Council member Dr Peter Ashby, FIAP has lately been thinking about fraud. He looks at ways of preventing it than responding after the event.
As analysts, we may be asked to investigate suspected fraud. Sometimes we find evidence of it and on other occasions we can only say that the results are inconclusive. Whatever the outcome our thoughts turn to the inevitable question of how it can be prevented or thwarted in the first place and we must look at the programming structure for the answers. Recently just such an occurrence may have come to light within the NHS.
The current system of payment to GPs in Primary Care assesses remunerable performance partly by the number of boxes (corresponding to clinical interventions for example) that have been ticked within a given target time. So one possible way to increase practice income would be to enter data “backdated” so as not to miss a target payment date. The end user might effect this by resetting the system clock (to before the deadline) on the client computer, entering the “late” data and then immediately resynchronising the clock. A careful audit would uncover the “error” because the back-up server is running in real time, so that there would be a discrepancy in the two versions of the same record.
Suppose, however, that the discrepancy isn’t picked up, at least in the short term. There are two effects, the first obvious – the practice is overpaid – the second less so and more insidious. This is that data reported to the Department of Health, on which care funding is assessed and subsequent political action based, are unreliable. Overpayments are simply dealt with; the Government asks for its money back and, if necessary, initiates prosecutions. But the super-tanker of State is not so easily turned round. By the time it is clear that there is a problem, laws may have been enacted, procedures drawn up, systems developed. No one is going to be thanked for pointing out that all these may have been based on unsafe foundations.
To see how this might play out, let’s examine, hypothetically, what kind of practice is most susceptible to fraud. In a small practice, the only beneficiaries would be the principal or partners themselves and they would run the risk of censure by the General Medical Council, up to and including being struck off. A moment’s thought suggests that the game is not worth the candle. Large multi-doctor clinics, the planned strategy within the NHS, on the other hand, employ many non-clinical personnel and there is often a profit-sharing scheme within such practices. Naturally, it is the non-clinical staff who do most of the data entry and they have less to lose and more to gain in skewing the data than does a GP. Further, the sheer number of staff increases the chance of a single ‘bad apple’ while decreasing the probability of their discovery.
So we might expect most fraudulent data to appear from large practices and, since this will be designed to demonstrate the efficiency of the practice, the centrally accumulated information will demonstrate that large clinics are, ipso facto, the most efficient! This might be true but these data can’t be used to support that assertion.
There might be a simple answer. Data entered on a computer, where the date does not correspond to the date and time on the server, could be blocked until the status is verified. The ingenious may find a way around this in due course but in the meantime clinical record systems would be more accurate and therefore usable.
[Something you’d like to get off your chest? Email me (Robin Jones) at eo@iap.org.uk.]
