A hospital system employee has confessed to stealing more than US$9 million from the Memorial Hermann Healthcare System through a fraudulent billing scheme, the
Houston Chronicle reports. U.S. federal prosecutors say Kenneth Wild II, who managed the hospital's printing services division, submitted more than 200 fake invoices to the hospital for printing and data services that were payable to a company, Digital Designs. Wild, a former felon and disbarred attorney, began submitting fake invoices in February 2001, shortly after he was promoted to division manager. According to the federal complaint, the hospital's chief audit and compliance officer received an anonymous tip in March that the Digital Designs payments were to a "ghost account." After hospital officials discovered there was no evidence of work by that company, the U.S. Attorney's Office and U.S. postal inspectors opened an investigation, which uncovered that Wild had deposited checks from the hospital in a Digital Designs bank account that he controlled. Prosecutors confronted Wild upon his return from a trip to Europe. He faces up to 20 years in prison for mail fraud.
This story presents a mixed picture of lessons learned. Memorial Herrmann's management have clearly acknowledged the need to improve and follow through on a more ethically and anti-fraud focused culture and regime, but are the related actions taken by the organization enough?
- On the positive side, the hospital system's recently established (July 2014) standards of conduct include numerous requirements that, if monitored rigorously for compliance, could help it prevent and detect employee fraud instances such as those in this story. Two of these requirements are worth mentioning as practices that internal auditors can recommend for their organizations:
Conflicts of interest in human resources (HR) hiring. "We are resolute in our intention to not employ a person to be supervised by, or to supervise, another member of the person's family unless the situation is warranted by special circumstances. In such situations, special oversight will be arranged so that a conflict of interest does not occur between family members with respect to their Memorial Hermann duties," the standards of conduct note on pg. 12. One could reasonably expect that such a policy, if followed, would prevent hiring a known felon to work for his mother, which occurred in this story.
- Protection of anonymity and a nonretaliation clause for compliance violation reporting. "Employees, volunteers, contractors, medical staff, and anyone else engaged in work at Memorial Hermann should be able to ask questions, seek clarification, and report potential or actual noncompliance without fear of retaliation. Similarly, health plan members should be able to report concerns about plan administration or suspected fraud, waste, or abuse without fear of retaliation. No disciplinary action or retaliation will be taken against you when you report a compliance issue in good faith, meaning you believe the information you are reporting is true. We value and respect the dignity of the individual; therefore, you will be treated fairly and with respect," the standards state on pg. 22.
Less evident, however, is the degree to which the organization has made progress in systematically strengthening internal controls over its HR recruitment policies and practices, particularly to address the need for increased scrutiny of both prospective and ongoing employee background and reference checks. Psychological and other related testing has become a crucial element in preventing potential employee noncompliance and fraud, as fraud from within continues to grow. Of course, such measures must be balanced by respect for individual privacy and caveats around the validity of such testing.
Integrity tests, both overt (i.e., asking a subject directly about his or her honesty, criminal history, attitudes toward drug use, thefts by other people, and general questions that show integrity), and personality-oriented (i.e., assessing personality characteristics that have been shown to relate to counterproductive work behavior, such as dependability, social conformity, thrill seeking, and conscientiousness) have existed for many years. Recent updates of these techniques by universities, business associations, and hiring firms reflect current technological trends, diverse work environments, and organizational culture in integrity testing.
Finally, there is the serious question of how much the organization has learned from the substantial and long-running billing fraud involved in this case. It took an anonymous tipster to identify the issue that had been going on for more than a decade. But the organization's senior management, including its chief audit and compliance officer, must bear some responsibility for gaps in oversight and periodic and penetrating audit work that, if appropriately conducted, may have uncovered this fraudulent billing activity. There were more than 200 fake invoices involved over the years — none of these seem to have been examined closely enough to detect the fact that there were no services provided. Internal auditors can refer to a mountain of documented cases of billing fraud, including many in the health-care industry. If an organization thinks "it can't happen here," it is mistaken.