Back in 2010, Louise Tomkins, a senior manager in the NHS, admitted stealing more than £200,000 from several NHS Trusts. She used the money to pay for thoroughbred horses, and then to run a private stud farm. Tomkins managed this by submitting false or doctored invoices for various patient services. For example, a new CCTV system for her stud farm was paid for through a bill for a new CCTV system for the hospital. She amended other bills to show that they were for special equipment for patients. Her activities were discovered only when she changed jobs, and her successor found a suspicious invoice.
In January 2017, Peter Lewis, a director of an NHS Trust, was sentenced to three and a half years in prison for accepting £80,000 in bribes in exchange for awarding an IT contract that was worth nearly £1 million in the first year.
Providing guidance and advice
In the grand scheme of things in the NHS, these are not actually very large sums, and may even be recoverable. However, Tomkins and Lewis are far from unique, and smaller amounts add up to much bigger problems. The NHS is estimated to lose around £1.29 billion each year from economic crime. Around £266 million of that is from procurement and commissioning fraud. This matters.
Health care providers around the world, including the NHS, are under increasing financial pressure to deliver more from less. It is perhaps no wonder that governments and agencies are determined to take action against this problem.
This summer, in the UK, the NHS Counter Fraud Authority issued guidance on identifying and preventing procurement fraud. The guidance includes eight ‘quick guides’ to particular areas of procurement fraud, including contract splitting and buying goods and services. These areas have been identified as potential problem areas, and the guides aim to show NHS organisations how to spot frauds, stop them from happening, and report them. There is also guidance on particular types of fraud, including payroll fraud, invoice and mandate fraud, and pre-contract fraud.
Following the rules
Much of the guidance centres on doing things right. For example, not disaggregating contracts to fall below procurement thresholds to save work, or failing to put the proper checks and balances in place. These practices, although not a problem in themselves, can leave an organisation more vulnerable to someone taking advantage, as Lewis and Tomkins did. Beyond that, though, the advice seems to be mostly "be vigilant and keep checking."
This combination – reducing opportunities and putting in regular and frequent checks – is useful, but not really enough. It can prevent some frauds by basically making them too hard to perpetrate. It can also detect some frauds after the fact, through vigilance and observation by fraud teams. However, a rules-based system is intrinsically vulnerable to fraud because people will always be able to work out ways around the rules. In addition, business rules are backwards-looking and have a tendency to generate false positives.
Beyond a rules-based system
New projects across the NHS are looking wider. They are examining trends and providing reports on specific fraud risks. They are also talking to small and medium businesses about how to detect and prevent fraud before it happens, for example, by checking that orders come from a named contact in an NHS organisation. More importantly, however, they are also talking to analytics teams.
Analytics-based approaches offer a new way of thinking about fraud. As well as detecting frauds after the event, they are able to predict potential fraud, and therefore alert organisations to problems before they have actually happened. And instead of having to watch everything, analytics-based fraud prevention systems can highlight areas for fraud teams to target and investigate. They can also identify vulnerabilities and help to put safeguards in place.
How analytics works
These analytics systems work in several ways. They usually have a rules-based core, so they immediately flag anything that breaks the rules. On top of that, however, they can identify anomalies: payments made to the same address, as an employee or odd patterns of invoicing. Artificial intelligence (AI) systems can learn from experience by looking at previous cases of fraud, and then detect patterns of behaviour often associated with fraud. Network analytics can often identify major frauds by finding connections and associations between people and third parties ranging from suppliers to business partners, such as shared telephone numbers or internet addresses.#Analytics-based approaches offer a new way of thinking about #fraud. As well as detecting frauds after the event, they are able to predict potential fraud, and therefore alert organisations to problems before they have actually happened. Click To Tweet
The potential to prevent fraud, rather than merely detecting it after the event, is massive. Organizations can save money instead of having to claw it back from offenders. Analytics has huge potential for safeguarding taxpayers’ money in health care procurement fraud around the world, and it is good to see organizations harnessing that potential.