Written by: Joanne Byron, BS, LPN, CCA, CHA, CHCO, CHBS, CHCM, CIFHA, CMDP, COCAS, CORCM, OHCC, ICDCT-CM/PCS
Are you an internal auditor conducting “routine” reviews? Have you ever uncovered erroneous or potentially fraudulent evidence? Once your suspicions have been reported to the Compliance Officer, were you asked to partake in evidence gathering during the investigation? The content of this article is for educational purposes and not intended as consulting or legal advice.
For those of you more experienced auditors, additional training in how to handle evidence during an internal investigation not only advances your career but helps secure evidence that can be used if an actual crime has been committed. I also recommend reading When Healthcare White-Collar Crimes Turn Red, an AIHC blog article from 2021.
Do you need to convince executives that crime is a potential problem for your organization? The Department of Justice (DOJ) posts “News & Noteworthy” cases here.
What Comes to Mind When You Hear the Word “Forensic”?
Most of us think about investigations as seen on television programs, such as “CSI” or “Bones.” Forensic science is a critical element of the criminal justice system – “Forensic scientists examine and analyze evidence from crime scenes and elsewhere to develop objective findings that can assist in the investigation and prosecution of perpetrators of crime or absolve an innocent person from suspicion.”
According to the Merriam-Webster dictionary, the word forensic is defined as the following:
- Belonging to, used in, or suitable to courts of judicature or to public discussion and debate
- Relating to or dealing with the application of scientific knowledge to legal problems
Your auditing and compliance skills become valuable to professional law enforcement, but you need to know what, when and how to handle a situation which could potentially turn into criminal charges against someone within your organization. First, let’s start with prevention.
Is It an Internal or External Investigation?
Internal Investigations are conducted by skilled employees (or a consultant under contract working for the organization) trained to perform specialized audits to gather evidence when there is suspected fraud, abuse or crime. These investigations are typically conducted to gather information sufficient for legal counsel to determine whether an external investigation is warranted by the appropriate authorities. These employees are often referred to as Internal Forensic Auditors or Internal Investigators. For the purpose of this course, we will refer to this position as an Internal Forensic Auditor.
Internal Forensic Auditors report to a Board of Directors, Compliance Officer and/or Audit Committee of the health care organization and typically work under the direction of the organization’s legal counsel.
External Forensic Auditors are independent of the organization they are auditing. They are experts working as an investigator for an accounting or consulting firm, CMS, a police department, the FBI or another agency as described above.
The process of conducting a forensic investigation is, in many ways, similar to the process of conducting an audit, but with some additional considerations. The various stages are briefly described below.
Step 1: Accepting the Investigation
Review information regarding the matter and consider whether you (and your team) have the necessary skills and experience to accept the work.
- Forensic investigations are specialized in nature, and the work requires detailed knowledge of fraud investigation techniques and the legal framework.
- Investigators must also have received training in interview and interrogation techniques and in how to maintain the safe custody of evidence gathered.
- Investigators must be able to address potential conflicts of interest or bias and achieve objectivity.
Step 2: Planning the Investigation
The investigating team must carefully consider what they have been asked to achieve and plan their work accordingly. The objectives of the investigation will include:
- Recognize if there is sufficient evidence to warrant a forensic investigation. If so, then anticipate planning required to achieve the following:
o Identify the type of fraud that has been operating, how long it has been operating for,
and how the fraud has been concealed;
Determine deadlines and timeframes to complete the investigation which may
be driven by regulatory factors;
o Identify the fraudster(s) involved;
o Quantify the financial loss suffered by the organization;
o Gather evidence for potential use in court proceedings;
Identify the type of report format required and record evidence appropriately; and
o Provide advice to prevent the reoccurrence of the fraud.
The investigators should also consider the best way to gather evidence. They may choose the use of computer assisted audit techniques or other various methods appropriate for the situation.
Step 3: Gathering Evidence – Fact Finding
In order to gather detailed evidence, the investigator must understand the specific type of fraud that is suspected. The evidence should be sufficient to ultimately prove the identity of the fraudster(s), the mechanics of the fraud scheme, and the amount of damage or loss suffered by the organization.
It is important that the investigating team is skilled in collecting evidence that can be used in a court case and in keeping a clear and secure chain of custody until the evidence is presented in court. If any evidence is inconclusive, or there are gaps in the chain of custody, then the evidence may be challenged in court or even become inadmissible. Investigators must be alert to documents being falsified, damaged or destroyed by the suspect(s).
“Chain of custody” is defined by Dictionary.com as “the order in which a piece of criminal evidence should be handled by persons investigating a case, specifically, the unbroken trail of accountability that ensures the physical security of samples, data and records in a criminal investigation.” To prove the chain of custody, and ultimately show that the evidence has remained intact, prosecutors generally need internal investigators who can testify:
- That the evidence offered in court is the same evidence they collected or received.
- To the time and date the evidence was received or transferred to another provider.
- That there was no tampering with the item while it was in custody.
Evidence can be gathered using various techniques, including:
- Testing controls to gather evidence which identifies the weaknesses which allowed the fraud to be perpetrated;
- Using analytical procedures to compare trends over time or to provide comparatives between different segments of the business;
- Applying computer assisted audit techniques which may help to identify the timing and location of relevant details being altered in the computer system;
- Discussions and interviews with employees;
- Substantive techniques such as: reconciliations, cash counts and reviews of documentation.
Step 4: Analyzing Data
After evidence and facts have been gathered and recorded, it is time to analyze all the data. The goal of data analysis is to determine if there is a relationship between the independent and dependent variables and to look for patterns within the data.
Recording and organizing data may take different forms depending on the kind of information being collected. The way you collect your data should relate to how you’re planning to analyze and use it. Regardless of what method you decide to use, recording should be done concurrently with data collection if possible, or soon afterwards, so that nothing gets lost and memory doesn’t fade. Some of the things to do with the information collected can include:
- Gather together information from all sources and observations;
- Make photocopies of all recording forms, records, audio or video recordings, and any other collected materials to guard against loss, accidental erasure, or other problems;
- Enter narratives, numbers, and other information into a computer program where they can be arranged and/or worked on in various ways;
- Perform any mathematical or similar operations needed to get quantitative information ready for analysis;
o These could include entering numerical observations into a chart, table, or spreadsheet, or figuring the mean (average), median (midpoint), and/or mode (most frequently occurring) of a set of numbers. - Transcribe (making an exact, word-for-word text version of) the contents of audio or video
recordings; - Code data (translating data), particularly qualitative data that isn’t expressed in numbers, into a form that allows it to be processed by a specific software program or subjected to statistical analysis; and
- Organize data in ways that make it easier to work with. This will depend on your research design and your evaluation questions.
o Consider grouping observations by the dependent variable (indicator of success) they
relate to, by individuals or groups of participants, by time, by activity, etc.
o You might also want to group observations in several different ways so that you can study interactions among different variables.
There are two kinds of data you’re apt to be working with. However, not all evaluations will necessarily include both.
- Quantitative data refers to the information that is collected as, or can be translated into, numbers which can then be displayed and analyzed mathematically.
- Qualitative data can be collected as descriptions, anecdotes, opinions, quotes, interpretations, etc. They are generally not able to be reduced to numbers and/or are considered more valuable or informative if left as narratives.
As you might expect, quantitative and qualitative information need to be analyzed differently. The investigation is likely to lead to legal proceedings against one or several suspects. Therefore, members of the investigative team must be comfortable with appearing in court to explain how the investigation was conducted and how the evidence was gathered.
Step 5: Report Your Findings
Draft the report in an objective manner. Do not draw conclusions, just report the facts. The checklist below summarizes what a typical report should contain:
- Provide a Summary of the Investigation or Case
- Describe the Investigation Plan
- Case Notes – Keep an Investigator Diary
- Information Interview Summaries
- Interview Reports
- Analysis of Investigation
- Conclusion
- Recommendations and Additional Action(s) Required With This Case
- Exhibit Listing - attachments and evidence related to the case
Conclusion
An Ounce of Prevention Is Worth a Pound of Cure – So Learn More About Health Care Crime
A little precaution before a crisis occurs is preferable to a lot of legal complications, “bad press” and huge potential losses afterward. Preventing fraud in your organization starts with not hiring criminals! That might sound ridiculous, but are we really doing everything we should during the hiring phase of employees and contractors?
Most organizations are using the LEIE on the OIG website to screen new hires and conduct monthly verifications. But is this enough?
Unverified employees can put your organization at risk with a dramatic impact on your company’s brand reputation, performance and finances. Screening employees at hire, and periodically during employment, is a must for creating a safe workplace.
Below is a “short list” of screening tactics to consider before extending an offer to a candidate for hire. Be sure to review your procedure with legal counsel or a human resources expert to avoid any potential legal consequences with the U.S. Equal Employment Opportunity Commission (EEOC) related to changing your current hiring practices.
- Criminal background check
- Office of Inspector General (OIG) Exclusions Database check
- Education – verify graduation, degree
- Professional Certifications (check all certifications with the certifying agency – do not accept certificates from the potential employee as proof)
The EEOC has a webpage dedicated to help employers that addresses “Background Checks – What Employers Need to Know.” The information on this page is a joint publication between the EEOC and the Federal Trade Commission or FTC.
When making personnel decisions, which include hiring, retention, promotion, and reassignment, the EEOC states that employers should consider the background of applicants and employees. For example, the EEOC states you may want to consider verifying:
- The person's work history
- Education
- Criminal record (EEOC Q&A) (EEOC Tips for Small businesses) (Arrest and Conviction Records in Employment Best Practices EEOC)
- Financial history (FTC Consumer Reports, Fair Credit Reporting Act and FTC Background screening reports and the FCRA)
- Medical history (EEOC pre-employment medical inquiries)
- Use of social media
Except for certain restrictions related to medical and genetic information (per HIPAA, addressed further on the EEOC website), it's not illegal for an employer to ask questions about an applicant's or employee's background or to require a background check.
AIHC offers training – a “how to” participate in or conduct an internal investigation. The course is offered online with the option to certify (with a professional proctor online). The program is entitled Internal Forensic Auditor. If this course seems too intense, you may want to begin with the Auditing for Compliance online program.