Here is something no one likes to think about, much less admit: a trusted employee embezzled money from your practice, possibly for years! Medical practice embezzlement, a type of occupational fraud, is not uncommon in this country. Unfortunately, there are really no accurate statistics on the frequency at which physician practices suffer embezzlement. But we do know a few things about this type of fraud among businesses in general.
In this Article …
Some Statistics on Employee Theft
In its Occupational Fraud 2022: a Report to the Nations, the Association of Certified Fraud Examiners recounted several findings. According to the Association:
- Businesses lose on average 5% of revenue to fraud each year, with a median loss of $117,000 per case;
- Forty-two percent of frauds were detected by tips, made via email or other digital reporting;
- Line staff members committed almost 80% of fraud, with an average of $50,000 in losses;
- Fraud by Office Managers was less common, but accounted for the highest money financial losses;
- Nearly half of the cases occurred due to a lack of internal controls or overriding of internal controls;
- And of course, 81% of victims modified their anti-fraud controls following the fraud.
Common Types of Employee Embezzlement in Medical Practices
Sadly, employees find many ways to embezzle money from small practices and large medical groups. Let’s look at some of the most common ways.
- Employees find many ways to steal cash from medical practices. This can occur at locations like the front desk where cash received goes astray. More elaborate embezzlement schemes involve diverting payments received through the billing and accounts receivable process. And petty cash funds not subject to rigorous accounting controls are also a source of theft.
- Other forms of embezzlement involve actions to convert practice assets to an employee’s own use. This can take the form of using the practice’s cash for personal purchases, or as complicated as committing check fraud using fake companies as vendors. Practice administrators everywhere are aware of the phenomenon of office supplies disappearing around the time school starts each year.
- And embezzlement is not limited to funds or supplies from the medical practice itself. Employee theft extends to fraudulent use of patient credit cards kept on file at the office. Patients may recognize when their credit card has been utilized to pay an extraneous amount at the medical practice. But they may not connect a misuse of their credit card for personal expenses by a staff member handling money to a medical office they recently visited. Identity theft is also possible when staff members have access to so much personal and financial information about patients.
So let’s look at some strategies to avoid employee embezzlement.
Preventing Medical Practice Embezzlement – Hiring and Monitoring Employees
Prevention is better than a cure, right? Prevention of employee theft starts with your hiring practices.
All medical practices submitting claims to government programs like Medicare or Medicaid, are required to screen their employees against the OIG Exclusion List. The OIG Exclusion List is a list of individuals or entities who are excluded from providing services to persons covered by Federal health care programs. Individuals can be excluded for several issues, including things like billing fraud. Although the billing fraud considered by the OIG relates to defrauding a Federal health care program, it can be an indication of an individual’s willingness to commit fraud of other types.
Background checks are another important screening tool when considering hiring staff members. Background checks are available from a variety of companies, and cover issues like criminal history, employment history, and credit history. State laws usually govern what kind of pre-employment screening can be done in your state (except for OIG screening). Make sure you understand the rules for disclosing the results of a background check when you request one as part of the employment screening process. You may not choose to get a background check on every employee you hire, but you should definitely consider such checks on employees taking money, performing billing duties, and on an office manager or practice administrator. Physicians should verify the prior employment of prospective employees even if not commissioning background checks. And new hire providers such as physicians, nurse practitioners and physician assistants need screening against the OIG exclusion list, state Medicaid exclusion lists and a background check.
The initial effort to hire competent employees should be followed up with staying alert to potential warning signs that your business may be at risk for embezzlement. Red flags include situations such as:
- An employee who never wants to take vacation, or receive assistance from other employees. This can be a sign that the person is engaging in a scheme that requires them to always be present as cash and other payments come into the practice.
- An employee who appears to engage in a lavish lifestyle with no good explanation of their fortunate situation. Of course, employees may have access to additional resources beyond their compensation in the practice, but such situations usually become known within the business at some point.
- An employee whose behavior changes after the latest performance evaluation or change in compensation, or who is stressed by an outside situation.
- An employee who is financially stressed or who has a very close relationship with an outside vendor.
Make sure there is a reliable reporting mechanism for employees to report suspected theft. Many schemes are known to employees who are hesitant to report them. Hotlines permitting anonymous reporting are one of the most frequently used methods to report stealing or other misconduct, along with email and online reporting.
Policies and Procedures to Prevent Embezzlement
Developing and implementing effective company policies is another important way to avoid embezzlement in business. An independent accountant would use the term “internal controls” to describe the company policies that should be in place to protect the liquid and other assets of the practice. Let’s look at a few strategies that employers apply in a modern healthcare business with a practice management system that includes a billing and accounts receivable (AR) component.
- The first policy and procedure to consider is the daily reconciliation of payments received in the practice. Payments at the front desk come in a variety of forms.
- Cash payments are less common today, but are an especially vulnerable source of theft. An employee may take in cash and steal the actual dollars. The theft can go unrecognized if the employee is able to make an adjustment to the patient’s account so there is no apparent balance due from the patient.
- Payment by credit card is very common and has less potential for diversion or theft.
- Checks written in payment have some vulnerability, but this can be mitigated by requiring staff members to stamp each check for deposit at the time it is received. It is also possible to submit the check to the bank electronically at the point of service. This way the check is confirmed as “good”, and the amount is deposited in the practice bank account.
All payments should be acknowledged by a receipt from the AR system as the payment is posted to the patient’s account. A bank deposit slip listing the cash and checks available for deposit should also be prepared.
The best practice in this area is to pull reports showing the amounts paid by cash, credit card, and check, and the payment amounts posted to patient accounts. The totals of these two reports should match, and the total of cash and check payments should match the total on the deposit slip.
Payments received by mail or electronically should also be subject to similar daily reconciliation and processing. Consider having one person open the mail and stamp checks for deposit, while another person posts the payments and prepares a deposit slip plus a report on electronic payments posted to accounts. Two employees colluding in embezzlement is not unheard of, but it is much less likely than one-person embezzlement schemes.
Preventing Other Types of Medical Practice Embezzlement
Physicians or practice administrators should consider additional policies to prevent theft, especially when staff members have access to company credit cards or bank accounts. For example, online ordering of medical supplies using a credit card is common in many physician practices. Practice administrators should make sure to reconcile credit card purchases each month before payment on the credit card is made.
And great caution should be used when giving any employees, including office managers or a practice administrator, access to write checks or use a bank bank account card, or even to bank statements. Physicians have been consistently – and unpleasantly – surprised when a person they hired and trusted was found to have embezzled serious dollars from the practice. Bank account reconciliations are a good job for an independent accountant or an outside consultant.
Reports, Reports, Reports!
Most physicians want to think their staff members are honest, and would not engage in theft from them. One way to keep everyone honest is to ask for – and review – reports available from your office systems. Honest people want to demonstrate their honesty; others, not so much. If needed, an outside consultant can complete a front office or full practice audit, thus uncovering problems or potential problems, and then help set up a reporting system for you. This will establish best practices and peace of mind.
Medical practice embezzlement is an ongoing scourge in healthcare businesses large and small. Every physician owner of a small business needs to ensure he or she hires trustworthy staff and then monitors their duties and activities. As a recent US President once said, “Trust but verify” are words to live by – politics and business. Some consultants even say there are two types of physician practices, those who have experienced embezzlement in their practice, and those who will experience it in the future. Try to stay in a third category: those who avoid it forever!