It is estimated that fraud costs the NHS £1.198 billion per year. Exact figures are hard to obtain, but all reports suggest that fraud continues to be a major problem for the NHS. If this fraud could be prevented it would be sufficient to fund 40,000 extra nurses.
Unfortunately, we know from previous experience that when individuals’ financial circumstances are under stress the risk of them committing fraud increases. Therefore, as we enter a period where there is a “cost of living crisis” it would be sensible to assume that fraud may increase, and practices should review their internal controls and financial governance.
In this short video, Healthcare Partner Andrew Leal highlights the key advice for reviewing your practice’s policies for the prevention of fraud.
As employers, we don’t know everything that is going on the in the lives of staff, who may be under extreme financial pressures. As a result, they may be tempted to steal or to misappropriate funds, even though normally this would be completely out of character and something they would never consider doing. This can have tragic consequences for both the practice and the individual concerned.
NHS Counter Fraud Authority
The NHS has established the NHS Counter Fraud Authority. This is a centre of excellence, employing specialists in intelligence, fraud prevention, computer forensics, fraud investigation, financial investigation, data analysis and communications. It is a useful source of information on fraud and fraud prevention, and they have also produced a fraud awareness toolkit. Information on how to prevent fraud can be found here.
In this article we will look briefly at five types of fraud:
Insider fraud
This type of fraud is perpetrated by somebody within the organisation and can cause a catastrophic loss to the practice, potentially running to hundreds of thousands of pounds. Examples of this type of fraud include false payment requests, creating fictitious suppliers or intercepting payments to suppliers. Early in 2022 it was identified that a practice in the north of England had lost £580,000 to a fraud by a practice manager.
Invoice fraud
With this type of fraud, fraudsters rely on practices failing to verify invoices against a list of known suppliers and simply pay them without checking. Alternatively the fraudsters may send a letter to a practice advising the practice of a change of bank account details for a regular , supplier re- sulting in payments being diverted to the fraudster.
CEO fraud (bogus boss fraud)
An example of this type of fraud would be where a member of the practice staff responsible for making payments receives an e-mail that appears to come from a partner instructing them to make a payment using online banking. The staff member making the payment does not realise that the partner’s e-mail account has been hacked and the request is fraudulent. As the partner’s e-mail account has been hacked, these emails will often mimic the style of the partner and can be very convincing.
Online fraud
Here the fraudster’s aim is to find a way of trick- ing staff into revealing online banking usernames, passwords and security information by clicking on links or opening attachments in so-called phishing emails. Phone calls and text message scams are another method of obtaining information to perpetrate this type of fraud. Another example of online fraud would be cyber extortion, perhaps where ransomware is used to demand a payment or face a threat, typically of confidential information being released.
Employee fraud
This type of fraud involves employees or locums claiming to have qualifications that they don’t actu- ally hold, or making other misrepresentations in or- der to obtain a financial advantage. This might also include claiming to have indemnity insurance when they don’t.
Primary care networks
When primary care networks (PCN) were established they were set up quickly and at the time the funds passing through the PCNs were relatively modest. As a result, relatively little consideration was given to establishing strong systems of governance and financial control. However, over the last couple of years the level of funding passing through PCN accounts has increased considerably, and as a result, there is a great need to review and improve the governance surrounding PCNs. There have already been a number of incidences of fraud within primary care networks and other GP groups and federations.
In one particular case the amount defrauded was in excess of £1,000,000. We therefore believe it is essential that all PCNs review their systems of control and governance to reduce the risk of them being susceptible to fraud.
Warning
No policy document or set of internal controls can be guaranteed to prevent fraud or other financial irregularities. Practices and primary care networks should be vigilant, and review their procedures regularly for weaknesses. All systems of control for the prevention of fraud represent a trade-off between the cost of implementing additional controls and the perceived risk of loss as a result of fraud occurring. The purpose of a fraud prevention policy is to try to reduce the risk of fraud or misappropriation to acceptable levels.
Contact us
If you would like assistance with reviewing your practice’s policies for the prevention of fraud and to define levels of responsibility and accountability for staff undertaking financial transactions, please contact your local MHA healthcare team by using our online enquiry form.
