New resource helps Victoria's public health sector address fraud and corruption risks

Judy SutherlandJudy Sutherland, Assistant Director Policy, Projects and Strategy, DHHS

Andrew Crow Director, Rural and Regional Health, DHHS

The Department of Health and Human Services (DHHS) in partnership with the Australian Centre for Healthcare Governance has developed a new resource to help reduce fraud and corruption in the publicly funded health sector.

In this issue of IBAC Insights Andrew Crow Director, Rural and Regional Health and Judy Sutherland, Assistant Director Policy, Projects and Strategy at DHHS explain the Integrity Governance Framework and Assessment Tool and how it will help Victoria's health sector address fraud and corruption risks.

What is the Integrity Governance Framework and Assessment Tool?

In June 2019 we launched the DHHS Integrity Governance Framework and Assessment Tool. The framework and tool serves as a guide to strengthen integrity culture and reduce the likelihood of fraud and corruption in Victoria's health service organisations. It readily adapts to the needs, capability and resources of health services regardless of their size.

Since its launch, the framework and tool has been distributed to all public health services and public hospitals throughout Victoria. Health services will use the framework and tool to assess their current integrity risks in the coming months and present their findings, and prevention and monitoring action plans to the department in early 2020. 

The framework and tool draws on a contemporary risk management approach to assess business and service delivery across three lines of defence where integrity risks are assessed at the staff, management and executive/board levels. This approach emphasises the importance of preventative systems and strategies across the whole organisation.

The framework and tool has three main components:

  1. The framework allows health services to assess integrity management practices for employment principles, procurement, finance, and governance.
  2. The self-assessment tool can be used by both board and management to provide assurance integrity risk is regularly assessed, and policy and practice improvements are regularly made. The assessment tool auto-populates responses on an integrity map to provide an overall view and spread of local integrity controls and systems for health services. The map will provide a snapshot to highlight gaps or vulnerabilities in integrity practice and inform the area of focus and priority for actions to strengthen and embed a positive integrity culture and lift capability to prevent fraud and corruption.
  3. The action plan allows health services to identify their priority areas, required actions and areas of responsibility in a format that allows easy reporting so improvement actions can be easily monitored.

What led to its development?

Publicly funded health services need to be delivered in a responsible and ethical manner that delivers value for money. While most staff in Victoria's health sector do the right thing, there have been some instances where individuals have exploited vulnerabilities, resulting in health services being exposed to instances of fraud and corruption.

For example, IBAC's Operation Liverpool investigation into the conduct by two officers of Bendigo Health identified organisational and systemic corruption vulnerabilities that facilitated this conduct. The investigation found one employee took Bendigo Health property and circumvented procurement controls for the benefit of himself and certain contractors. The other employee was found to have engaged in conduct contrary to the Victorian Public Sector Code of Conduct.

As the steward of Victoria's public health system, it is the role of the DHHS to ensure health services are managing these risks appropriately. This includes supporting health services to identify and use the right tools to manage integrity risks and promote better practice across the sector. Operation Liverpool and its subsequent findings were an opportunity for the DHHS to consider how to best support health services identify and manage integrity related risks. Responding to the investigation's findings, we wanted to develop a tool that would help health services identify and manage integrity related risks and vulnerabilities and improve practice across the sector.

How did you develop the framework and tool?

The Victorian public health services sector is made up of 83 health services varying greatly in size and complexity. As such, effective management of integrity risks can be quite variable. Additionally, the hospitals already face a significant amount of compliance as part of their everyday work and we didn't want to add an additional requirement that may not address the core issue.

To ensure the best possible outcome, we engaged the Australian Centre for Health Care Governance (ACHG), to develop the framework and assessment tool. ACHG undertook a review of best practice fraud and corruption controls, looking beyond just the health sector, and consulted with Victorian health services to identify their specific needs. Feedback from early user testing also allowed further development of the framework and tool to ensure it was able to meet the sector's needs.

The ACHG consulted across Victorian public health services in the second half of 2018. This included small workshops attended by more than 25 health service executives on current practice and needs, an integrity systems questionnaire, with the 36 responses ranging from large metropolitan to small rural health services, and three 'deep dive' sessions that allowed greater insight into seeing policy in practice.

The feedback from these processes was used to develop an early draft of the framework and tool, with user testing identifying improvements that were incorporated into the final product.

What would you say are the chief innovations of this framework and tool?

The framework and tool consolidates and streamlines the large quantity of compliance and best practice materials available to health services in managing risk. Developing policies is one aspect of managing risk, however implementing these into practice and ensuring the actions of individuals are in line with these policies can be challenging. This is where the framework and tool's theme of shared responsibility in managing these risks is an important difference. It is not solely the responsibility of a board member or CEO to ensure an entity operates with a strong integrity governance, it is everyone’s responsibility. Demonstrating this requirement through the framework and tool is a key point of difference.

The level of consultation across health services of different sizes also means the framework and tool is scalable for different services, rather than applying a 'one size fits all' approach. Victoria's public health services vary enormously in size and complexity; some metropolitan hospitals have annual revenue of more than a billion dollars with extensive corporate structures to support this, while some small rural hospitals may have a turnover of a few million dollars and have one or two executive positions. The framework and tool allows services to consider the areas of vulnerability in the context of their own organisation.

The assessment and action plan are easy to understand visualisations of where an organisation's key vulnerabilities may lie. It allows management and boards to assess these risks and develop strategies to address these challenges.

While the framework and tool has been developed in consultation with Victorian public health services, there is applicability beyond this with similar risks evident in other public, private not-for-profit health and community service organisations.

How are you raising awareness of the tool across public health services?

The rollout of the framework and tool formally commenced in June 2019 with its release to Victorian health services, and presentations and discussions were included as part of recent CEO meetings. Similar sessions will also be held with health service boards of directors in the coming months. Integrity risk management will also form part of the department’s monitoring of health service performance, with inclusion on upcoming performance meeting agendas.

The framework and tool is available on the department’s website and supported by a fact sheet and frequently asked questions that will be continuously updated as feedback is received.

The ACHG and Victorian Healthcare Association also host these materials on their websites.

What happens if a public health service does an assessment and identifies issues?

If a health service identifies vulnerabilities in their current practice, it should consider what processes need to be developed to address these, using the assessment tool for guidance on suggested improvements. The action plan would then be updated to identify these actions, timelines for when they will be completed and who is responsible. The action plan allows easy reporting and monitoring of progress to an organisation's executive and board of directors. Management of integrity risk involves continuous improvement; health services are expected to periodically assess their capability and measure their improvements over time.

If when reviewing existing practices health services identify suspected instances of fraud and corruption, health services are required to report incidents to:

  • the Independent Broad-Based Anti-Corruption Commission (IBAC)
  • the Department of Health of Human Services.

In some circumstances, health services may also have reporting requirements to:

  • Victoria Police
  • Minister for Health
  • Victorian Auditor-General's Office.

The manager of the department's Corporate Integrity Unit can assist health services determine their reporting obligations depending on the circumstances of the suspected incident.

We hope health services managers and Boards will use this framework and tool to easily assess and strengthen their current practices in managing all forms of integrity related risk across all levels of their organisation.

Health services need to proactively address the types of integrity risks all organisations are faced with, build better understanding of these challenges and educating people to see the important role every health sector employee plays in managing integrity risk.