The growing risk of fraud in the NHS – how to protect your organisation’s future

The growing risk of fraud in the NHS – how to protect your organisation’s future

With how outdated the NHS’ legacy systems are, it is no wonder fraud is rampant across the organisation. Nigel Hall, Director Client Solutions at Netcall, and Tom Houston, Client Partner for Healthcare at Gobeyond Partners, tell us more about this and also provide a ten-step plan on how to tackle the growing risk of fraud.

The number of fraud cases in the UK is increasing and the end of 2021 saw the UK witness a 54% increase in fraud activity. The pandemic led to significant Digital Transformation around the world, making it all the more important to improve services that help detect fraud early and prevent organisations, such as the NHS, from harmful fraudulent activity. 

As the digital world has evolved at a faster pace than digital infrastructure modernisation in many organisations, many NHS trusts are still suffering from outdated legacy systems. As a result, NHS trusts are now turning to the use of Integrated Care Boards (ICBs) to prevent and detect fraud early. The NHS Counter Fraud Authority (NHSCFA) has stated that the NHS is vulnerable to an estimated £1.2 billion of fraud per year, highlighting an issue that could cause significant damage to the NHS.

What the NHS can learn about successful fraud prevention and detection practices from other industries 

From our experience of working within the financial sector, many organisations have inbuilt detection systems that continually scan for potential fraud. In stark contrast to this, many NHS bodies are reliant upon suspected fraud being reported and, while there are some governance measures in place, without standard processes, better technology and integrated IT systems, fraud prevention and detection remain a challenge.

The recently formed ICBs in England, which have replaced Clinical Commissioning Groups (CCGs), have members drawn from NHS primary and secondary care, along with local authorities and partner organisations. This provides the opportunity for these organisations to join forces in the fight against fraud. 

However, the potential for systems to be defrauded has never been greater, as criminals continue to find new and sophisticated ways to exploit immature control mechanisms and governance processes, which are an inevitable consequence of organisations amalgamating. 

This also increases the potential for unintended fraud. Take an example of a well-meaning staff member whose focus is, in order to provide the best service to their patients, a quick contract setup. Now imagine the already long procurement processes within each underlying organisation being layered on top of each other, without the correct processes and safeguards being put in place. Despite the best of intentions, the risk of fraud is increased. It will take time for each ICB to standardise procurement processes and digital systems, leaving them exposed to fraud during this period. Instead of remaining vulnerable, work to secure it. Infrastructure needs to be prioritised and resourced just as it would in the financial sector. 

10-point action plan to tackle fraud 

How can the risk of fraud be kept front of mind and processes safeguarded during this transition phase?

  1. Review processes to identify pain points and potential failure points. Understand the issues with your current processes and what you need to design out of them.
  2. Review processes through a fraud lens. Think how criminals could potentially defraud your processes; this will identify weaknesses and vulnerabilities. Involve experts who understand implicitly how to design and implement fraud detection systems.
  3. Simplify processes. Our world is complex, but the simpler our processes, the easier it is for staff and managers to understand, remember and manage them.
  4. Eliminate duplication and combine. When amalgamating organisations, you are likely to duplicate processes that ultimately do the same thing. Define the best practice and remove the processes that you don’t need. 
  5. Redesign. Process redesign should only commence once you understand your current processes.
  6. Design a fraud assurance regime. Overlay the necessary fraud prevention controls over your processes, ensuring they prevent or identify fraudulent activity. Back them up with exception analysis designed to spot fraud that has bypassed the controls. Audit the control framework regularly, looking for ways to simplify and improve effectiveness.
  7. Ensure ownership. Every process and digital platform requires an assigned owner, responsible for regularly reviewing and ensuring processes remain fit for purpose. Ensure your Information Asset Owners (IAOs) are fully trained and understand their responsibilities. 
  8. Automate where possible. Automation can massively increase efficiency and accuracy, with automated fraud detection systems closing down opportunities for fraudsters. However, don’t make the mistake of trying to automate poorly designed manual processes – the starting point for any redesign is simplicity. 
  9. Fraud education. Your employees will want to support countering fraudulent activity – continue to give them the knowledge and skills that will enable them to assist in the fight against fraud.
  10. Test and refine. Akin to cyber, plan appropriate testing of your processes to gauge if any undesirable activity is identified and reported. This will assist with prioritising potential issues.

Through the use of Artificial Intelligence (AI), existing spending and procurement datasets from each newly formed ICB can be compared using specified parameters that show deviation from regular and/or permitted activity. This will identify priority anomalies for review, including poor management, duplication and training issues, but also potential fraud. Examples include the identification of areas where contract consolidation could lead to lower prices, unexplained constant low-level resupply of items, contract splitting or false invoices. This approach could be used across many functions that are vulnerable to fraud, such as pharmaceutical and dental contracting, and even has the potential to identify modern slavery issues. 

As a greater number of ICBs take this approach, patterns and propensities can be observed and predictive modelling applied. Imagine a world where ICBs can compare the failure rate of specific items of equipment used as part of a virtual ward – are the high outliers not employing effective training or are they falling victim to resupply fraud? Or, perhaps, higher value items should be fitted with Radio Frequency Identification (RFID) technology to allow tracking, so that return can be facilitated? 

Future government reform plans have opened new, largely untapped, opportunities to prevent and identify fraud. For example, Companies House data can now be used by public bodies and, therefore, named officers or persons with significant control can automatically be cross-referenced with HR staff records and Conflict of Interest Registers as a standard part of supplier onboarding and ongoing recurrence checks.

With the extraordinary problems the NHS is facing due to staff shortages and resources, preventing and managing fraud should be a significant priority. However, it is also impossible to overlook the possibility of also saving more than a billion pounds through fraud prevention and detection.