIn any conversation about what makes British people proud to be British, it does not take long before our National Health Service is mentioned. The NHS has become part of our national consciousness. Created in 1948 by Aneurin Bevan with a budget of just £437 million (£9 billion in today’s money), our NHS promises healthcare for all based on need and not upon the ability to pay. Over 60 million of us rely on it and today it is the largest employer in the land with 1.7 million employees working in over 350 health trusts with a national budget of over £112 billion.

Fraud and the NHS

With so much money to spend it should come as no surprise that the NHS attracts fraud. Crime and organised crime in particular gravitates towards those areas of our economy where the financial opportunities are greatest. That is why the NHS set up its Counter-Fraud Service in 1998. Widely recognised as one of the most effective public sector fraud initiatives, the Counter-Fraud Service has created a national infrastructure for the identification of fraud within the NHS and its subsequent prosecution. A look at some of the recent news headlines shows just how effective it has been at detecting fraud:
“University of Edge Hill graduate jailed for £27K NHS bursary fraud”
“Hospital kitchen porter sentenced for £87K NHS fraud”
“Civil Servant who claimed dead man’s £137K expenses jailed”
“Dover and London GP practice manager jailed for £300K theft”
“Senior Manager defrauded NHS of £245K”
“5 years jail for Leicester NHS bereavement adviser’s £753K fraud”

Types of fraud
These are high profile cases but are they typical of fraud in the NHS? Thankfully they are the most newsworthy. Far more typical are the frauds that could so easily be prevented if trusts followed basic best practice. But as you would expect in such a large and complex organisation, there is a similarly complex range of criminality and as many areas in the NHS are susceptible to fraud, the solutions have to vary.

Patient fraud includes:
• prescription fraud – claiming falsely to be exempt from charges
• altering or forging prescriptions to obtain items that have not been prescribed
• identity fraud – multiple registrations using aliases with GPs to obtain controlled drugs
• health tourism whereby people enter the UK to receive free treatment to which they are not entitled.

Staff fraud includes:
• expenses frauds
• payroll frauds involving ghost employees, overtime frauds, shifts claimed but not worked
• qualification frauds involving false or exaggerated academic or professional qualifications
• sick pay frauds involving working at other jobs while on paid sick or special leave from the NHS
• invoice/ordering fraud involving the over-ordering and theft of goods for personal use or re-sale
• theft of NHS equipment.

Professional fraud includes:
• altering prescriptions or writing prescriptions for their own use
• pharmacists substituting an expensive drug with a cheaper version and claiming the higher amount
• claiming for work not undertaken
• claiming payment for ghost patients
• undertaking private work in NHS time or using NHS facilities for private patients and expecting the NHS to meet the cost.

Procurement/supplier/contractor fraud includes:
• bogus requests for payment
• collusion with staff to obtain contracts
• price fixing.

Big business

Let no-one be in doubt – NHS fraud is big business. In 2009 one dentist was struck off for claiming £1.9 million for emergency treatment of ghost patients.

Private healthcare also suffers from some of the same fraud issues. Health insurers have to be alert to being invoiced for work that has not been undertaken and to over-charging, as well as to receiving fake invoices from patients seeking reimbursement. It does not take that many cases – either in the NHS or the private sector – for fraud prevention measures to prove highly cost effective.

Many trusts will already have a fraud prevention policy and rigorous procedures in place. Those who don’t should, in essence, undertake a thorough analysis of the potential risks, consider where processes might make them vulnerable, and implement procedures to eliminate those risks. This should lead to fraud prevention becoming part of the organisational culture, with everyone taking responsibility, and should include:
• thorough fraud screening at recruitment stage
• fraud prevention training at induction
• regular monitoring
• training in how to deal with instances of fraud
• clear reporting processes
• involvement of law enforcement, where necessary
• ensuring that professional and other staff involved in fraud cannot move unchallenged to a new employer to commit further fraud.

Recruiting the right people
Best practice starts with the recruitment of staff – all staff, irrespective of whether they are permanent or temporary, full-time or part-time and irrespective of who their employer is. If they are working on your premises, you need to be sure that they are not there to commit fraud against your institution. All new staff need to be screened, for example:
• confirmation of identity
• confirmation of residential address history
• sight of a bank statement for verification and for payroll purposes
• originals of all educational certificates to be seen to verify the qualifications claimed. Alternatively, letters from the educational institutions confirming results. If there is any doubt, contact the institution to verify the details
• confirm that the applicant has the right to work in the UK
• Criminal Records Bureau check when applicable to the post
• verify the employment history by contacting previous employers
• ensure that all interests (relationships to existing staff) are declared.

The NHS has its own particular problem in that there is no single NHS employer. There are over 350 employers and staff dismissed by one trust regularly get a job with another trust. There is a solution to this and it is unique to CIFAS.

Help from CIFAS

CIFAS is able to help responsible employers to prevent fraudsters from gaining employment with their organisation. This is achieved by a data sharing scheme called the CIFAS Staff Fraud Database. At present, staff who resign during disciplinary proceedings or who are dismissed for fraud by one public or private sector employer have little difficulty moving to another employer. The database prevents fraudsters moving unchallenged from one organisation to another. Employers use this database for the purposes of recording data about their staff fraud cases and for accessing staff fraud records filed by other Members during the recruitment process.

The Information Commissioner’s Office was consulted during the development of the database as were the Trades Union Congress (TUC), Confederation of British Industry (CBI) and the Chartered Institute for Personnel and Development (CIPD). In 2011, the UK Border Agency plans to join CIFAS and a range of new datasets will become available to the database that will make it even more effective.

Simple steps to protection

Once staff are employed within an organisation, employers need to secure any procedural weak points. In healthcare these tend to be in many of the areas listed as vulnerable to fraud above. The steps to protect against fraud are very simple, so simple that they are often overlooked. Best practice dictates that there should be segregation of duties, reconciliation procedures, receipts for all cash, and good physical security. No single person should manage or carry out an entire process.

In addition you should have a gifts policy and a hospitality policy to guard against inducements being proffered and accepted in return for favourable procurement treatment. Procurement processes should involve panels and be written to ensure that no single person can exert an unreasonable influence over the selection of a supplier or suppliers who are invited to tender.

Under the Serious Crime Act of 2007, the government designated CIFAS as a Specified Anti-Fraud Organisation (SAFO). This enabled public sector organisations to become Members of CIFAS and to reap the same benefits as the private sector. The Act provides a legal gateway for the sharing of fraud information both with other public sector organisations and with organisations outside the public sector. CIFAS had to go through a comprehensive review process before its application to become a SAFO under the Act was approved.

A number of public sector organisations are poised to join CIFAS in the coming months. They will benefit not just from the private sector’s fraud data, but also from sharing their fraud data with other public sector organisations through CIFAS.

The burning question for the coalition government is: with CIFAS Members last year reporting an average return of £268 in prevented fraud for each £1 that they paid to be Members of CIFAS, which parts of the NHS could afford not to be part of something that generates such high returns on investment? We hope to welcome NHS Trusts into membership and help them to direct more of the money to NHS front-line services that they currently lose to fraudsters.

For more information: