Month: April 2020

Heath Care: Outside-the-System Fraud Controls

This is the last in this three part series on the financial harms posed by misuse, abuse and fraud. The last post addressed inside-the-system threats.This post concentrates on outside-the-system threats.

Predation is a different cup of tea than reducing threats posed by trusted billing agents cheating a little bit. Although outside-the-system attacks may involve corrupting trusted billing agents, this is not representative of the medical community at large.

It isn’t what is known that is important about predatory attacks, it’s what isn’t known. Much of the storytelling about healthcare systems’ fraud is sourced from attitudinal surveys. The interesting thing about this, the more this story is told, the more it is believed that attitudes are reality.

Committees’ of the United States Congress picked up on this during the Clinton administration, when exploring fraud in America’s healthcare systems. Experts were quoting a ten percent (10%) loss from predation. The committees recognized no one really knows. It has never been scientifically quantified. And, there is no evidence that the threat of investigation and prosecution is a stand-alone deterrent to fraud. It is little wonder risk managers and business decision makers balk at putting additional resources towards countering fraud, much to the angst of those struggling to control it.

The questions then become, how do you quantity predatory fraud in healthcare systems for making business decisions on resources to put at it, and how do to quantify what is being done is effective?

There is evidence from the problem-oriented policing service delivery model that   situational crime prevention works, when it  engages non-police stakeholders partnering in identifying and tackling root causes of crime.

This model views enforcement as one intervention strategy, applied with other interventions (three to five) closing down crime attractors. The mastery is in isolating recurring patterns and hot spots for which projects can be undertaken and completed in six to nine months. The targeted activity is quantified going in, and outcomes measured for effectiveness in reducing harms. From it grows a body of best practices in a situational health care fraud matrix. The short of the long, learn by doing.

Malcolm Sparrow [J.F. Kennedy School of Government, Harvard]  proposes this problem solving model in his book,  “A License to Steal: How fraud bleeds American’s health care system.” As aneducator of and practitioner of problem-oriented policing, Gregory Saville o/a SafeGrowth can vouch for its effectiveness in reducing crime harms. Regrettably, from all account, the fraud investigations culture in the health care sector has been slow on the uptake.

There are no physical barriers to becoming more effective at reducing predatory financial harms, only mindset barriers.  As Einstein so famously stated, “Insanity is doing the same things over and over again, and expecting different results.”

Health Care Systems: Inside-the-System Billing Abuse Controls

The current experience with COVID-19, reinforces public health and health care as an integral part of our nation’s critical infrastructure. Public and private health care insurance organizations are complex systems.

These organizations are vulnerable to financial harms. This post reviews  “inside-the-system” harms.  Outside-the-system threats will be separately posted. There are times when these threats inter-relate.

Efficient delivery of health care is built on trust that diagnosing physicians/practitioners and other services providers, here-to-after referred to as billing agents, will do the right thing. It is hard to imagine this system working in any other way.

Aggression and cooperation are complex and chaotic to manage. Cheating is everywhere in nature. Administrators should anticipate trusted billing agents cheating a little bit. They should expect cheating to increase if they believe their peers are cheating. The message from behavioral biologists; there is no such thing as “free will” in resisting cheating temptations, and no-more-so that when resilience has been depleted.

If not handled well, controls administrators do more harm than good, first with negative relationships providing rationalizations (excuses) when trusted billing agents are tempted to do bad things. Secondly, if offended cooperation decreases in reducing other types of misuse and abuse, both inside the system (corruption, fraud and workplace sabotage), and from outside the system (beneficiary abuse, enterprise medical crime networks, regional gang activity such as accident benefits and bodily injury claims, and at the top of the predatory food chain – transnational organized crime).

In the late 1970s, Robert Alexrod’s now famous game theory tournaments searched for effective everyday cooperation models. This came out of initial insights learned from playing out Prisoner’s Dilemma. The “tit for tat’ reciprocal cooperation model that emerged was evidenced by behavioral biologists and ethologists observing animals in their natural environments. The ultimate game theory model today is generous (forgiving) tit for tat’. It wins out every time in reciprocal cooperation, game theory modelling.

There are lessons to be learned here on how to develop cooperative relationships with trusted billing agents.

Health Care Systems: Misuse, Abuse & Predatory Fraud Controls

Health care is part of a nation’s critical infrastructure (CI). It is the largest public cash dispensing sector of the United States and Canadian economies. Ten times that of defense. Health care services delivery is an extraordinarily complex system. Within this context, conversation on misuse, abuse and predatory fraud controls must be broken down into smaller ecosystems to make sense of the issues and counter measures.

Definition: Ecosystems are, “living organisms in conjunction with nonliving components of their environment interacting with the system.”  

The United States spends in excess of 17.3% of GDP on health care. It is a complicated vertical system of public and private sector plans, where people falling between the cracks end up uninsured. The result can be physically, emotionally and financially  catastrophic for families. The United States, far and away has the most expensive per capita health care spending in the world. In his book, “A License to steal: How Fraud Bleeds America’s Health Care System”, Harvard University’s Malcolm K. Sparrow dissects the health care delivery system’s defenses from predatory crimes. His recommendations on controls are for most part unheeded across North America.

Canada spends in excess of 10.53 % of GDP on health care benefits and services. Health care spending in Canada is horizontal, with basic care for everyone meeting status and residency requirements. It is topped up by private plans for unregulated services. Increasingly larger portions of provincial funding goes to universal health care, with insidious deregulation of formerly paid publicly services. In Chronic Condition; What Canada’s Health Care System Needs to Be Dragged Into the 21st Century”, Jeffrey Simpson explores the options with a growing problem the Canadian system faces, including cuts to “nonessential” services, tax increases, various types of privatization, and finding savings within health care itself.

The next post in this series concerns inside-the-system financial harms and controls. The third in this series will open up conversation on outside-the-system financial harms and controls.

The Complexity of Uniform Policing

Risk assessment for critical infrastructure assumes uniform police will run at catastrophic and violence events everyone else is running away from. Often they must make time-sensitive judgments on personal and public safety in high anxiety environments.

At the same time, the public and the courts expect uniform police , as primary sensory and verbal information gatherers, to make every judgment and decision rationally and impartially. All this happens in an environment that is often a perfect storm – dealing with their own emotions, while having to deal with the motions of others.

Intuition and time-sensitive judgments draw on prior emotions-laden experiences. The intensity (valence) and influence of these experiences in policing ranges from highly negative to highly positive, which accumulate over a career. In the worst case scenario with highly negative experiences, people end up with Post Traumatic Stress Disorder.

More thought is required on whether uniform police should be recruited for their emotional intelligence (EI) aptitude. More should be known and practiced on what in-service self-awareness and resiliency maintenance training is needed to  mitigate unintended consequences from environments and situational circumstances employers put uniform police in.

About Tranzform-security

This inaugural post introduces tranzform-security. We believe in a dynamic approach to security practice at critical infrastructure (CI). We draws from science in order to extend the boundaries on how we mostly think about security.

Critical infrastructures are ‘complex systems’. The human threats posed to CI manifest in two subcategories. Exogenous [outside the system] threats include acts of terror and other crime attacks by predators. Endogenous [inside the system] threats include technical vulnerabilities arising from human error, occupational fraud, internal theft, corruption, workplace sabotage and workplace violence.

About Complex Systems

“All complex systems, whether they are biological ecosystems like the human body, natural ecosystems like a rain forest, social ecosystems like an open-air market, or socio-technical ecosystems like the global financial system, or the Internet are deeply interlinked. Individual units within these ecosystems are interdependent, each doing its part and relying on the other units to do their part as well. This is neither rare nor difficult, and complex ecosystems abound.  

Bruce Schneier, Liars and Outliers (2012)

Transformative Security Practice

“Transformative security practice”  (TSP) is new language for defining transformation of security as  ‘learning cultures’ (Senge, Peter. ‘The Fifth Discipline: The art and practice of the learning organization’. 1994).

A security learning culture is generative. It is a shift of mindset from ‘business as usual’ to one of wonder, discovery and continuous improvement. It is a new way to think about how organizations perceive and practice security. It is adaptive, putting technology in the hands of the right people, doing the right things, at the right time.

TSP challenges security to move beyond the limitations imposed by reductionist, cause and effect, thinking about solutions. It embraces chaos the comes with humanity. It applies ‘system’s thinking‘ to explore the inter-relatedness between parts in the organization, and how changes to these parts influence the whole.

With TSP, we learn how to motivate employees in playing a vital role in security as primary over technology. We recognize the influence and impact of beliefs, mental models, heuristics bias (mental shortcuts) and affect (emotions) on security.

A Generative Approach to Security

Security is dealing with new realities including acts of terror, transnational enterprise crime, and a post-industrial age uncertainty that is increasing stress and anxiety predicted in 1970 (Toffler, A.  Future Shock).

TSP takes a behavioral and prevention science approach to security. In factors both the feelings of security and the reality of security. It draws on science from multiple disciplines including psychology, neuroscience, social physics, behavioral economics and behavioral biology.

TSP promotes deep cycle learning. It encourages lateral thinking to resolve security problems. It centers around five disciplines for creating a security learning culture :

  1. personal mastery
  2. mental models
  3. shared vision
  4. team learning and
  5. systems thinking delivered in practitioner-based, problem-solving ways.