More fraud investigation tips from Deloitte's Mike Little

This is the second segment of a two-part interview with Michael E. Little (pictured), a senior manager in the forensic practice of Deloitte Financial Advisory Services, LLP in Philadelphia. He has 35 years of investigative experience focused on fraud in government healthcare programs, white collar crime and internal fraud.

In part one of this exclusive interview, Little spoke about early signs of significant fraud cases, evidence preservation and interviewing. Here, he shares additional fraught fighting insights with FierceHealthPayer: Anti-Fraud, including how to handle employee involvement in fraud schemes.

FierceHealthPayer: Anti-Fraud: What are some costly investigative missteps special investigations units should avoid?

Mike Little: One misstep is operating in a siloed environment. Investigative units can be too insular and lack strong working knowledge of the rest of their organization and/or the investigative community at large.

So join anti-fraud task forces. It can also be very helpful to connect with experts in key content areas. Sometimes that's as simple as talking to a knowledgeable clinician about what appears to be a significant allegation, since a nonclinical investigator might not know enough about the issue to ask good questions or know what's significant.

Another mistake is underestimating an allegation's potential to be a major issue. An SIU may not think their company can be the target of a major health insurance fraud. But criminals don't care whom they defraud; they look for weaknesses and ways to take advantage. Just as underestimating allegations is a mistake, SIUs should also be careful of overestimating issues.

Overall, investigating allegations is a skill that comes from knowledge, experience and keeping an open mind about an issue's potential.

FierceHealthPayer: Anti-Fraud: When should SIUs bring legal counsel and other inside or outside experts into a case?

Mike Little: As a general rule, there should be regular contact between the SIU and the general counsel's office. When I was with the government, we would keep our counsel as well as outside prosecutors involved in allegations we were investigating, because there are always legal issues that crop up and need to be resolved. And if you have somebody who's aware of the situation, it makes that process more seamless.

There should be more formal contact, notification and involvement by general counsel when an investigation has the potential for significant impact in terms of monetary loss, reputational damage or newsworthiness.

Often you'll know this in advance if you're working on a task force investigation with other insurance companies and government agents. You'll know if there's going to be an indictment that will be newsworthy. Counsel should be involved in a case like that so they can interact with prosecutors and lawyers for other agencies as needed. This will also keep SIU investigators from making legal decisions that could affect the company later.

Outside resources--attorneys, consultants, clinical or computer experts--can be used if an SIU needs expertise that doesn't reside within their unit or the company. Outside resources can also be helpful if the company decides that circumstances require independent analysis or investigation.

FHPAF: Besides fraud committed by external parties, SIUs may investigate reports of fraud committed by employees of their companies. What are some important considerations for developing these cases?

Little: Internal investigations present different challenges from a routine review of an outside entity or individual. Two keys here are objectivity and confidentiality. Much depends on early indications of the level of employee involvement. Are you talking about claims representatives or salespeople, managers or executives? That makes a difference in how the case proceeds and what you should do.

Then there's the potential scope of employee involvement: Does it appear to be one or two employees or a larger ring of people? The challenge is you won't necessarily know the scope of employee involvement at first, and therefore you need to be careful of how the investigation develops.

Keep the investigation team very tight and limited. Only those with the utmost integrity, discretion and tact should participate. Information needs to be closely held. And in-house and/or outside counsel should be actively involved and know what's happening every step of the way.

You may need outside resources in the area of computer forensics. If you need to image individuals' computer drives without their knowledge, for example, then you need the right legal advice about your authority to do that. But then you also need correct expertise to be able to do it effectively and quickly.

Notification to and involvement of senior management and even the board of directors is key. If these cases turn out to be actual fraud, they almost always become newsworthy, and they carry the potential for great reputational risk. Senior management and the board should be aware of that so they can be prepared for the case becoming public.

Include human resources to ensure the integrity of any administrative actions you must take so someone doesn't take unsupportable action resulting in a negative ruling later.

Lastly, nurture your relationship with law enforcement agencies and prosecutors who might handle the case. Internal investigations I've seen at private insurers have involved agencies such as the FBI, the state insurance fraud bureau and very often either a state or a federal prosecutor. You want to be in a position where your company can be involved in their investigation as a trusted member of the team. That way you'll be aware of significant developments as the investigation progresses, and you'll be able to give good information to your company about the case on a timely basis.

Editor's Note: This interview segment has been edited and condensed for clarity.