The NHS has disrupted attempted fraud worth an estimated
£10m after the creation of a dedicated computer forensics unit
three years ago.
The Forensic Computing Unit, the first dedicated public sector
computer forensics team outside the police force, is playing a
front-line role in the NHS's fight against fraud by pharmacies,
opticians and dental practices.
Since its creation in 2003, forensic work by the three-strong
unit has led to 114 criminal prosecutions, 10 disciplinary cases
against NHS staff, and the recovery of £500,000 in stolen
funds.
The unit employs three forensic investigators with experience in
both computer technology and fraud. It can analyse and recover
deleted files and e-mails from computer hard disks, PDAs and mobile
phones.
The Forensic Computing Unit's director, Mike Grieveson, said
that forensic work by his staff has led to some high-profile
prosecutions. "The unit has played a key role in securing many
prosecutions worth millions of pounds.
"Without the forensic evidence gathered from computer systems,
some cases may never have reached court and the NHS may never have
recovered as much money as it has," he said.
These include the prosecution of a manager at Kings College
Hospital, jailed in February for attempting to steal £600,000 by
paying "phantom" employees.
In another case, the unit was able to prove that a pharmacist
had wrongly claimed £100,000 in prescription fees by using his
computer to forge prescription forms.
The NHS took the unusual step of creating its own forensic unit
when the pressures of the international paedophile enquiry,
Operation Ore, meant that police forensic units were no longer able
to help the NHS with its investigations.
"The pressures on the police were increasing. The turnaround
time for having a disk analysed was six months, if we could get it
done at all. The cost of outsourcing the work was very high, and we
realised it was cheaper to employ our own staff, " said
Grieveson.
The unit forms part of the NHS's Counter Fraud and Security
Management Service, which claims to have driven down pharmaceutical
fraud by 41% and dental fraud by 25%, since it was formed in
1998.
Grieveson has 18 years' experience investigating fraud, gained
at the Department of Work and Pensions where he worked on
undercover investigations into organised criminal groups defrauding
the benefits system. The two other investigators are specialists in
computer security and health infomatics.
About 80% of the forensic work centres on fraud cases, but
increasingly the unit is being asked by NHS trusts to investigate
the inappropriate use of computers by staff at work.
In one case, investigators discovered that an IT manager,
responsible for the internet filtering system at a hospital trust,
had used his expertise to bypass the filters to view pornographic
material in his lunch break.
Further investigation into the manager's e-mails showed that he
had fraudulently sold a computer belonging to the trust.
The Forensic Computing Unit is expanding and has begun to work
for other public sector organisations, including local authorities,
which receive discounted rates. It also offers its services to
private sector companies.
One of the most common reasons prosecutions fail is that
organisations often leave computer investigations to IT staff, who
may not appreciate the need to preserve evidence to standards
admissible in court, said Grieveson.
"They suspect someone of surfing for inappropriate material, or
of wasting time they call in the IT people and take a look at the
hard drive, but they do not do it forensically. The do not realise
that as soon as you boot up the machine, you change the contents of
hundreds of files."
Hospital computer held record of £600,000
fraud
Joy Henry, a manager at Kings College Hospital, was jailed in
February after evidence of a £600,000 fraud was uncovered on
hospital computer systems.
Forensic investigators discovered that Henry, who was in charge
of the payroll, had siphoned money from the hospital by paying
"phantom" employees. She attempted to cover up the fraud by
deleting the phantom shifts from the records, but unwittingly left
an electronic footprint on the computer system.
Kings College Hospital managed to recover more than £250,000 and
has begun legal proceedings to recover the rest.