The Trust

The NHS Counter Fraud Service

The NHS Counter Fraud Authority (NHS CFA) is a special health authority tasked to lead the fight against fraud, bribery and corruption in the NHS. This releases valuable resources for patient care and services.
 
The NHSCFA's five main objectives for 2017-2020 are to:

  1. Deliver the Department of Health and Social Care strategy, vision and strategic plan and lead counter fraud activity in the NHS in England
  2. Be the single expert intelligence led organisation providing a centralised investigation capacity for complex economic crime matters in the NHS
  3. Lead and influence the improvement of standards in counter fraud work across the NHS
  4. Take the lead in and encourage fraud reporting across the NHS and wider health group
  5. Continue to develop the expertise of staff working for the NHS CFA.
Counter fraud

Each NHS trust in England and local health board in Wales has a Local Counter Fraud Specialist (LCFS) assigned to it. LCFSs are supported by staff in the NHS Counter Fraud Authority.

Our services

The NHS CFA is a centre of excellence employing specialists in intelligence, fraud prevention, computer forensics, fraud investigation, financial investigation, data analysis and communications and provides a range of specialised services to tackle NHS fraud. More detail is illustrated below:

Intelligence

As an intelligence-led organisation, we use a wide range of information to build a more accurate picture of the fraud risks facing the NHS, to inform preventative action and to support investigations.

Investigations

We investigate the most serious, complex and high-profile cases of fraud, and work closely with the police and the Crown Prosecution Service to bring offenders to justice. Our specialist financial investigators have powers to recover NHS money lost to fraud, and we have a forensic computing team who collect and analyse digital evidence.

Fraud prevention

We develop a range of targeted fraud prevention solutions to address identified fraud risks. This may include reviewing and redesigning whole systems or developing tailored guidance or other solutions.

Standards

We set standards for counter fraud work across the NHS. We assess commissioners and providers of NHS services for compliance with the standards through our quality assurance programme.

Communications

By raising awareness of fraud against the NHS and publicising the work of the NHSCFA, we encourage NHS staff, other stakeholders and the public to join the fight against NHS fraud.

Digitalisation and technology

We strive to be a digital by default organisation, using technology to make our work quicker, smarter and more data-driven.

Information analytics

We use complex algorithms and data mining tools as a means to identify both normal behaviour and outliers in NHS data, within which fraudulent behaviour can be found. The resulting analyses are used to support ongoing investigations as well as inform the intelligence picture and guide fraud prevention steps.

Local Counter Fraud Specialists

 

At a local level, LCFSs are responsible for the delivery of counter fraud work within NHS health bodies. Strengthening the anti-fraud culture is a major part of their work. On a day-to-day basis, this work includes:

  • Developing and maintaining close working relationships with all relevant parties, including the NHS CFA and its internal and external stakeholders, and the health body’s internal and external audit functions.
  • Delivering presentations and other counter fraud communications to a range of audiences, including staff and professional groups

How can I report a fraud (or suspected fraud) taking place in the NHS?

 

  • Call the NHS fraud and corruption reporting line on freephone 0800 028 40 60. Service operated by Crimestoppers.
  • Contact the anti-fraud specialist for East Cheshire NHS Trust, Roger Causer on 0151 285 4675 or mobile 0776 8131 806 or via email: causer@miaa.nhs.uk  or roger.causer@nhs.net
  • Fill in the online fraud reporting form at reportnhsfraud.nhs.uk

Fair processing notice for NFI 20/21

Purpose

The Cabinet Office conducts data matching exercises to assist in the prevention and detection of fraud. This is one of the ways in which the Minister for the Cabinet Office takes responsibility within government for public sector efficiency and reform.

Data matching involves comparing sets of data, such as the payroll or benefits records of a body, against other records held by the same or another body to see how far they match. The data is usually personal information. The data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency that requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

The processing of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under its powers in Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under data protection legislation or the GDPR.

All bodies participating in the Cabinet Office’s data matching exercises receive a report of matches that they should investigate, so as to detect instances of fraud, over- or under-payments and other errors, to take remedial action and update their records accordingly.

Legal basis of processing

The legal basis for processing your personal data is that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

The National Fraud Initiative is conducted using the data matching powers bestowed on the Minister for the Cabinet Office by Part 6 of the Local Audit and Accountability Act 2014 (LAAA).

Under the LAAA legislation

The Cabinet Office may carry out data matching exercises for the purpose of assisting in the prevention and detection of fraud.

The Cabinet Office may require certain bodies (as set out in the Act) to provide data for data matching exercises

Bodies may participate in its data matching exercises on a voluntary basis where the Cabinet Office considers it appropriate. Where they do so, the Act states that there is no breach of confidentiality and generally removes other restrictions in providing the data to the Cabinet Office. The requirements of the data protection legislation, however, continue to apply, so data cannot be voluntarily provided if to do so would be a breach of data protection legislation. In addition sharing of patient data on a voluntary basis is prohibited.

The Cabinet Office may disclose the results of data matching exercises where this assists in the prevention and detection of fraud, including disclosure to bodies that have provided the data and to auditors that it appoints as well as in pursuance of a duty under an enactment.

The Cabinet Office may disclose both data provided for data matching and the results of data matching to the Auditor General for Wales, the Comptroller and Auditor General for Northern Ireland, the Auditor General for Scotland, the Accounts Commission for Scotland and Audit Scotland, for the purposes of preventing and detecting fraud.

Wrongful disclosure of data obtained for the purposes of data matching by any person is a criminal offence. A person found guilty of the offence is liable on summary conviction to a fine not exceeding level 5 on the standard scale.

The Cabinet Office may charge a fee to a body participating in a data matching exercise and must set a scale of fees for bodies required to participate.

The Cabinet Office must prepare and publish a Code of Practice. All bodies conducting or participating in its data matching exercises, including the Cabinet Office itself, must have regard to the Code.

The Cabinet Office may report publicly on its data matching activities.

Sensitive personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

The legal basis for processing your sensitive personal data is that it is necessary for reasons of substantial public interest for the exercise of a function of the Crown, a Minister of the Crown, or a government department.

The Cabinet Office conducts data matching exercises to assist in the prevention and detection of fraud. The processing of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under its powers in Part 6 of the Local Audit and Accountability Act 2014.

The Cabinet Office’s legal basis for processing your criminal convictions data is paragraphs 6 and 10 of schedule 1 to the Data Protection Act 2018.

Bodies required to provide or which volunteer data for matching

  • district and county councils
  • London and metropolitan boroughs
  • unitary authorities
  • police authorities
  • fire and rescue authorities
  • pension authorities
  • NHS Trusts and strategic health authorities
  • Foundation Trusts
  • Clinical Commissioning Groups
  • passenger transport authorities
  • passenger transport executives
  • waste authorities
  • Greater London Authority and its functional bodies

 

In addition, the following bodies provide data to the Cabinet Office for matching on a voluntary basis:

  • Private sector pension schemes (various)
  • Home Office
  • Metropolitan Police – Operation Amberhill
  • Special health authorities
  • Housing associations
  • Probation authorities
  • National park authorities
  • Central government pensions schemes
  • Insurance Fraud Bureau
  • Central government departments
  • Other private organisations/companies/credit reference agencies

 

The data that is matched and the reasons for matching it

For information summarising the various match types for each particular type of participating organisation and the purpose of the matching please refer to the document NFI match types per participating body.

 

Code of data matching practice

Data matching by the Cabinet Office is subject to a code of practice.

Further information

View more information about the Cabinet Office data matching exercises. You can also read national reports on the NFI published by the Cabinet Office.

Contact details

The data controller for your personal data is the Cabinet Office. The contact details for the data controller are:

Cabinet Office
70 Whitehall
London
SW1A 2AS

Telephone: 0207 276 1234
publiccorrespondence@cabinetoffice.gov.uk

The contact details for the data controller’s Data Protection Officer (DPO) are:

Stephen Jones

DPO

Cabinet Office

70 Whitehall

London

SW1A 2AS

 

Email: dpo@cabinetoffice.gov.uk

How can I report a fraud (or suspected fraud) taking place in the NHS?

  • Call the NHS fraud and corruption reporting line on freephone 0800 028 40 60.Lines are open 8.00am–6.00pm Monday to Friday.
  • Contact the anti-fraud specialist for East Cheshire NHS Trust, Roger Causer on 0151 285 4675 or roger.causer@miaa.nhs.uk
  • Fill in the online fraud reporting form at www.reportnhsfraud.nhs.uk

Internal Links

External Links

Downloads