Authorised officers of the NHS Counter Fraud and Security Management Service have the power under part 10 of the NHS Act 2006 to compel NHS bodies and their contractors to produce documents needed to detect and investigate fraud affecting or against the NHS.
A code of practice was issued this April setting out practical guidance for those requesting and producing the documents, providing reassurance to NHS bodies of the procedures to be followed.
Documents are defined as anything in which information of any description is recorded, including medical records, x-rays and all electronic data.
A similar code of practice has been published for Wales.
What do you need to know?
1. A written notice must be served on an "accountable" person with day-to-day or overall responsibility for the documents - usually a senior manager. A meeting date and time for producing the documents will be agreed by telephone first unless the documents need to be produced immediately. You will need to check that the notice provides complete and appropriate authorisation and seek evidence of the authorised officer's authority.
The documents should be produced during normal working hours, but it is not considered appropriate for patient care to be interrupted. It is reasonable to wait until the end of a clinic.
An extension of time can be agreed if reasonable and it will not affect the investigation, for example if senior manager or legal advice needs to be sought.
2. The fraud service may remove the original documents and may request an explanation of them. You can ask for a copy of the documents to be made. If this is considered reasonable (for example, if there is a legitimate business need for them), then copies should be made on site. Similarly, forensic specialists will attempt to access electronically stored information without removing the equipment.
A written list of the documents removed should be provided to you, indicating which documents have been copied and left with you.
Legal professional privileged documents should not be required to be produced.
3. Safeguards have been introduced to protect personal records, such as medical records. A designated officer of the counter fraud service must authorise any demand for such records. Patient consent will be obtained where appropriate and records suitably anonymised. A clinical specialist will provide assistance where there are a large number of patient records but only limited entries will be of relevance, such as an investigation into a GP practice.
4.Requests for documents must be treated seriously. Failure to produce the requested documents could result in a formal interview under caution. Giving a knowingly false or misleading statement could be an offence.
5.Any complaints about the conduct of an authorised officer should be addressed to the head of business support and communications at the counter fraud service.
The counter fraud service has a statutory power to access documents that overrides the Data Protection Act 1998. Objection to disclosure cannot be made on this basis or for confidentiality reasons.
Individual employment contracts or policies will not need to be altered, but care will need to be taken concerning the interaction with internal proceedings.
The new code of practice should be publicised to all staff and patients so they know their information may be required/used. Consideration should also be given to amending access to health records and associated policies.
For more information, visit www.hilldickinson.com
No comments yet