Physicians manage the health risks of their patients every day. But what about the health of their practice?
Fraud is a common risk found in organizations large and small, including medical offices. Implementing certain internal controls can go a long way in preventing financial damage.
In a recent survey by Medical Group Management Association, 82 percent of respondents reported employee theft or embezzlement had occurred at their medical group.
Limited financial and human resources at most small organizations make them uniquely susceptible to fraud. Small businesses – those with fewer than 100 employees – are more likely to be the victims of check tampering, payroll and cash larceny schemes than larger businesses, according to the Association of Certified Fraud Examiners 2014 Report to the Nations on Occupational Fraud and Abuse.
Assets and supplies are an easy target, says healthcare fraud expert Rebecca S. Busch, president and chief executive officer of Medical Business Associates, Inc.
“One employee ran all her wedding invitations through the office stamp machine,” Busch said.
In other cases Busch recalls:
- An employee who had authorization to approve expenses up to $1,000 paid for school supplies with the practice’s money.
- An employee billed patients using slightly changed stationery and pocketed the money collected.
- Schemes included writing checks to fictitious vendors and creating a phony collection agency.
Often, it is a dedicated employee who commits the fraud.
“If you have an employee who is the first to arrive and the last to leave and won’t take time off, that can be a red flag,” Busch said.
Last October, the FBI reported that a receptionist at a medical office in Kearny, N.J., pleaded guilty to embezzling more than $446,000 in cash and checks. The money was paid by insurance companies to the medical practice for services to patients over a four-year period.
The woman also charged more than $218,000 on 10 credit cards she fraudulently obtained in the name of a principal of the medical practice, the FBI reported.
Protecting your practice
While there is no foolproof way to totally ensure that your practice will not be a victim of fraud, Busch and other fraud experts recommend the following 10 tips to help mitigate risk:
1. Segregate duties to ensure that one employee does not have complete or most control of a transaction cycle – whether on the revenue or disbursement side. For example, the same person should not be opening mail, posting payments and making bank deposits.
2. Conduct independent reviews of bank statements and reconciliations by the practice owner or partner to ensure proper oversight.
3. Set up a bank lockbox for receiving payments. It is extremely easy to have mail from a post office diverted. “If you get less mail or your mail patterns shift, that’s a red flag,” Busch said.
4. Require two signatures on checks, including one from the physician owner or partner, and maintain a low dollar threshold for spending without owner authorization.
5. Do not use a signature stamp in your practice.
6. Consider asking your bank for Positive Pay. The automated fraud detection tool matches the account number, check number and dollar amount of each check presented for payment against a list of checks previously authorized and issued by the practice.
7. Close out the credit card machine daily.
8. Keep the cash box locked overnight with the key offsite.
9. Conduct background checks on all new hires.
10. Conduct a random audit periodically using an independent third party.