How Solid Internal Controls Can Help You Minimize Medical Practice Fraud– September 11, 2019

Physicians trying to create and maintain a successful medical practice are engaged in a constant battle against inefficiency and waste. But they might not realize they’re also in a battle to prevent and catch fraud perpetrated by their employees. As a healthcare professional, you might not be aware of how important it is to establish systemic protections against employee fraud within your practice operations, because fraud just isn’t on your radar.  
The most common forms of employee fraud are theft of receipts or cash on hand, altering or forging a check, submitting fictitious invoices, paying personal expenses with practice funds, and payroll or expense reimbursement fraud.
These thefts might well go undetected for months or even years. And, in most cases, employees who steal money work alone. Many have been with a practice for several years.

What Internal Controls and Assessments Should You Put in Place to Deter Medical Practice Fraud?

Obviously, the best way to deal with employee theft is to keep it from happening in the first place. Doing so requires implementing sound internal controls, including a careful risk assessment.

  • Examine your practice’s policies, procedures and processes for any gaps in the system that fail to protect integrity and ethics.

  • Conduct an assessment every two years — or whenever there’s a major system change (such as a new electronic health record [EHR]) or personnel change (such as a new billing clerk).

  • Separate staff duties and avoid having a single employee in charge of purchasing and of approving and adding vendors. Although it may be difficult to spread duties among several employees in smaller practices, it’s critical to implement internal controls that let employees know they’ll likely be caught if they steal.

  • Checks with invoices should be given to the appropriate physician for him or her to approve and sign. Similarly, if you’re using an electronic bill payment system, only owner-physicians should be authorized to approve payments.

  • Have a system in place for monitoring employee behavior. Look for telltale signs that an employee is involved with or considering fraud. For example, an employee who never goes on vacation or takes a day off may not want someone else to have access to his or her files. A good practice is to require all employees to take scheduled vacations.

Do Background Checks Help Deter Medical Practice Fraud?

Absolutely. First and foremost, get criminal background checks for all new hires, as well as current employees. But keep in mind that nearly two-thirds of offenders aren’t prosecuted, so their next employer might be unable to learn of their criminal pasts.
Conducting credit checks on all new hires and periodically on current employees is also a good idea. However, be aware of state law and the federal Fair Credit Reporting Act. You generally need the person’s permission to run a credit check and, in some states, credit checks are allowed only for positions with certain financial responsibilities.

Can an Audit of a Medical Practice Help Minimize Fraud?

Yes. Employees should know that unannounced audits are possible, but they shouldn’t know what data they’ll cover. Such audits need not be top-to-bottom reviews of the practice’s finances. They can focus on specific areas.
Also, periodically reconcile overlapping financial records. For example, compare receipts that are recorded in the billing system to revenues recorded in the accounting system, and then cross-check those numbers with your bank deposits. Make sure someone other than the person who prepares the records conducts the reconciliation.
Consider restricting employee access to only those computers, programs and data they need to perform their jobs. Educate your staff about what constitutes fraudulent, illegal and unethical actions; their role in preventing and deterring fraud; and how to recognize the signs of prohibited behavior. Doing so will not only make them more likely to notice suspicious behavior, but also diminish their ability to defend themselves if they’re caught in the act of defrauding the practice.
The first step in preventing employee fraud in your medical practice is to put it on your radar screen. Then you can work with your financial team and outside professionals to establish smart internal controls that will protect your practice from the debilitating damage and destruction employee fraud can cause.
Please contact a member of your service team, or contact Kathy Walsh at for further discussion.
Cohen & Company is not rendering legal, accounting or other professional advice. Information contained in this post is considered accurate as of the date of publishing. Any action taken based on information in this blog should be taken only after a detailed review of the specific facts, circumstances and current law.