Month: April 2020

Heath Care Systems: Outside-the-System Predatory Fraud Controls (3 of 3)

This is the last in this three part series on the financial harms posed by misuse, abuse and predation. The last post explored inside-the-system threats. This post explores outside-the-system threats.

Predation is a different cup of tea than reducing threats posed by trusted billing agents being careless with resources or cheating a little bit. Although outside-the-system attacks may involve corrupted trusted billing agents, this is not representative of the billing agent  community at large.

With automated billing systems, it isn’t what’s known about predatory attacks that is important. It what isn’t known. Tragically, much of the storytelling about healthcare systems’ fraud is sourced from attitudinal surveys. The interesting thing about this, the more this story is told, these attitudes begin to define “reality.”

Committees’ of the United States Congress picked up on health care fraud hyperbole during the Clinton administration; when exploring fraud in America’s healthcare systems. Experts were quoting a ten percent (10%) loss from predation. The Committees response: No one really knows. It was never scientifically quantified. And, there is no evidence that the threat of investigation and prosecution is a stand-alone deterrent to fraud. It is little wonder risk managers and business decision makers balk at putting additional resources towards “countering fraud”, much to the angst of those struggling to control it.

The question then becomes how do you quantity efforts  to counter predatory fraud in order to determine what works and what doesn’t work?

Work has been done in this regard in a different domain. There is evidence from the problem-oriented policing service delivery model that applying situational crime prevention works; when it engages non-police stakeholders partnering in identifying and tackling root causes of crime. Traditionally this has been more the domain of uniform division in policing than in the investigations divisions. Efforts to introduce this harms reduction model to criminal fraud investigations teams servicing the health care sector fell short.

This model views “law enforcement” as one intervention strategy to be applied with other interventions (three to five) to remove crime attractors. Mastery comes in isolating recurring outlier patterns and hot spots for which projects can be undertaken and completed in six to nine months. The targeted activity is quantified going in, and outcomes measured for effectiveness in reducing harms. From it will grow a body of best practices leading to a situational health care fraud matrix. The short of the long; learning from doing.

Malcolm Sparrow J.F. Kennedy School of Government, Harvard]  proposed this problem solving model in his book,  “A License to Steal: How fraud bleeds American’s health care system.” As an educator of and practitioner of problem-oriented policing, Gregory Saville o/a SafeGrowth vouches for its effectiveness in reducing crime harms. Regrettably, the fraud investigations culture in the health care sector appears to be slow on the uptake.

In summary, from our research of privacy acts and case law defining how information may shared and used between insurers, and between insurers with police, there are no legal barriers to becoming more inter-agency cooperative in reducing predatory financial harms when following the procedures outline in our laws, only mindset barriers.

Health Care Systems: Inside-the-System Billing Abuse Controls (2 of 3)

This is the second of a three part series of articles addressing misuse, abuse and predatory practices causing financial harms to health care systems.

This post explores inside-the-system financial harms.  The third in this series will review “outside-the-system” harms.

The reference to “systems” is important.  Becoming effective and controlling financial harms will require a system dynamics and systems thinking approach. This is the world of nonlinearity and developing anti-abuse/misuse and predation of systems learning cultures.  The tools for mitigating these two different types of harms are not that same; while and at same time cannot be considered separately. The stuff of complex systems thinking requires deep understanding the relationship between parts.

Efficient delivery of health care is built on trust that diagnosing physicians/practitioners and other services providers, here-to-after referred to as trusted billing agents, will do the right thing. It is hard to imagine this system working in any other way. This requires faith in an effective cooperation model.

Reciprocal cooperation (altruism) models are complex and chaotic. Cheating is everywhere in nature. Administrators must expect trusted billing agents to cheat a little bit. They should expect cheating to increase if trusted billing agents believe their peers are cheating. When people are reminded of their morality close to the time of a temptation, cheating is shown to goe down. The message from behavioral biologists; there is no such thing as “free will” in resisting cheating temptations, and no-more-so than when trust and resilience are depleted.

If not handled well, controls administrators can do more harm than good. Negative business  relationships provide rationalizations (excuses) when trusted billing agents are tempted to do bad things. Secondly, when offended cooperation decreases in reducing other types of misuse and abuse, both inside the system (corruption, fraud and workplace sabotage), and from outside the system (beneficiary abuse, enterprise medical crime networks, regional gang activity such as accident benefits and bodily injury claims, and at the top of the predatory food chain – transnational organized crime).

In the late 1970s, Robert Alexrod’s now famous game theory tournaments researched cooperation models. This came out of initial insights learned from playing out Prisoner’s Dilemma. The “tit for tat’ reciprocal cooperation model that emerged was evidenced by behavioral biologists and ethologists observing animals in their natural environments. The ultimate game theory model today is generous (forgiving) tit for tat’. It wins out every time in reciprocal cooperation, game theory modelling.

Perhaps there are lessons to be learned from nature on how to develop cooperative relationships with trusted billing agents.

Health Care Systems: Misuse, Abuse & Predatory Fraud Controls (1 of 3)

Health care is an integral part of a nation’s critical infrastructure (CI). It is the largest public cash dispensing sector in the United States and Canadian economies. Ten times that of defense. Health care services delivery is an extraordinarily complex system. Within this context, conversation on misuse, abuse and predation (fraud) controls must be broken down into smaller ecosystems to make sense of the issues and to deploy effective counter measures.

Definition: Ecosystems are, “living organisms in conjunction with nonliving components of their environment interacting with the system.”  

This is the first of three blog posts addressing human cheating and predatory practices causing financial harms to health care systems.

The United States spends in excess of 17.3% of GDP on health care. It is a complicated vertical system of public and private sector plans. People falling between the cracks end up uninsured. The result can be physically, emotionally and financially  catastrophic for families.

Far and way, the United States has the most expensive per capita health care spending in the world. In his book, “A License to steal: How Fraud Bleeds America’s Health Care System”, Harvard University’s Malcolm K. Sparrow explored health care delivery system’s defenses against predatory attacks and made recommendations on fraud specific controls that are for most part ignored.

Canada spends in excess of 10.53 % of GDP on health care benefits and services. The Canadian system is more horizontal; with basic care for everyone meeting status and residency requirements. It is topped up by private plans for unregulated services, Some costs are also absorbed by the property and casualty insurance industry in the case of injury related accidents. Although Sparrow’s work was introduced at a conference held by former Canadian Health Care Anti-Fraud Association, it pretty much goes unheeded by the health care industry’s replacement, the Canadian Life and Health Insurance Association.

Increasingly larger portions of provincial budgets is fueling subtle deregulation of formerly paid for public services in Canada. In Chronic Condition; What Canada’s Health Care System Needs to Be Dragged Into the 21st Century”, Jeffrey Simpson explores the options with a growing problem the Canadian system faces; including cuts to “nonessential” services, tax increases, various types of privatization, and finding savings within health care itself.

The next post in this series explores inside-the-system financial harms and controls. The third in this series looks out outside-the-system financial harms and controls. The distinction between these two types of harms and controls is too often poorly defined.

The Complexity of Uniform Policing

Risk assessment for critical infrastructure assumes uniform police will run at catastrophic and violence events everyone else is running away from. Often they must make time-sensitive judgments on personal and public safety in high anxiety environments.

At the same time, the public and the courts expect uniform police , as primary sensory and verbal information gatherers, to make every judgment and decision rationally and impartially. All this happens in an environment that is often a perfect storm – dealing with their own emotions, while having to deal with the motions of others.

Intuition and time-sensitive judgments draw on prior emotions-laden experiences. The intensity (valence) and influence of these experiences in policing ranges from highly negative to highly positive, which accumulate over a career. In the worst case scenario with highly negative experiences, people end up with Post Traumatic Stress Disorder.

More thought is required on whether uniform police should be recruited for their emotional intelligence (EI) aptitude. More should be known and practiced on what in-service self-awareness and resiliency maintenance training is needed to  mitigate unintended consequences from environments and situational circumstances employers put uniform police in.

About Tranzform-security

This inaugural post introduces tranzform-security. We believe in a dynamic approach to security practice at critical infrastructure (CI). We draws from science in order to extend the boundaries on how we mostly think about security.

Critical infrastructures are ‘complex systems’. The human threats posed to CI manifest in two subcategories. Exogenous [outside the system] threats include acts of terror and other crime attacks by predators. Endogenous [inside the system] threats include technical vulnerabilities arising from human error, occupational fraud, internal theft, corruption, workplace sabotage and workplace violence.

About Complex Systems

“All complex systems, whether they are biological ecosystems like the human body, natural ecosystems like a rain forest, social ecosystems like an open-air market, or socio-technical ecosystems like the global financial system, or the Internet are deeply interlinked. Individual units within these ecosystems are interdependent, each doing its part and relying on the other units to do their part as well. This is neither rare nor difficult, and complex ecosystems abound.  

Bruce Schneier, Liars and Outliers (2012)

Transformative Security Practice

“Transformative security practice”  (TSP) is new language for defining transformation of security as  ‘learning cultures’ (Senge, Peter. ‘The Fifth Discipline: The art and practice of the learning organization’. 1994).

A security learning culture is generative. It is a shift of mindset from ‘business as usual’ to one of wonder, discovery and continuous improvement. It is a new way to think about how organizations perceive and practice security. It is adaptive, putting technology in the hands of the right people, doing the right things, at the right time.

TSP challenges security to move beyond the limitations imposed by reductionist, cause and effect, thinking about solutions. It embraces chaos the comes with humanity. It applies ‘system’s thinking‘ to explore the inter-relatedness between parts in the organization, and how changes to these parts influence the whole.

With TSP, we learn how to motivate employees in playing a vital role in security as primary over technology. We recognize the influence and impact of beliefs, mental models, heuristics bias (mental shortcuts) and affect (emotions) on security.

A Generative Approach to Security

Security is dealing with new realities including acts of terror, transnational enterprise crime, and a post-industrial age uncertainty that is increasing stress and anxiety predicted in 1970 (Toffler, A.  Future Shock).

TSP takes a behavioral and prevention science approach to security. In factors both the feelings of security and the reality of security. It draws on science from multiple disciplines including psychology, neuroscience, social physics, behavioral economics and behavioral biology.

TSP promotes deep cycle learning. It encourages lateral thinking to resolve security problems. It centers around five disciplines for creating a security learning culture :

  1. personal mastery
  2. mental models
  3. shared vision
  4. team learning and
  5. systems thinking delivered in practitioner-based, problem-solving ways.