Fraud investigation tips from Deloitte's Mike Little

FierceHealthPayer: Anti-Fraud talked to Michael E. Little (pictured) for expert advice on how special investigations units (SIU) can improve their anti-fraud casework.

Little is a senior manager in the forensic practice of Deloitte Financial Advisory Services, LLP in Philadelphia. He has 35 years of investigative experience focused on fraud in government healthcare programs, white collar crime and internal fraud.

What follows is the first installment of a two-part interview.

FierceHealthPayer: Anti-Fraud: What are some early indicators SIUs can watch for signaling that reports of potential fraud, waste and abuse may become significant or urgent cases?

Mike Little: Assessing allegations early is a challenge, but taking some specific and general steps can help SIUs determine if a case may become a priority. The first specific step is assessing the allegation. What's involved, and what's the scope of the issue? Could it be part of a larger problem or national scheme with the potential for media attention?

Also check if patient safety is at risk. Financial harm at the expense of patients is an area that becomes urgent very quickly. And different case steps are necessary if patient safety issues are involved as opposed to financial issues alone. Are there signs that unlicensed individuals are at work? This can raise questions about your company's credentialing and due diligence processes that affect patient safety.

And lastly, determine if employees from your organization may be implicated. That may cause reputational harm and indicate internal control weaknesses.

But insurers and the federal government can no longer wait for complaints to arrive because often by then there's been significant loss. So SIUs should also take general steps to spot trends and risks. These steps involve knowledge.

First, plug into a healthcare fraud task force. These exist nationwide and include other SIUs and federal and state law enforcers and regulators. These groups are the wave of the future in terms of public and private partnerships. There's a great deal of information shared about what's happening at other companies or in other segments of the community.

Second, participate in larger anti-fraud organizations to discuss trends and best practices and interact with other payers in a learning environment. Third, use data analytics. It's important to have the ability to slice and dice information, to use clustering and link analysis to understand potentially significant cases and trends.

FierceHealthPayer: Anti-Fraud: Can you share some best practices for preserving and storing evidence (particularly medical records) in fraud, waste and abuse investigations?

Mike Little: Understand the sensitivity of records you work with and the requirements of the Health Insurance Portability and Accountability Act (HIPAA). When obtaining documents that contain protected health information (PHI), you need to know who can obtain them, how they can be obtained, how they can be stored and what processes must be used to transfer them.

Look at how electronic records are transferred: Is the encryption sufficient? Is there encryption at all? The answer should be yes, since PHI should always be transmitted in an encrypted, secure state, and the government has requirements for that encryption.

Are records provided on a thumb or disk drive, and if so are those devices encrypted? Where and how are they stored to prevent PHI loss by employees? This is a significant challenge, as is cybertheft of data from corporate storage.

When you obtain information that may be relied on as evidence, it's vital to authenticate the records. Track documents from when they were obtained from their lawful custodian to when they were provided to prosecutors, showing who had access to them at every step along the way.

Document these points: Who obtained the records? When and from whom were they obtained? Where are they being stored? Who has access to them? Who has [already] accessed them? For how long and for what purpose? When were records returned to the [internal storage] location? And ultimately, when were records returned to their original custodian once the investigation concluded?

Information security is important. For hard copy records, know where they're stored and who has access to them. Make sure there's an appropriate evidence locker or cabinet that has limited access in use.

FierceHealthPayer: Anti-Fraud:  You wrote that "interviews may be the most important part of a forensic investigation." Why is that, and how can SIUs improve the effectiveness of their interviewing?

Mike Little: Until you ask questions, you won't know why and how an event occurred. So interview the referral source (if there was one) and then seek out individuals in a position to know what happened. Was it an accident? Was it reckless? Was it part of a pattern? And most importantly, was it intentional?

Records are vital, but they can be lifeless and deceiving. After all, the key to committing a successful fraud is to make everything look legitimate.

Here's an example of the role interviews can play in explaining and dissecting documents that look legitimate but aren't: I investigated an ambulance company whose records showed if a Medicare-approved service was provided. This involved the equipment dispatched.

An inside source told us the company's owner was concerned about being audited. So he told employees how to fill out the forms. There were two boxes on them. One showed that Medicare-approved equipment was used, the other showed use of nonapproved equipment.

The owner told employees that if they didn't need to use approved equipment--if they could get away with using a van instead of an ambulance, for example--they should put an "x" in the place where the form said "ambulance." But if they dispatched an ambulance, they should put a check mark in that box.

Just by looking at the forms, you wouldn't know what the X's and check marks meant.

The thousands of documents we obtained from a search warrant as a result of this information coupled with insider testimony provided powerful evidence of fraud. This resulted in criminal prosecution and a jail sentence for the owner.

Remember that interviews can identify new areas of investigative interest. Always end an interview by asking, "Is there anything we didn't ask you that you think could be significant?"

It's a productive question. One person answered it by saying "Would you like to hear about all the doctors' names we forged on Medicaid forms?" That wasn't a focus of our investigation until then.

Interviewing isn't something people instinctively know. It's a teachable skill requiring experience and practice.

Preparation is key: Know as much as you can about the subject before doing an interview. Focus on what has been learned to date and what you need to learn from an interviewee. Know what documents you want to show them or have them review for you.

Besides getting formal interview training for SIU staff, it's valuable to send out less experienced employees with skilled interviewers to see how it's done and learn on the job.

Editor's Note: This interview segment has been edited and condensed for clarity. Look for part 2 of the interview with Little next week.