When I became a CPA, my father, a small-town physician, asked me to prepare his tax return. I commented that his business appeared to be down. “That can’t be, Kathy,” he responded. “I’m seeing more patients than ever!”
As we parsed the records, the truth was revealed. My dad had been defrauded by a “trusted” employee who was stealing cash from the daily deposit. Despite having witnessed scores of such episodes over the years, I am no less disappointed each time one occurs. I know how hard doctors work, and I know how much they care.
This article details common schemes and best practices to deter them. The content is especially relevant as our team has seen a surge in fraudulent incidents during this economic downturn. The following are some of the methods that we have seen utilized to exploit unsuspecting businesses.
- A receptionist in a dermatology practice with a new electronic medical records (EMR) system is siphoning off cash. Her MO is to post the charge with the payment. Then, sometime before end-of-the-day balancing, she voids the payment. Her superiors are unaware that a batch is missing. It’s discovered that the employee has a history of stealing from past employers, which did not surface during employment verification.
- Eager to collect points for travel, a physician uses credit cards for office expenses. The office manager does much of the purchasing and bill-paying, and decides which account should be charged. Unfortunately, the office manager is also using the cards to purchase expensive clothing, gourmet food and electronics for his personal use!
- A patient calls his internist’s office because he received a bill for a payment he had made. The office manager initially claims that the payment was not made, then “discovers” that it was posted to the wrong account. Digging deeper, we learn that the office manager has been using this scheme to embezzle from the practice.
- When a doctor applies for credit to purchase a new car, she is surprised to hear that her credit score is low. The problem? A longtime staff member familiar with her personal information has been applying for – and using – cards in the physician’s name.
- An office manager tasked with balancing daily and making the deposits report is found to have been stealing from the deposit. The theft is facilitated because no one reconciles collections posted to AR with billing reports and the ultimate deposit.
How can you inoculate your practice against fraud incidents?
- Prescribe a checkup. Review your procedures for billing, collections and bill payment. The advent of electronic data interchange and EMR have changed the landscape. All procedures should be in writing, and employees should be able to demonstrate their understanding of them.
- Divide and conquer. Build accountability by separating duties. For example, someone other than the card user must approve a credit card purchase. The individual who prepares the bank reconciliation should not be the one who writes checks. And employees who handle cash should not have access to patient AR.
- Trust your gut. If, like my father, you’ve been extremely busy but your receipts don’t show it, you might be the victim of fraud. Follow up on your suspicion internally or with your CPA.
- Don’t backslide. If your accounting firm has installed financial safeguards, make sure they’re being used. Claiming that they are “burdensome,” staff members often disable features like those that track missing tickets or open charges.
Like other small businesses, most medical practices have probably experienced fraud. But awareness and knowledge of best practices can help prevent your hard-earned profits. It may appear cost-effective to turn over cash-management duties to internal employees. But be careful – these are people with relatively little financial knowledge. A CPA can help establish and monitor policies and systems to prevent you from the emotional and financial toll of fraud.