Procurement has a tough job. First, there are thousands of vendors and third parties that must be selected, vetted and then tracked each month. To complicate matters, most vendor procurement software services that exist were developed decades ago and have not kept up with the needs of today’s procurement departments for reporting, tracking, and innovation.
At ProviderTrust, we see this all the time. When conducting exclusion monitoring on individuals, the records are easily obtainable and identifiable in one or a few HRIS data systems. It is not complicated to pull, update and send an employee file for exclusion monitoring for human resource departments in today’s healthcare environment; however, it is a totally different story when it comes to an entity and third-party data. Thus, it is not a surprise that there is procurement fraud in healthcare because of the world procurement and vendor risk management lives in.
One of the most interesting problems in procurement management is simply knowing and having easily available, a list of current vendors the healthcare organization is doing business each year – let alone, each month. These lists usually reside in multiple places and are not complete, current or correct. By its nature, multiple people or departments gather or come in contact with important vendor information. Rarely, is there one single department of datasets that contains all the needed information on entities or third parties.
An example of the lack of completeness is a simple one. Ask yourself, how many Employer Tax Identification Numbers (TIN) does your organization have for your vendors? Think you have 75%? 90%?
Most organizations we have talked with have no more than 60% completed records.
Why and how is this possible?
Some of the culprits are the lack of central databases for procurement records coupled with incomplete forms and the lack of safeguards implemented to set up a vendor (i.e., not begin doing business with a vendor until all required data is received – such as TIN).
Others include the simple fact that a vendor likely notifies the healthcare company of a change in TIN, ownership, address, or other key information by mail along with their invoice. Sometimes this information is not shared by accounts payable to procurement. It might also be faxed in, lost, or hung-up in paperwork backlog.
4 types of common procurement fraud in healthcare:
- Bid-rigging price collusion
- Bribery/kickbacks – false claims and Stark Violations
- False payers – do you know your vendors?
- Lack of checks and balances -separate job responsibilities/approvals
Simple logistical and administrative issues potentially leading to fraud:
- How many hands touch and/or review the procurement selection process and implementation?
- Vetting the Vendor – do you just Google or conduct a background check?
- Is there an audit function to test and catch fraud?
- Do you know if an excluded person owns the vendor? Are they providing managerial services to the vendor?
- Do you conduct business with an employed physician that owns part of a third party vendor you are contracting with?
The Association of Certified Fraud Examiners (ACFE) notes that when more than one person commits procurement fraud, the median loss rises dramatically. “When multiple perpetrators conspire to commit a fraud, this makes it easier to circumvent anti-fraud controls,” according to the AFCE Fraud Report. This makes sense and signals a broader and more elaborate procurement fraud scheme inside your organization.
Solving healthcare vendor procurement fraud is a possibility but involves 4 important ingredients.
- Diligence – Develop and follow a Procurement Compliance Program and implement the proper Policy and Procedures.
- Training – Inform, educate and re-train on the Procurement Compliance Program and Procedures, to all team members.
- Audit – actively test and review your procedures for adherence or abnormalities
- Checks and balances – ensure that required fields are completed and that there are multiple layers of review before a new vendor is accepted.
Do you have more suggestions to add to this list? Let us know in the comment section below!
Written by Michael Rosen, ESQ
ProviderTrust Co-Founder, firstname.lastname@example.org
Michael brings over 20 years of experience founding and leading risk mitigation businesses, receiving numerous accolades such as: Inc Magazine’s Inc 500 Award and Nashville Chamber of Commerce Small Business of the Year
Connect with Michael on Linkedin
This post was originally published December 16, 2014, and has been completely revamped and updated for accuracy and comprehensiveness.