The NHS’s embarrassing failure to prevent large-scale malpractice by Serco in its out-of-hours contract in Cornwall has raised in a very public way the question of the Department of Health’s strategy for countering the risk of fraud posed by contracts with private providers. The issue has been taken up extensively in the media, reinforced by the Home Office’s even more embarrassing failure to notice that Serco and G4S had billed it for almost £200 for tagging prisoners who had already been released or had even died. The Department of Health, however, has remained silent.
In July the Health Service Journal reported, based on a leaked document, that the Department of Health was planning ‘to establish its own fraud investigation function by poaching senior officers from NHS Protect, shrinking the national body’s size significantly as a result’. But the Department declined to comment and has made no further statement on the issue.
The Cornwall case, however, and the reported problems of quality cuts and overbilling in Serco’s contract for diagnostic tests at Guy’s and Thomas’ hospitals in London, illustrate the way opportunities for both errors and fraud become much greater with complex and lengthy contracts. This is especially true of contracts with multifarious performance requirements linked to payments, which are typical of NHS clinical outsourcing contracts. This creates multiple opportunities for mistakes to be made which can often lead to overcharging. However, added to this complexity is the influence of profit.
Contracting companies eager for business will often bid with unrealistic proposals, inadequate resources or untried ‘innovative ideas’ to win business, which once won, staff are put under pressure to make work. Contracts are sometimes sought initially as ‘loss leaders’, only for the contractors’ priorities to change, leading to pressures to make unprofitable contracts profitable. Staff unable to make this happen are often tempted – perhaps pressured – to fabricate performance data. Other more corrupt staff or companies may simply utilise the complexity as offering opportunities to make things look better. As we pointed out in the CHPI’s 2013 report on this issue, the threat of fraud expands as fast as the interface between a public payer and private providers is expanded.
The US Medicare programme, under which the Federal government pays for most of the health care costs of everyone over 65, and where all the providers are private (and mostly for-profit), shows the risks very clearly. Medicare processes 1.2 billion medical claims a year from more than a million registered health care providers. It has been designated a ‘high risk program’ because of its size, complexity and susceptibility to improper payments, which can occur within a variety of health care settings by a number of different providers, though both error and fraud. The frauds are chiefly ‘payments made for treatments or services that were not covered by program rules, that were not medically necessary, or that were billed for but never provided’.
Court cases routinely throw light on cases where fraud has occurred. For instance over the two years 2010-11 the owner of a Houston-area ambulance service submitted fraudulent claims of approximately $2.4m to Medicare for ambulance services that were medically unnecessary and/or not provided; and over the four years 2009-12 the owner of two adult day-care centres in Michigan billed Medicare for $3.4m for psychotherapy services that had not been provided.
Two things about these cases are worth noting in the English context. One is that a comparable case of fraud based on exploiting the opportunities presented by outsourcing has already been reported in England , reminding us that the NHS is not immune. The other is that successful prosecutions are the exception. The US General Accounting Office reported that in 2010 10.7% of Medicare fee-for-service payments were improper, and set a target of reducing the rate to 5.8% in 2013 – but only succeeded in getting it down to 10.1% , a reduction of just 0.6%.
Part of the difficulty is separating fraud from error. As contracting becomes more and more widespread, losses are liable to increase from both error and fraud. These require different counter-measures, and it becomes important to set up adequate systems for differentiating and measuring the two. The US has undertaken major steps in this direction, starting with the Improper Payments Information Act (IPIA) of 2002, which required public agencies to measure the extent of the problem, and continuing with the Improper Payments Elimination and Recovery Act of 2012, which requires government agencies to improve their estimates of improper payments.
In health care, using a greatly increased sample size has allowed the Centers for Medicare and Medicaid Services (CMS) to calculate a national improper payment rate and a contractor and service-specific improper payment rate, allowing the CMS ‘to assist in the development of specific, robust corrective actions to prevent improper payments from occurring in the future’. As a result, the national improper payment rate has begun to fall.
It is worth noting that the situation in the USA prior to the IPIA resembled the situation in England today. There was limited measurement of fraud in Medicare. When fraud loss measurement was suggested, senior management objected that ‘scientific measurement couldn’t be done’ . Consequently, whilst quality review processes in Medicare were in existence, none was designed to measure the level of fraud in the system. The Vice President for audit of a Medicare contractor, when asked if his company might consider random audits for fraud measurement purposes, commented: ‘There is no reward for finding fraud. There are no out of pocket losses for us. Why would we put ourselves in this painful position? We have to think about our shareholders’ . The case of Serco’s out of hours contract in Cornwall indicates that corporate thinking on these lines needs to be anticipated as much in England as in the US.
The CHPI’s 2013 report suggested that ‘an appropriately resourced unit dedicated to corporate fraud should be created within NHS Protect, with appropriate staff capable of pursuing all possible sanctions and with experience of successfully doing so.’ Nothing has happened since to alter that opinion. An adequate response to the new threat by the Department of Health is urgently required.