https://orcid.org/0000-0002-8629-434X
IMPACT
This article will be of value to those working across the National Health Service (NHS) and particularly to those engaged in counter fraud activities across the public sector. As well as having national value, this article will be of international relevance as it speaks to the responsible guardianship of public funds. This article evidences the ways in which counter fraud services across the NHS in England are disjointed and some of the causes for such disjointedness. Official reports estimate that at least £1.2 billion, approximately 1% of the NHS budget, is annually lost to fraud. At a time when the NHS is facing unprecedented demand on its resources due to austerity policies, Brexit and the global pandemic, and with no clear indication of significant additional investment, any loss of NHS funds could have significant impact on patient care and so a better understanding of counter fraud responses in the NHS is potentially pivotal to future responsible handling of public money.
ABSTRACT
This article presents first-hand experience of those delivering counter fraud services, demonstrating the extent of disjointedness in responses to fraud against the National Health Service (NHS). This sample study of local counter fraud specialists working across England, indicates that the current counter fraud landscape creates the structure and conditions for reduced ‘effectiveness’ of counter fraud provisions, including great variability across regions and across types of fraud. This article evidences the need for future research to better understand and strengthen counter fraud provision across the NHS.
Introduction
At a time when the National Health Service (NHS) is facing unprecedented demand on its resources with no clear indication of significant additional investment due to austerity policies, Brexit and the global pandemic, any loss of NHS funds could have significant impact on patient care. Policy-makers consistently stress how funds lost to frauds and other financial crimes ‘affects the ability of the NHS to improve health outcomes for people in England, as resources are wrongfully diverted and cannot be used for their intended purpose’ (NHS England and NHS Improvement, Citation2013, p. 4). For the purposes of this article, we describe ‘fraud’ as the loss or potential loss of income or funds—or access to data that facilitates the loss of income/funds—by individual and organizational victims, on-line and off-line, through a variety of unlawful means, including abuse of trust, deception, misappropriation, or misrepresentation. The UK government’s 2019–2022 Economic Crime Plan defines economic crime as a much broader category of activity ranging from terrorist to insider trading; these are not all included within the term ‘fraud’ for the purposes of this article.
This article reflects upon the types of fraud and financial crimes likely to threaten the NHS and the evolution—and consequences—of the current organizational response(s). The article is drawn from a research study, developed with the support of several NHS agencies. Pre-research that has been undertaken to validate the need for such a study provides insights into what would appear to be a complex and confused landscape of jurisdictions, agencies and policies. This pre-research includes a sample study of local counter fraud specialists working across England, the results of which indicates that the current counter fraud landscape creates a structure and the conditions for reduced ‘effectiveness’ of counter fraud provisions, including great variability across regions/trusts and across types of fraud. However, there is currently no other data which provides insight into the range and variability of counter fraud provision across the NHS in England.
Identifying the scope of the problem: costs and types of fraud in the NHS
The NHS Counter Fraud Authority (NHSCFA), a health authority focused entirely on counter fraud work (fraud, bribery and corruption) that is directly accountable to the Department of Health and Social Care (DHSC), estimates that the NHS is vulnerable to £1.2 billion worth of fraud and economic crime each year (NHSCFA, Citation2022). This figure may be a significant underestimate if additional fraud and corruption losses associated with pharmaceutical companies are included (Button & Leys, Citation2013). Estimating levels and value of fraud losses within the NHS in England with any degree of accuracy is difficult. However, acknowledging the impossibility of exact counting of fraud does not undermine the strong evidence that economic crime is rife; the much-cited £1.2 billion figure is, in itself, suggestive of the ‘fairly grim statistics’ (Jordan-Boyd, Citation2020) of fraud losses in the NHS.
The NHSCFA’s Strategic Intelligence Assessment identifies an extensive typology of frauds against the NHS and offenders, including:
Procurement fraud.
Data manipulation fraud.
Patient exemption fraud.
Frauds by pharmaceutical contractors.
Frauds by general practice (GP) contractors.
Frauds by dental contractors.
Fraudulent access to the NHS by overseas visitors.
Frauds by optical contractors.
Frauds by NHS staff.
The NHS in England also contains structural factors, such as individual control over resource decisions, which create opportunities due to both the scale of expenditure and the complexities of the organizational shape. This structural complexity makes supervision and accountability extremely challenging. While NHS England controls the overall budget, healthcare services across the NHS in England are fragmented between primary and secondary healthcare, and between specialisms. Primary healthcare is divided between health trusts, which are still controlled by NHS England, and foundation trusts, which are largely autonomous. Secondary care is separated into specialisms such as dentists, opticians and GPs. Different providers are effectively run as separated businesses, though ostensibly heavily regulated and under central government control through such mechanisms as the NHS Standard Contract (NHS England, Citation2022a). Health provision’s vulnerability to fraud has been exacerbated by the inclusion of the private sector through the Health and Social Care Act 2012. It has been argued (Button et al., Citation2007a) that this may have facilitated opportunities for abuse as it embraced the replacement of centralized policies with arm’s-length influence over healthcare providers and the increase of service provision by private providers.
The evolving fraud landscape
The Health and Care Act 2022, which applies to England, may improve the current fragmented approach as it introduced integrated care systems. These replaced the framework that had promoted competition between organizations with a system favouring co-operation (The King’s Fund, Citation2023). The integrated care boards (Establishment) Order 2022 states that providers of services within the NHS should collaborate in order to best meet the needs of patients through ‘NHS system working’ (NHS England, Citation2022b). This move toward collaboration and joined-up thinking is not yet fully mirrored in the most recent responses to fraud.
1994–2006
The issue of fraud and corruption in the NHS has been on the agenda since 1994. At that time, the Audit Commission was the public body that provided a mandatory and England-wide external audit service and its audit and fraud manual was a companion volume for local government. The manual highlighted a number of fraud risk areas, while further studies argued for the adoption of an anti-fraud culture with money spent on the prevention and investigation of fraud, particularly where the police were not likely to take on cases. An NHS ‘Fraud Supremo’ (Lord Clement-Jones, Citation1998) was appointed in 1998 by the Labour government, together with the establishment of a counter fraud service.
The service was initially a co-ordinated operation between policy and other staff within the Department of Health and operational staff—counter fraud operational services (CFOS)—employed within ‘volunteer’ health authorities. In 2003, the counter fraud service was set up as a special health authority which took over the prescription pricing authority fraud unit, created a dental fraud unit and assumed responsibility for general security matters. The service was renamed as the Counter Fraud and Security Management Service (CFSMS). By 2006 the CFSMS’ budget was over £14 million a year and it employed some 250 staff. Its powers included accessing records, running a hotline, match data, carrying out sample checks and running intelligence operations. Part of its work was the vetting and oversight of, and in-house training for, local counter fraud officers (later called ‘counter fraud specialists’ [LCFS]). Access to a LCFS was a mandatory requirement for every trust or NHS agency.
2006–2021
In 2006, the CFSMS’s special status was removed when it was relocated as a division of the NHS Business Services Authority (NHSBSA) and renamed as NHS Protect with some 160 staff. A review into both the extent of NHS Protect’s responsibilities and perceptions of a continuing uneven relationship between it, the then Department of Health and the NHS, resulted in the establishment of a Department of Health Anti-Fraud Unit (AFU). The AFU had the mandate to investigate fraud within the Department of Health and arm’s-length bodies outside NHS Protect’s remit. At the same time, the responsibility for security was removed from NHS Protect and placed with individual trusts. This ended NHS Protect’s oversight and other roles relating to LCFS learning support and training.
In 2007, NHS Protect was relaunched as the NHSCFA, accountable to the AFU. The NHSCFA would concentrate on a national overview of fraud, as well as focusing on complex cases. On paper it was also responsible for a range of other activity: receiving NHS bodies’ reporting on anti-fraud and anti-corruption arrangements under the standards for providers; undertaking general fraud awareness and risk work; providing LCFSs with more intelligence and information on trends; working with them to improve performance through formulating strategies, collaboration and partnership; and benchmarking and assessing local initiatives.
2021–2023
In 2021, the DHSC launched a three-year counter fraud strategy that reflected the current multi-institutional configuration and collective approach to fraud. This strategy included NHS England and NHS Improvement self-investigating allegations of fraud both internally and across its constituent parts, and the introduction of NHS England’s in-house counter fraud team that would ‘embed awareness of fraud risks, how to report fraud and ensure a counter fraud culture permeates throughout NHS England’ (NHS England, Citation2019). The DHSC AFU continues oversight of the NHSCFA; the AFU’s roles include investigating allegations of fraud and corruption in the Department, its arms-length bodies (ALB) and companies owned by the Secretary of State where the health service is not affected; providing advice on fraud prevention for emerging DHSC policies; and, providing support and co-ordination in the development and delivery of counter fraud work. The NHSBSA is responsible for the Prescription and Dental Exemptions Checking Services, while optical fraud is the responsibility of the counter fraud section of the local integrated care boards.
Two additional changes not mentioned by the strategy were the extension of the 2018 Counter Fraud Functional Standard—a set of competency standards ‘required’ of those involved in anti-fraud work at central government level—across the public sector. The standard was launched within all NHS bodies in January 2021, introducing the concept of a counter fraud champion. The champion is seen as a key strategic and network position within an organization. It is promoted as a function that can be added to an existing senior NHS management role, such as deputy director of finance, director of risk, hr director, operations lead, a senior governance lead or a person who is in a senior and influential position within the organization.
The current patchwork
In June 2023, the NHSCFA launched its Strategy 2023–26 and Business Plan 2023–24, which set out its key priorities for the coming years, detailing how it intends to work collaboratively with the health sector to understand, find and prevent fraud in the NHS. This emphasised that the NHSCFA would ‘lead the NHS counter fraud community to drive measurable improvements in the counter fraud response through collaborative partnerships and provide support, advice and guidance to the counter fraud community in developing capability and capacity to respond to fraud’ (NHSCFA, Citation2023).
In so doing, however, the NHSCFA Strategy noted that it was being proposed within a complicated and extended patchwork of stakeholders, as well as involving a range of seven different partnerships. These included the Public Sector Fraud Authority (PSFA); the AFU; the NHSBSA; NHS England;, the DHSC Counter Fraud Board (chaired by DHSC and including the NHSCFA, the AFU, NHSBSA, NHS England, the PSFA and the NHS Health Security Agency); the Counter Fraud Liaison Group (CFLG) (counter fraud leads from each of the DHSC ALBs and a representative from the companies owned by the Secretary of State for Health and Social Care); and the Control Strategy and Strategic Tasking Group (CSSTG) (comprising members of the wider health group to collectively agree priorities and areas for counter fraud activity).
Both the NHSCFA and NHS England have enforcement powers, but day-to-day counter fraud provision still lies with LCFSs. All NHS organizations are required to have access to one or more LCFS but these could be employed internally or shared with neighbouring NHS bodies (often through public audit agencies, or employed through an external contractor). LCFSs were expected to work closely with counter fraud champions, audit committee chairs and directors of finance/chief financial officers. They are also required to work and act in accordance with NHSCFA guidance and relevant legislation as well as being ‘nominated’ to the NHSCFA by the NHS organization(s) which employs them (or contracts them in). The direct links between national and local level have, since 1994, been largely dissolved. Now the NHSCFA works ‘collaboratively and in partnership’ with LCFSs, to ‘support and provide guidance and assistance’ at the local level to what it describes as the operational leader responsible for delivering a comprehensive counter fraud service to their NHS body.
Knitting together—and unpicking—patchwork components
The number of agencies, and the presence of boards and groups, suggests there is much scope for confused intersection, both in daily activity and in policy setting, as well as gaps in terms of responsibility, reporting and oversight, including at the local level. For example NHS England is responsible for investigating frauds which do not meet the case criteria for an NHSCFA investigation (NHS England, Citation2019). However, ascertaining this status is not always straightforward—resulting in investigations started by one organization being passed to another.
This may be problematic on an operational level. According to established case acceptance criteria, the NHSCFA are responsible for the investigation of cases where allegations are particularly serious, complex, or involve suspected organized criminal activity (NHS England, Citation2019). This will not always be apparent at the beginning of an investigation and cases will move between organizations as further intelligence emerges. Equally problematic, the NHSCFA have different investigative powers to NHS England, in particular those contained within the Investigatory Powers Act 2016 and Health Act 2006 (NHS England, Citation2019). This raises operational challenges where cases move between the organizations or between LCFS investigations and the NHSCFA. While not insurmountable, the sharing of intelligence is made more challenging by the asymmetric powers of these organizations.
In developing a project to explore these issues, the research team undertook a pilot survey of the LCFSs to see how far the emergence of a patchwork response has affected their operational work. LCFSs were the focus as they have been a mandatory presence as NHS responses to fraud have evolved. The survey was co-designed with LCFS partners to ensure maximum interest and engagement through identifying issues and challenges which most resonated with LCFS staff on the ground. Eight LCFSs were approached, having been identified and contacted by research partners also working in counter fraud within the NHS. One had less than three years’ experience, one had between three and 10 years of experience, and six had over 10 years’ experience. Four were from the North-east, two from the North-west, one from London and one from the South-east. All had undertaken the mandatory training and pursue continuing professional development from various sources and of varying quality. Four were employed by a single trust and four were employed by a consortium. Of the former, only one worked for a single trust; the others were shared across at least two trusts. Of the latter, one worked for a single trust, one worked for two trusts, one for three trusts and one across 15. While our sampling strategy was not randomized, in that participants were contacted via established relationships with a project research partner, the results of this survey are extremely valuable in evidencing the need for further research in this area.
Outside of the NHSCFA requirements, respondents showed variable awareness of frameworks of strategies, action plans, implementation and monitoring in terms of responses to fraud across the NHS in England, at national level. Three LCFSs indicated no knowledge and three only indicated awareness. Only two LCFSs demonstrated detailed knowledge but one of those noted that:
Each NHS organization has a risk based workplan that sets out what the individual organization will deliver. Some also have defined counter fraud strategies but you are wholly dependent on how engaged they are. The NHSCFA has a national strategy but this is completely divorced from the reality of local delivery. Nothing from the DHSC feeds into local counter fraud delivery and local delivery in the NHS sits outside of the PSFA remit. It means the requirements are really the only framework and these are interpreted and evidenced very differently according to the provider.
The NHSCFA’s own surveys have also noted these negative operational consequences, drawing attention to the need for: reciprocal engagement with local counter fraud community; appetite for an NHS-wide approach to counter fraud strategy with common standards and agendas; improved local support, collaboration, intelligence sharing and centralized intelligence; and, determining the different local and national priorities. Similarly, at the local level, the form of counter fraud provision is not articulated and therefore may be manifested as a system of rigorous investigation and prosecution for one provider and a series of poster campaigns by another. As highlighted by a member of the CFA: ‘If they [providers] have received paper assurances from internal and external auditors, and from local counter fraud providers regarding the response taken to fraud risks, some boards and audit committees may be inclined to tell themselves “job done” and move on to their next agenda item’ (Jordan-Boyd, Citation2020).
Finally, with the increased integration approach introduced in 2022, this patchwork will likely be exacerbated due to the combining of primary and secondary healthcare provision (NHS England, Citation2019). The current counter fraud landscape is conflicting at policy level, confused at the level of enforcement and about to enter a further period of turmoil with the introduction of integrated care boards. Even before the new integrated care boards, NHS England and other policy-makers recognized that the lines of accountability regarding counter fraud arrangements were blurred (NHS England, Citation2019). This blurring undoubtedly impacts on the effectiveness of any counter fraud provision.
Conclusion: the importance of mapping the patchwork in practice
The large-scale presence of fraud within and against the NHS is unanimously acknowledged across NHS organizations and by politicians. Measuring the extent of loss to fraud is problematic, but even the conservative £1.2 billion/1% of the NHS budget the NHSCFA estimates to be lost annually to fraud (NHSCFA, Citation2022) is significant at a time of economic crisis for the NHS. Given the extent of the fraud threat against the NHS, more needs to be known about what is being done both centrally and at health provider level, to tackle fraud. Responses to NHS frauds are confused at both the level of policy and enforcement. At a national level, there appears to be a great appetite to improve the current system of multiple agencies, moving away from the duplication of both policy and enforcement roles (NHS England, Citation2019). Agencies such as NHS England, the NHSCFA and the NHSBSA certainly use collaborative rhetoric around the need to join up counter fraud thinking (NHS England, Citation2019). This approach aligns with the introduction of integrated care boards and the language of the spirit of collaboration (Alderwick, Citation2021).
What this collaboration means at the level of counter fraud enforcement is still not clear and NHS England has conceded that ‘since the creation of NHS England the responsibility for conduct of fraud investigations within primary care has lacked clarity in certain instances’ (NHS England, Citation2019, p. 30) This lack of clarity at a higher level is likely reflected in the varied counter fraud practice on a local level that our pilot has indicated.
One identified approach to improving counter fraud provision across the NHS in England is to improve the sharing of information and for providers to better collaborate. This collaboration may look like the better sharing of information regarding common forms of fraud witnessed at a local level. The NHSCFA already have some measures in place to both collect and disseminate details of frauds, including through their website and through the publication of annual Strategic Intelligence Reports. Unfortunately, however much the NHSCFA try to unify counter fraud provision across the NHS, the system itself breeds disparity, allowing for flexibility but also inconsistency, with trusts and providers ‘reinventing the wheel’. Collaboration and the sharing of good practice would be required to overcome not only organizational disparity, but the evident public/private divide.
Whatever the solutions, there has been limited academic research into counter fraud responses across the NHS and the literature that has been produced is now largely outdated (for example Button et al., Citation2007b). Further research must be carried out to better inform national and local counter fraud policy within the NHS in England. This research must take a far broader perspective than policy-makers have to date, embedding and capturing more voices and experiences of counter fraud provision, from directors of finance, to counter fraud specialists, to frontline health workers, as well as to patients and the public. At present, fraud appears far down a list of priorities of decision-makers outside of the counter fraud organizations within the NHS (Jordan-Boyd, Citation2020). This does not, however, diminish the severity of the problem and fraud continues to deplete significant portions of the NHS budget which can be ill-afforded. Future research which provides a better understanding of the fraud problem and current responses, and which brings the myriad of stakeholders together in an effort to stem the flow of loss to fraud, is crucial if the NHS is to stop haemorrhaging resources to what can be a preventable loss.
Disclosure statement
No potential conflict of interest was reported by the author(s).
Additional information
Notes on contributors
Cerian Griffiths
Cerian Griffiths is an Assistant Professor in the Law School at Northumbria University, UK, specializing in the investigation and prosecution of financial crime.
Alan Doig
Alan Doig is a UK-based consultant in corruption, fraud and public ethics and has extensively published on fraud investigation and financial crime in the public sector.
Jackie Harvey
Jackie Harvey is Emeritus Professor in the Business School at Northumbria University, UK, specializing in money laundering.
Katie Benson
Katie Benson is Lecturer in the School of Social Sciences Criminology at the University of Manchester, UK, and conducts research in the areas of money laundering and organized financial crimes. She is an Associate Fellow at the RUSI Centre for Financial Crime and Security Studies.
Nicholas Lord
Nicholas Lord is Professor of Criminology in the School of Social Sciences at the University of Manchester, UK. His research includes bribery and corruption, fraud, corporate and white-collar crime, illicit finance and money laundering, regulation theory and comparative criminology.
References
- Alderwick, H. (2021). England’s New Health and Care Bill. BMJ, 374, 1767.
- Button, M., Frimpong, K., Smith, G., & Johnston, L. (2007a). Professionalizing counter fraud specialists in the UK: assessing progress and recommendations for reform. Crime Prevention and Community Safety, 9, 92–101.
- Button, M., Johnston, L., Frimpong, K., & Smith, G. (2007b). New directions in policing fraud: The emergence of the counter fraud specialist in the United Kingdom. International Journal of the Sociology of Law, 35, 192–208.
- Button, M., & Leys, C. (2013). Healthcare Fraud in the new NHS market—a threat to patient care, Centre for Health and the Public Interest. https://chpi.org.uk/papers/reports/healthcare-fraud-in-the-new-nhs-market-a-threat-to-patient-care/.
- Jordan-Boyd, M. (2020). Why fraud must top NHS agendas. Public Finance. https://www.publicfinance.co.uk/opinion/2020/02/fraud-must-be-top-nhs-agenda.
- Lord Clement-Jones. (1998). https://hansard.parliament.uk/Lords/1998-11-10/debates/c6bad338-03f6-4ad4-9c29-841f0727a58d/NhsDirectorOfCounterFraudServices.
- NHSCFA. (2022). Strategical Intelligence Assessment, 2021-22. https://cfa.nhs.uk/about-nhscfa/corporate-publications/strategic-intelligence-assessment/SIA-2022-fraud-vulnerabilities.
- NHSCFA. (2023). NHSCFA Strategy 2023–26.
- NHS England. (2019). Tackling fraud, bribery and corruption economic crime strategy 2018-2021. https://www.england.nhs.uk/wp-content/uploads/2013/06/tackling-fraud-bribery-and-corruption-economic-crime-strategy-2018-2021.pdf.
- NHS England and NHS Improvement. (2013). Tackling fraud, bribery & corruption: policy & corporate procedures. https://www.england.nhs.uk/publication/tackling-fraud-bribery-and-corruption-policy-and-corporate-procedures/.
- NHS Standard Contract. (2022a). https://www.england.nhs.uk/nhs-standard-contract/22-23/.
- NHS Standard Contract. (2022b). Technical Guidance. https://www.england.nhs.uk/wp-content/uploads/2022/03/nhs-standard-contract-22-23-technical-guidance-march-25-update.pdf.
- The King’s Fund. (2023). Health and care act: key questions. https://www.kingsfund.org.uk/publications/health-and-care-act-key-questions.