Fending Off Fraud in Your Practice with Good Internal Controls

Health care professionals might not be aware of how important it is to establish systemic protections against employee fraud within their practice operations. This article explains the types of fraud a medical practice might experience and offers some tips on how to create and maintain internal controls that protect practices from the debilitating damage and destruction that employee fraud can cause.

Physicians trying to create and maintain a successful medical practice are engaged in a constant battle against inefficiency and waste. But they might not realize they’re also in a battle to prevent and catch fraud perpetrated by their employees. As a health care professional, you might not be aware of how important it is to establish systemic protections against employee fraud within your practice operations, because fraud just isn’t on your radar.    

An insidious problem

The most common forms of employee fraud are theft of receipts or cash on hand, altering or forging a check, submitting fictitious invoices, paying personal expenses with practice funds, and payroll or expense reimbursement fraud.

These thefts might well go undetected for months or even years. And, in most cases, employees who steal money work alone. Many have been with a practice for several years.

Sound processes

Obviously, the best way to deal with employee theft is to keep it from happening in the first place. Doing so requires implementing sound internal controls, including a careful risk assessment. Examine your practice’s policies, procedures and processes for any gaps in the system that fail to protect integrity and ethics. Conduct an assessment every two years — or whenever there’s a major system change (such as a new electronic health record [EHR]) or personnel change (such as a new billing clerk).

In addition, it’s key to separate staff duties and avoid having a single employee in charge of purchasing and of approving and adding vendors. Although it may be difficult to spread duties among several employees in smaller practices, it’s critical to implement internal controls that let employees know they’ll likely be caught if they steal.

Also, checks with invoices should be given to the appropriate physician for him or her to approve and sign. Similarly, if you’re using an electronic bill payment system, only owner-physicians should be authorized to approve payments.

Finally, you should have a system in place for monitoring employee behavior. Look for telltale signs that an employee is involved with or considering fraud. For example, an employee who never goes on vacation or takes a day off may not want someone else to have access to his or her files. To combat this behavior, require all employees to take scheduled vacations.

Background checks  

First and foremost, get criminal background checks for all new hires, as well as current employees. But keep in mind that nearly two-thirds of offenders aren’t prosecuted, so their next employer might be unable to learn of their criminal pasts.

Conducting credit checks on all new hires and periodically on current employees is also a good idea. However, be aware of state law and the federal Fair Credit Reporting Act. You generally need the person’s permission to run a credit check and, in some states, credit checks are allowed only for positions with certain financial responsibilities.

Periodic audits and restricted access

Employees should know that unannounced audits are possible, but they shouldn’t know what data they’ll cover. Such audits need not be top-to-bottom reviews of the practice’s finances. They can focus on specific areas.

Also, periodically reconcile overlapping financial records. For example, compare receipts that are recorded in the billing system to revenues recorded in the accounting system, and then cross-check those numbers with your bank deposits. Make sure someone other than the person who prepares the records conducts the reconciliation.

Consider restricting employee access to only those computers, programs and data that they need to perform their jobs. Educate your staff about what constitutes fraudulent, illegal and unethical actions; their role in preventing and deterring fraud; and how to recognize the signs of prohibited behavior. Doing so will not only make them more likely to notice suspicious behavior, but also diminish their ability to defend themselves if they’re caught in the act of defrauding the practice.

On your radar

The first step in preventing employee fraud in your medical practice is to put it on your radar screen. Then you can work with your financial team and outside professionals to establish smart internal controls that will protect your practice from the debilitating damage and destruction that employee fraud can cause.

Visit our Internal Controls Services page to learn more, and contact us for help improving your internal controls.