Forensics turns screw on NHS fraud

After three years, a dedicated computer forensics unit has uncovered evidence that has led to 114 criminal prosecutions and recovery of £500,000 in funds

The NHS has disrupted attempted fraud worth an estimated £10m after the creation of a dedicated computer forensics unit three years ago.

The Forensic Computing Unit, the first dedicated public sector computer forensics team outside the police force, is playing a front-line role in the NHS's fight against fraud by pharmacies, opticians and dental practices.

Since its creation in 2003, forensic work by the three-strong unit has led to 114 criminal prosecutions, 10 disciplinary cases against NHS staff, and the recovery of £500,000 in stolen funds.

The unit employs three forensic investigators with experience in both computer technology and fraud. It can analyse and recover deleted files and e-mails from computer hard disks, PDAs and mobile phones.

The Forensic Computing Unit's director, Mike Grieveson, said that forensic work by his staff has led to some high-profile prosecutions. "The unit has played a key role in securing many prosecutions worth millions of pounds.

"Without the forensic evidence gathered from computer systems, some cases may never have reached court and the NHS may never have recovered as much money as it has," he said.

These include the prosecution of a manager at Kings College Hospital, jailed in February for attempting to steal £600,000 by paying "phantom" employees.

In another case, the unit was able to prove that a pharmacist had wrongly claimed £100,000 in prescription fees by using his computer to forge prescription forms.

The NHS took the unusual step of creating its own forensic unit when the pressures of the international paedophile enquiry, Operation Ore, meant that police forensic units were no longer able to help the NHS with its investigations.

"The pressures on the police were increasing. The turnaround time for having a disk analysed was six months, if we could get it done at all. The cost of outsourcing the work was very high, and we realised it was cheaper to employ our own staff, " said Grieveson.

The unit forms part of the NHS's Counter Fraud and Security Management Service, which claims to have driven down pharmaceutical fraud by 41% and dental fraud by 25%, since it was formed in 1998.

Grieveson has 18 years' experience investigating fraud, gained at the Department of Work and Pensions where he worked on undercover investigations into organised criminal groups defrauding the benefits system. The two other investigators are specialists in computer security and health infomatics.

About 80% of the forensic work centres on fraud cases, but increasingly the unit is being asked by NHS trusts to investigate the inappropriate use of computers by staff at work.

In one case, investigators discovered that an IT manager, responsible for the internet filtering system at a hospital trust, had used his expertise to bypass the filters to view pornographic material in his lunch break.

Further investigation into the manager's e-mails showed that he had fraudulently sold a computer belonging to the trust.

The Forensic Computing Unit is expanding and has begun to work for other public sector organisations, including local authorities, which receive discounted rates. It also offers its services to private sector companies.

One of the most common reasons prosecutions fail is that organisations often leave computer investigations to IT staff, who may not appreciate the need to preserve evidence to standards admissible in court, said Grieveson.

"They suspect someone of surfing for inappropriate material, or of wasting time they call in the IT people and take a look at the hard drive, but they do not do it forensically. The do not realise that as soon as you boot up the machine, you change the contents of hundreds of files."

Hospital computer held record of £600,000 fraud

Joy Henry, a manager at Kings College Hospital, was jailed in February after evidence of a £600,000 fraud was uncovered on hospital computer systems.

Forensic investigators discovered that Henry, who was in charge of the payroll, had siphoned money from the hospital by paying "phantom" employees. She attempted to cover up the fraud by deleting the phantom shifts from the records, but unwittingly left an electronic footprint on the computer system.

Kings College Hospital managed to recover more than £250,000 and has begun legal proceedings to recover the rest.

Read more on IT risk management