This site is intended for health professionals only

Fraud – how can GP practices protect themselves?

19 April 2023

Share this article

Where do fraud risks lie and what can practices do to protect against fraudulent activity through their processes and procedures? Financial crime lawyer Michael Balmer explains

Fraud is a threat all GP practices must be alive to. 

It’s a problem that partners, practice managers and employees think won’t happen to them – but strikes far more often than people may think.  

The financial pressures of the cost-of-living crisis makes it increasingly likely that fraud will occur. In this environment, it’s more important than ever that practices take the time to understand the fraud threats that they face and ensure they are reducing the risks. 

Where do fraud threats come from?

Fraud as a criminal activity involves a person, or people, acting in a dishonest manner with the deliberate intention of misleading someone else. It needs to have been done with the aim of benefiting the perpetrator financially or causing another individual, or organisation, to lose out. 

In very broad terms, it can be helpful to think of fraud, and fraud risk, in three separate categories: 

  1. Fraud by false representation – simply, this is where someone makes an untrue assertion or claim. In a practice setting, this could involve a practice manager falsifying payroll records; patients pretending they’ve lost a prescription form in order to secure unnecessary replacements; or a partner making a false claim for NHS income on the practice’s behalf for activity that was unrelated to patient care. 
  1. Fraud by abuse of position – this is where someone abuses privileges or responsibilities for their personal gain. This could involve a member of practice staff using their position of responsibility to access  computer or banking systems, or prescription pads – which are then used illegally. 
  1. Fraud by failing to disclose – this is where someone fails to disclose information that they would otherwise have to share by law. For example, a team member may withhold information on a job application that would otherwise make them unsuitable for their role. 

This is by no means an exhaustive list. 

Fraud can take many, many forms, which is why thorough preventative action is key. 

Strong, practice-wide, safeguards will help ensure that surgeries are in the strongest position to prevent fraud from happening in the first place, and to quickly catch it when it does occur.  

How can practices protect themselves?

There are a few key things that I recommend to my clients: 

Audit first, improve later 

Firstly, make sure you understand where your risk points are. It sounds simple and obvious to say, but if you don’t know where you’re vulnerable, you’ll be limited in how effectively you can protect yourself.  

Audit your practice’s workflows and processes to identify any particular risks. And, where necessary, make sure that you are putting in place clear policies that are centred on fraud prevention. 

For example, review whether your practice has a clear procedure for how it stores prescription pads at the end of the day. Are they locked away – and if so, who does and can have access to them, at what times, and for how long?  

Focus on the records 

Next, make sure that you’re prioritising thorough record keeping. Closely monitoring practice resources – whether that’s income and outgoings, staff count or patient numbers – will help you spot anomalies and points where data doesn’t add up. 

It’s essential that you don’t just collect the information; you need to regularly review it too. 

A single isolated incident of fraud can be just as damaging as fraud that occurs over long periods of time. Catching any issues early is key. 

Train, train, train 

If you haven’t already, deliver anti-fraud or anti-money laundering training to staff to make sure that they’re aware of the risks and able to help spot the signs. 

If you’ve offered this before, regular refresher sessions are vital to make sure staff are aware of the latest threats and are fully up to date on best practice. 

If you deliver NHS services in England, Wales or Scotland, you may be able to get training support from your Local Counter Fraud Specialist (LCFS). They are accredited counter fraud professionals who have the dual responsibility to raise awareness of fraud and investigate it when it does occur. 

Share duties and responsibilities

Make sure that you have adequate separation of duties, and that there’s strong oversight on workflows.  

By sharing responsibilities for separate parts of processes – for example, making payroll issues  the responsibility of more than one  individual – you reduce the risk that just one person can fully exploit the system. 

In the same vein, consider sharing the responsibility between two senior team members for key checkpoints in processes, such as approving payments. 

Requiring the consent of two people again reduces the chances of a single bad actor being able to abuse a position of trust and responsibility.   

Take a break 

Finally, make sure that practice staff are taking regular holidays. It may sound strange, but it can be a red flag if a team member doesn’t take time off. They may be reluctant to hand over a task, or area of responsibility of another colleague who could discover their fraudulent activity. 

By encouraging staff to take regular time away from the practice, you are naturally circulating responsibilities between team members – again, increasing the opportunity for wrongdoing to be caught. 

What should we do if we think we’ve been a victim of fraud?

If you think you’ve been on the receiving end of fraudulent activity , report any financial impropriety immediately to the authorities rather than try and deal with issues internally. 

You can contact the police, Action Fraud or – if the NHS is in any way a victim of the fraudulent activity (for example, because funding has been inappropriately used) – you should report incidents or suspicions to the NHS Counter Fraud Authority online at

This channel is specifically for fraud where NHS England is the victim. You can report fraud against NHS Scotland using their online reporting form (, or in Northern Ireland online at

You can also report to your nominated Local Counter Fraud Specialist if you are an NHS employee or contracted. 

It’s important that you act quickly. Failing to do so will encourage individuals to continue and increase their illegal activity, and could make you complicit in enabling that behaviour.  

Seeking the support of a legal professional can be valuable at any stage whether you’ve discovered you’ve been defrauded; you’re involved in an investigation into fraud or you’re looking to review and improve your internal policies and procedures.  

Michael Balmer is a partner at national law firm Weightmans. He regularly assists clients – including GP partners and GP practices – facing offences such as (conspiracy to commit) fraud, fraudulent trading, money laundering, bribery and corruption and other regulatory offences.