Fraud in the NHS – The hidden risks to your organisation

By Nigel Hall, Director Client Solutions at Netcall and Tom Houston, Client Partner for Healthcare Gobeyond Partners.

The NHS Counter Fraud Authority (NHSCFA) has stated that the NHS is vulnerable to an estimated £1.2bn of fraud per year and is keen to explore innovative ways to prevent and detect NHS fraud early. However, Integrated Care Boards (ICBs) are only obliged to undergo National Fraud Initiative Portal checks once every two years.

The figure of £1.2bn covers many areas, and within each area the risks can be quite different; for example, mandate fraud will be of major concern for ICBs whereas NHS Trusts may be more susceptible to internal procurement fraud.

What can the NHS learn from proven fraud detection best practice in other sectors?

Our experience working within the Financial Sector is that many organisations have inbuilt detection systems that continually scan for potential fraud. In stark contrast to this, many NHS bodies are reliant upon suspected fraud being reported and whilst there are some governance measures in place, without a panacea of standard processes, better technology and integrated IT systems, fraud prevention and detection remains challenging.

The newly formed ICBs in England, which replace Clinical Commissioning Groups (CCGs), have members drawn from NHS primary and secondary care along with local authorities and partner organisations, providing the opportunity to leverage all the organisations involved in the fight against fraud. However, the potential for systems to be defrauded has never been greater as criminals find sophisticated new ways to exploit immature control mechanisms and governance processes which are an inevitable part of organisations amalgamating.

This also increases the potential for unintended fraud. Take an example of a well-meaning staff member who just wants to get a contract up and running to provide the best service to their patients. Now imagine the already long procurement processes within each underlying organisation being layered on top of each other, without the correct processes and safeguards being put in place. Despite the best of intentions, the risk of fraud is increased. It will take time for each ICB to standardise procurement processes and digital systems, leaving them vulnerable to fraud during this period, yet this work needs to be prioritised and resourced just as it would in the financial sector.

Ten-point action plan to tackle fraud

How can the risk of fraud be kept front of mind during this transition phase and what can you do to safeguard processes?

1. Review processes, identifying pain points and potential failure points. Understand the issues with your current processes and what you need to design out of them

2. Review processes through a fraud lens. Think how criminals can or could defraud your processes; this will identify weaknesses and vulnerabilities. Involve experts who understand implicitly how to design and implement fraud detection systems

3. Simplify processes. Our world is complex but the simpler our processes, the easier it is for staff and managers to understand, remember and manage them

4. Eliminate duplication and combine. When amalgamating organisations you will bring together different processes that ultimately do the same thing. Define best practice and remove the processes that you don’t need

5. Redesign. Process redesign should only be commenced once you understand the current processes

6. Design a fraud assurance regime. Overlay the necessary fraud prevention controls over your process, ensuring they prevent or identify fraudulent activity. Back them up with exception analysis designed to spot fraud that has bypassed the controls. Audit the control framework regularly looking for ways to simplify and improve effectiveness.

7. Ensure ownership. Every process and digital platform needs an assigned owner with responsibility for regularly reviewing and ensuring processes remain fit for purpose. Ensure your Information Asset Owners (IAOs) are fully trained and understand their responsibilities.

8. Automate where possible. Automation can massively increase efficiency and accuracy, with automated fraud detection systems closing down opportunities for fraudsters. However, don’t make the mistake of trying to automate poorly designed manual processes – the starting point for any redesign is simplicity.

9. Fraud education. The overwhelming majority of your employees will want to counter fraudulent activity – continue to give them the knowledge and skills to enable them to assist in the fight against fraud

10. Test and refine. Akin to Cyber, plan appropriate testing of your processes to gauge if undesirable activity is identified and reported. This will assist with your prioritisation of potential issues.

The NHSFCA believe the NHS is vulnerable to £1.2bn of fraud per year…. Are individual ICBs and Trusts taking accountability? And what else needs to be done to tackle fraud in a meaningful way?

Through the use of Artificial Intelligence (AI), existing spend and procurement datasets from each newly formed ICB can be compared using specified parameters that show deviation from regular and/or permitted activity. This will identify priority anomalies for review, including poor management, duplication and training issues, but also potential fraud. Examples include identification of areas where contract consolidation could lead to lower prices, unexplained constant low-level resupply of items, contract splitting or false invoices. This approach could be used across many functions which are vulnerable to fraud such as pharmaceutical and dental contracting and even has the potential to identify modern slavery issues.

As a greater number of ICBs take this approach, patterns and propensities can be observed and predictive modelling applied. Imagine a world where ICBs can compare the failure rate of specific items of equipment used as part of a Virtual Ward – are the high outliers not employing effective training or are they falling victim to resupply fraud? Or perhaps higher value items should be fitted with Radio Frequency Identification (RFID) technology to allow tracking so that return can be facilitated?

Future government reform plans have opened new, largely untapped, opportunities to prevent and identify fraud. For example, Companies House data can now be used by public bodies and therefore named officers or persons with significant control could be automatically cross-referenced with HR staff records and Conflict of Interest Registers as a standard part of supplier onboarding and as part of ongoing recurrence checks.

Disincentivising and controlling fraud is clearly a huge priority for the NHS, as it faces unprecedented challenges linked to a shortfall in people and resources. The prospect of making over a billion pounds’ worth of savings can’t be ignored.

About Lisa Baker, Editor, Wellbeing News 4429 Articles
Editor Lisa Baker is passionate about the benefits of a holistic approach to healing. Lisa is a qualified Vibrational Therapist and has qualifications in Auricular Therapy, Massage, Kinesiology, Crystal Healing, Seichem and is a Reiki Master.