Our Fraud Risk Services team consider the key areas of fraud risk within the private healthcare sector and the anti-fraud procedures organisations can develop to reduce those risks.
The increasing use of private healthcare by both the public and the NHS provides an increasingly attractive target for fraudsters, from both outside and inside organisations. This, along with the introduction of the new corporate criminal offence of ‘failure to prevent fraud’, means that the private healthcare providers need to prepare for when, not if, fraud takes place on their doorstep.
Increase in employee fraud
Figures obtained by RSM UK under a freedom of information (FOI) request show a 10% rise in reported fraud cases committed by employees against their employers. The data obtained from City of London Police also shows that there was a fivefold increase in total losses stolen through employee fraud, with an average loss of £256,668 per incident. The increase in both the volume and value of funds stolen by employees highlights that robust measures are essential to protect against fraud. These types of crimes are particularly damaging to private healthcare providers, as they can cause widespread reputational damage and loss of patient and employee trust, in addition to financial loss.
Demonstrating the government’s commitment to tackling fraud, later this year, the Economic Crime and Corporate Transparency Bill is set to become UK law. This will bring into law a new corporate criminal offence of ‘failure to prevent fraud’ and see organisations being held to account if they profit from the fraudulent actions of their employees. It’s proposed that this offence will apply to large organisations (more than 250 employees, £36m turnover and £18m in total assets) and they can avoid prosecution if they are able to demonstrate that there are reasonable procedures in place to prevent fraud.
The healthcare sector is no stranger to fraud, with the NHS losing on average £1.198 billion every year. However, private healthcare providers are subject to additional fraud risk due to the financial incentives, targets and opportunities to manipulate data/records for organisational or personal gain. With a growing number of patients turning to private healthcare due to growing NHS wait times and preferential services, plus the NHS turning to private healthcare providers to deliver key NHS services, the opportunity for fraud within the private healthcare sector is mounting.
Types of private healthcare fraud
Whilst the private healthcare can be a target for fraudsters, there are several types of internal private healthcare fraud, which may be unique to each organisation. Some examples are below with accompanying suggestions to mitigate each of the fraud risks.
Although not strictly fraud, employees accepting payments or gifts in exchange for preferential treatment or for awarding contracts or business to specific vendors is covered by the Bribery Act 2010. This can be mitigated by implementing a clear policy and code of ethics covering declarations of interests, conducting regular training on anti-bribery and regularly reviewing contracts and transactions with vendors for any signs of impropriety.
Create an anti-fraud culture
According to a report from the Association of Certified Fraud Examiners (ACFE), 29% of fraud is due to a lack of internal fraud prevention controls, with 20% overriding existing controls and 16% due to a lack of management review. To minimise fraud risk and improve fraud detection, organisations should have the following in place:
- ensure that there are confidential and clearly defined reporting routes, supported by a sound whistleblowing policy and process, with a feedback mechanism where appropriate. Respond quickly to suspected fraud by initiating an investigation, documenting evidence and involving a counter-fraud specialist or the police. Prompt action can prevent further losses and minimise fraud impact;
- provide periodic anti-fraud training for all employees as well as bespoke training for key risk areas such as finance, procurement and HR/recruitment. Training should incorporate the publication of successful sanctions where appropriate to demonstrate the organisation’s approach;
- have in place a regularly reviewed anti-fraud policy that outlines the organisation’s approach to fraud, responsibilities, and tone from the top. The policy should be widely publicised, internally and externally, and supported by a response plan for when incidents occur. In addition, it should have an annual strategy for combating fraud; and
- formal fraud risk assessments should be conducted periodically to identify and measure areas within the organisation susceptible to fraud. These areas may require further proactive testing, training and increased controls. The fraud risk assessment should feed into the annual fraud strategy, which defines the areas of focus for that year.
Conclusion
The combination of an economic crisis, cost-of-living challenges, geopolitical uncertainties and the rise of agile working has significantly increased the risk of employee fraud within private healthcare providers. Recent legislation will soon require some of these providers to establish procedures to prevent fraud. It is crucial for organisations to act proactively by implementing robust fraud prevention measures, adapting to the changing dynamics of the workplace, and investing in advanced technologies. By doing so, they can mitigate the financial and reputational damage caused fraud, as well as prevent the risk of finding themselves liable under the proposed new corporate offence.
If you would like to discuss how to mitigate fraud within your healthcare setting, please contact Erin Sims or Emily Wood.