Since we last last wrote about overcharging by a domiciliary care company – Meritum Intergrated Care LLP, there have been some further developments which customers ought to be aware of. These new developments shed further light on Meritum failings when dealing with clients GDPR & Data Protection rights and billing clients when at Hospital appointments even though due time was given.
In 2019/20 and 2020/21 Meritum Integrated Care invoiced clients via KCC the sum of £5,296,365.
KCC have been aware that Adult Social Care Billing received a limited assurance in the Jan & July 2021, Internal Audit report and that – inadequate controls were in place to meet all the system/service objectives and/or controls were not being consistently applied. Certain weaknesses required immediate management attention as if unresolved they would result in system/ service objectives not being achieved.
Since then we have received the KCC – Meritum contract relating to the supply of Care and Support in the Home Services – Shepway Contract Number: SC18032 dated 23 /04/2019.
The contract clarifies KCC powers to collect information from Meritum and their cloud base system.
Data Protection Act & GDPR
Terry Dafter OBE – KCC Interim Director Adult Social Care (East Kent) has requested a Data Protection & GDPR audit of Meritum to take place via KCCs Information Security team to ensure Meritum’s full compliance with regards the contract and clients rights.
The document (pictured) is a poor excuse of what Meritum are calling a GDPR document given to clients in the service user’s guide.
The document is not fit for purpose. It does not set out clearly and concisely what any clients rights about their information, such as:
Who to contact regarding a Subject Access Request.
Who the data protection officer for the company is.
Nothing about clients Data Protection Rights.
No information regarding who a client can complain to, such as KCC, The Health & Social Care Ombudsman, or the Information Commissioner’s Office.
It’s not known if Meritum have informed the ICO, of their failings.
A more detailed explanation of Meritum’s contractual obligations regarding GDPR can be found at page 208 of the KCC – Meritum contract, which sets out their GDPR responsibilities as per Schedule 20 GDPR of the contract.
The document above is a poor excuse of any Meritum’s clients rights; and is pretending to be something it is not contractually or by law, as it’s dated 10/05/2018. For those of you who might not be aware GDPR law changed on the 25 May 2018.
The people Meritum are caring for Vulnerable, who have more often than not just come out of hospital after a major health incident all their rights must be protected
Furthermore, we are aware there have been other failures by Meritum, such as: good data keeping, not signing the support update plan, failures to follow the housekeeping plans, and a lack of quality control assessments; which we have a considerable audit trail of paperwork.
How then do they overcharge clients for domiciliary care?
Jonathan Idle – Head of Internal Audit at KCC made it clear to the Governance and Audit Committee, held on the 22nd July 2021, that Adult Social Care billing, had received a limited insurance in Jan 2021 and July 2021.
A limited assurance means
Adequate controls are not in place to meet all the system/service objectives and/or controls are not being consistently applied. Certain weaknesses require immediate management attention as if unresolved they may result in system/ service objectives not being achieved.
Clients of domiciliary care tend to need hospital treatment, so receive letters from various hospital departments to attend appointments. Some of them too need to use G4S hospital transport services to get to and from appointments. Obviously they receive letters and book hospital transport, all of which is evidenced.
Now carer’s who attend clients on a daily basis, or less frequently, tend to use something called a PASS app on their phones to take notes and send important medical issues to the companies cloud based system; which must use “military grade encryption” as per the T & Cs of the KCC – Meritum contract.
The Meritum Service User Guide at Chapter Eleven – Social Inclusion Assessment – states:
Client X would like the care workers to chat throughout the call, and sit and chat if time allows.
And client X would more often than not chat to their carers (they did not have dementia) and they to them. Now of course, they would mention they’d got a hospital appointment as it would be a welcome change from sitting at home, so how could the carers not note the client had mentioned a hospital appointment, nor requested permission to take an image of the letter and sent it the cloud?
At page 26 of the KCC – Meritum contract at paragraph 13.10, it states:
The Provider’s Safeguarding Policy shall include safeguarding vulnerable adults and children from any form of abuse or exploitation which includes physical, financial, psychological or sexual abuse, neglect, discriminatory, self-harm, inhuman or degrading treatment through deliberate intent, negligence or ignorance.
As far as we are aware, no client using Meritum’s services have seen site of their safeguarding policy, nor is any such document placed in Meritum’s service user guide. We don’t even know if it exists.
It would be negligent and/or ignorance, if carers failed to note hospital appointments to Meritum’s cloud based system, given they were to chat to Client X the whole time they were present with client x.
As such the threshold for a tort of negligence by Meritum has been achieved as it fulfills the Caparo test
Under the Caparo Test a claimant must establish
1 – That harm was reasonably foreseeable –
2 – That there was a relationship of proximity (closeness)
3 – That it is fair, just and reasonable to impose a duty of care
The other thing to take into account, is the fact, the carers arrive and nobody is at home as Client X is attending their hospital appointment. Now given the carers ring the bell and there is no reply, surely the carers would then follow procedure and contact the next of kin, or named person and ask them if they have knowledge of client x’s whereabouts.
With regards to Meritum, all too often they fail to follow their own procedures when clients are not at home and are attending hospital appointments.
Also, if the carers do not turn up, then they would be aware of the hospital appointment.
So either way, Meritum have failed in their duty of care to the client and also failed to fulfill their safeguarding policy to prevent financial abuse through deliberate intent, negligence or ignorance.
Let’s not forget, in 2019/20 and 2020/21 Meritum Integrated Care invoiced clients, via KCC, the sum of £5,296,365. How much of this was by charging clients who attended hospital appointments, even though they’d given due notice? It’s important to remember Meritum provide domiciliary care services in Folkestone & Hythe, Ashford and Maidstone?
The KCC – Meritum Contract
As we said, we’ve recently received a copy of the KCC – Meritum contract which states At Paragraph 86, page 184:
86.1 – The Council reserves to right to audit the Provider’s Information Security Management System to ensure that it complies fully with ISO27001 to safeguard the confidentiality, integrity and availability of information.
86.2 – The audit may be undertaken by the Council or by an independent third party appointed by the Council.
86.3 – The provider will ensure that their organisation has taken appropriate steps to be compliant with GDPR regulations under the Data Protection Act 2018.
Also at page 40 of the contract, paragraph 35.1 it states:
The Provider shall keep and maintain for the period stipulated in the Contract Particulars, full and accurate records of the Contract including the Services supplied under it, all expenditure reimbursed by the Council, and all payments made by the Council. The Provider shall on request afford the Council or the Council’s representatives such access to those records and any other reasonable data request as may be requested by the Council in connection with the Contract.
So it’s clear KCC can access Meritum’s systems if they request. However, the client cannot access their notes, as there is no procedure or process in place in Meritum’s service user guide given to all clients.
Now we strongly suspect, that all such domicilairy care contracts would state the same as Meritum’s as above. So why aren’t KCC requesting regular access to domiciliary care companies systems to ensure that clients are not suffering “abuse… financially…through deliberate intent, negligence or ignorance, given they to may owe a duty of care to all 18,000 plus clients who receive domicilary care.
Such public evidence – KCC’s limited assurance of Adult Social Care billing; and the fact clients are receiving invoices for care not received as they were at Hospital appointments establishes more than a plausible basis for suspicion of wrongdoing by Meritum in our honest opinion. This is more than a mere allegation; as there is more than a plausible basis for the suspicion. We believe legitimate and serious questions can readily be asked about how Meritum clients have been invoiced for care they could not have received, given the nature and gravity of the financial harm to clients.
Other Audit Trails
It must not be forgotten, there are other audit trails. There are the hospital appointment letters, G4S hospital transport records for clients who use this system, to and from hospital, plus diary entries for when Meritum attended.
Any failure not to note any mention, of any hospital visit/s, by the care workers in their notes/records, on Meritum Cloud based system, would demonstrate, while chatting to client x the whole call through, both negligence and ignorance, given a duty of care was owed to all clients, by Meritum.
It’s clear any failure to note hospital appointments by the care workers would harm any client financially, as they would be billed for care they could not have received. This is reasonably foreseeable. There was a safeguarding duty of care by Meritum, as set out in the KCC – Meritum contract at page 26, point 13.10. It’s self-evident that any reasoanbale person would see it is as fair, just and reasonable to impose a duty of care on Meritum, as they are providing care to clients
1 – Report Meritum & KCC to the Health & Social Care Ombudsman
2 – Report Meritum & KCC to the ICO
3 – Report Meritum & KCC to the FCA
5 – KCC undertake a deep dive Internal Audit Investigation into Meritum and report it to the KCC Goverence & Audit Committee
6 – Meritum use any legitimate powers (including discretionary) to reduce client bills to zero.
From all the evidence available, it’s clear to us, Meritum have failed in their duty of care to clients. As such, it would be right and proper for Meritum to repay all monies owed and inform KCC how much they have overbilled clients, as we all know there is a problem with Adult Social Care billing by domiciliary companies and others.
If you’ve had a problem with overbilling by Meritum, then we’d strongly suggest you contact
We offer Meritum a full right of reply.
The Shepway Vox Team
Dissent is NOT a Crime