Chronic under-investment in security in many areas across the NHS means increased vulnerability to an ever-growing range of security and crime threats, writes Jim O’Dwyer.
About the author: Jim O’Dwyer of AEGIS Protective Services is a former Met Police man, now an expert witness in workplace-related violence and physical intervention and restraint; subjects he’s written about for us before. He’s a founder member of the Institute of Conflict Management; and chief instructor at Bournemouth Aikido Club. Visit aegisprotectiveservices.co.uk.
Traditionally in the NHS, expenditure on ‘security’ has been regarded by most NHS Trust Board members as an unwelcome expense rather than a ‘necessary’ investment. This sentiment has persisted because a persuasive ‘business case’ for appropriate investment (justified in terms of the probability of occurrences, the likely total cost of loss to be suffered and the potential reduction in those costs through investing in ‘security’ measures) has not been presented. A problem for ‘number crunchers’ is that no established methodology exists to enumerate the full extent of the impact of crime and security breaches in the NHS. So, it’s only possible to estimate total costs – and estimates are only estimates. If the estimates used are inaccurate, it presents difficulty deciding levels of investment in security (which are usually linked to the estimate of potential loss that could be eliminated). Without an accurate picture of the losses and the causes, how can NHS trust boards gauge how much to invest, or set meaningful targets for risk reduction?
Cost of violence
It’s often cited that violence costs the NHS in the region of £69m per year. However, that figure was just a rough ‘guestimate’ made by the National Audit Office in 2003. In the NAO report, A Safer Place to Work: improving the management of health and safety risks to staff in NHS trusts, it was estimated that the direct cost of work-related incidents was £173m per annum, (excluding staff replacement costs, treatment costs and compensation claims). The NAO then reasoned that since violence and aggression accounted for about 40pc of the incidents reported, a crude estimate of the ‘direct cost’ of violence in the NHS was likely to be at least £69m. However, this took no account of the human costs, such as physical and/or psychological pain and increased stress, nor the impact on staff confidence, low morale, poor performance and productivity. The NAO also didn’t factor in payment of sick pay if the staff member has to take time off work; treatment costs, including counselling for staff; the extra costs of temporary or replacement staff; or fees for taking legal action. If a staff member leaves the profession, it translates to a loss of experience and the wasted expense of training them.
Negative effect
Research by Peter Finch, President of the National Association for Healthcare Security indicated that two per cent of NHS staff subjected to violent assaults left the NHS as a result. Now, when you consider that about 70,000 physical assaults on NHS staff are reported annually, it could translate to 1,400 trained and qualified NHS staff quitting the occupation every year! How much would it cost to replace them? The financial costs to the NHS resulting from violence at work also includes the negative effect on corporate image including, difficulties (and extra expense) recruiting and training replacement staff. There’s also the threat of HSE prosecution of the health body and penalties for failing to provide a safe system of working for employees. In addition, there is the growing threat of criminal prosecution (under section 37 of the Health and Safety at Work Act) and prison upon conviction of individuals (including managers), who, through consent, connivance or neglect are responsible for health and safety shortcomings (inappropriate staffing, inadequate training, instruction and supervision) that result in serious harm happening – and then there’s the associated costs of replacing those individuals, too! The NAO estimate that violence costs the NHS about £69m per year is just the tip of a very big iceberg! Note: The NHS Security Management Service were not tasked to deal with patient on patient or staff on staff violence (including bullying, harassment, stalking and mobbing).
Cost of theft
Like any large organisation, the NHS is a victim of theft. Experience shows that the NHS is targeted of organised criminal gangs working to source high value medical equipment for use in foreign countries. But, thieves (including some staff) also steal low value items too. Reported thefts have included:
•CT scanner equipment and ventilators
•Ultrasound scanners
•Patient-monitoring equipment, including foetal aid monitors and swine flu respirators
•Defibrillators
•A specialist autopsy examination table
•A tractor
•Hospital beds
•Ambulance satellite navigation devices
•Computers
•Lead from hospital roof
•Nitrous oxide cylinders (laughing gas)
•Wheelchairs
•Mobility aids
•Staff uniforms
•Blankets
•Thermometers
•Pregnancy testing kits
•Prescription pads
•Stethoscopes
•A post trolley
•A kettle.
Note: It’s not an exhaustive list!
In May 2012, NHS Protect published comprehensive guidance to NHS trusts on the security and management of assets and also launched a Security Incident Reporting System (SIRS) to record all theft or criminal damage (including burglary, arson and vandalism) to NHS property and assets. The aim was to inform NHS Protect’s prevention and deterrence work, help identify trends and patterns, generate statistics and enable NHS Protect to build a national picture of security management across the NHS. However, that NHS central security management body didn’t have direct authority over local hospital trusts and could only invite them to submit information on thefts voluntarily. Whilst some NHS trusts were obliging and took their financial responsibilities earnestly, history shows that many trusts failed to co-operate sufficiently, resulting in the SIRS database failing to gain adequate information to provide a total figure for all the thefts across the NHS. As a result of inability to impose a national NHS strategy to protect and secure assets, the way in which NHS assets are purchased, distributed, used and audited continues to vary from one organisation to another and practices can even vary between departments within the same organisation!
Another problem was the NHS accounting rules, which define ‘assets’ in purely financial terms as items with a value exceeding £5,000. Many NHS health bodies only include items of this value or above on their asset registers, leaving smaller, portable, valuable items without any means of security protection, management or audit arrangement. This protocol is all the more ridiculous when you consider that a laptop computer with a value of only a couple of hundred quid could hold sensitive information on patients which, if stolen, could result in punitive fines (hundreds of thousands of pounds) being imposed on the trust by the Information Commissioner’s Office (ICO), the public authority set up to uphold data rights.
As a result of these shortcomings, it was impossible for the NHS Security Management Service to accurately identify the total value of stolen assets or assess the ‘total’ costs of thefts (not just the monetary value of the property stolen but also the impact on ability to provide care services to patients including, delays in providing operations and other medical processes due to the ‘absence’ of necessary equipment). So, how much is being stolen from the NHS?
On September 25, 2012, the Daily Mail published a news article: ‘The great hospital robbery: Defibrillators, baby heart monitors, even beds – thieves are walking out of NHS wards with vital equipment’. The article criticised NHS chiefs as: “…so blasé about the losses they don’t even have a national picture of how much equipment is being stolen, let alone a comprehensive anti-theft strategy … hospital trust managers have been allowed to bury the losses in financial reports or behind barriers of bureaucratic secrecy.”
Further into the article, it states: “While we don’t have a clear picture of how much equipment is lost every year, an important clue comes from official figures obtained by the Scottish Labour Party, which show that across Scotland in 2010, £1.13m of NHS hospital equipment went missing. If the same rate of theft is happening across the rest of Britain, we may be losing around £13m of equipment every year.” Note: The same £13 million estimate was subsequently cited in a news article published on February 2015 by the Daily Mirror. So, the only figure we have of the cost of theft to the NHS is an estimate of an estimate! Yet, the £13m figure has become accepted as the benchmark? Once again, I ask, if an organisation doesn’t have accurate information about the nature and scale of its losses, how can it determine how much to invest in loss prevention? Note: The ‘estimates’ above do not include thefts of staff or patients’ personal possessions.
Cost of fraud
Fraud is theft involving deception. The Fraud Act 2006 introduced three ways of committing fraud: by false representation; failing to disclose information; and by abuse of position. The way fraud can happen in the NHS includes claiming for work that does not exist: professionals creating ghost patients, altering prescriptions, claiming for out of hours visits, working elsewhere while off sick or masquerading as other staff; patients altering prescriptions’ managers making fake timesheet and payroll claims; and suppliers submitting bogus invoices. Claiming for higher value items; professionals dispensing a cheaper product than claimed for, or altering patient treatment details. Securing materials/services on false premises; professionals secure student bursaries; claiming for excess car mileage; falsifying credentials for applications or procurement; patients obtaining controlled drugs. And insider theft; of prescription forms or inventory.
How much is fraud costing?
NHS Protect has never published an estimate of the total losses from fraud across the NHS. However, during 2007-2008, NHS Protect carried out extensive loss analysis exercises to qualify the nature and scale of ‘patient charges evasion’ in England and Wales, which resulted in an estimate of about £156m. During 2009-2010, NHS Protect evaluated the potential loss NHS attributable to dental services fraud as about £73.2m in England. These ‘findings’ were reproduced in official statistics published by the UK’s National Fraud Authority Indicator 2013 which suggested fraud within the NHS was costing about £229m per year (that is, patient charges evasion – £156m, and NHS dental charges fraud – £73m). However, since that £229m was only the sum of the two referenced indicators, it cannot possibly represent anything like the ‘total’ cost of fraud in the NHS. In March 2014, a report published by accountancy firm BDO LLP, working with the Centre for Counter Fraud Studies (CCFS) at the University of Portsmouth, titled “The Financial Cost of Healthcare Fraud Report 2014” suggested fraud in the NHS was actually costing about £5 billion a year; and that the NHS was losing another £2 billion per year as a result of its own accounting errors (where the NHS makes overpayments by mistake to suppliers or staff). Seven billion is a lot of money – more than 20 times the amount indicated by the Government figures – and represents almost 7pc of the total annual NHS budget – enough to pay for another 250,000 nurses or fund the entire cancer care programme! The estimate of £7 billion was apparently an extrapolation based on estimated ‘global figures’ that were based upon ‘the most accurate measures of fraud conducted on healthcare expenditure from six countries in a variety of different types of expenditure’, which taken together indicated average losses to fraud and error of just under 7pc of total healthcare budgets. So, by comparison, the official figure of £229m would suggest that the NHS is doing more than 30 times better than the rest of the world in preventing and detecting fraud and error!)
A problem is that, when you interrogate the methodology used to arrive at the estimated ‘global figures’ cited in the BDO LLP Report, you’ll find that they are a bit ‘flaky’ and not as reliably accurate as you may otherwise have presumed! A Department of Health spokesperson said: “The breadth of the health and care system, and the differences in processes and risk across the sectors, makes it impractical to calculate a total value for the financial loss due to fraud. The figures produced in the report can only be regarded as highly speculative.”
In a statement, the Department of Health also said it “did not recognise” the figures quoted in the BDO LLP report, or “speculate on levels of losses” and that NHS Protect had a “significant budget” and “protects and safeguards frontline NHS services”.
Whichever way you choose to look at it, the NHS is being drained of an awful lot of money by fraudsters that could and should be being spent on healthcare services and the total losses could be £billions.
Is it possible to reduce if not eliminate fraud in the NHS?
Prof Mark Button, Director of Portsmouth University’s Centre for Counter Fraud Studies, said: “By highlighting the problem and countering fraud effectively, the NHS would reduce losses and free up massive resources for better patient care. Healthcare organisations need to prioritise the problem and invest money in the right areas. Previous studies of counter fraud exercises have shown that it is possible to significantly reduce the losses with a reduction of 40pc within 12 months being considered a very reasonable expectation.”
Based on Prof Mark Button’s advice and estimates, it would make more sense to (substantially) increase expenditure on counter fraud activities rather than reduce it year on year, which is what has been happening!
Once again, I ask, if an organisation doesn’t have accurate information about the nature and scale of its losses, how can it determine how much to invest in loss prevention?
