Fending Off Fraud with Good Internal Controls
Healthcare professionals focus on inefficiency and waste to maintain successful practices, often forgetting about the need to prevent and catch fraud. Physicians may not consider the importance of establishing systemic protections against employee fraud, such as theft of receipts or cash on hand, altered or forged checks, fake invoices, the use of practice funds to pay personal expenses, or payroll or expense reimbursement fraud. Controls are necessary to protect practices from the damage that employee fraud can cause. Examples of these controls include sound processes, background checks, periodic audits and restricted access.
The best way to deal with employee fraud is to prevent it from happening. Risk assessment should take place every two years or any time a practice experiences a change in systems or personnel. During this assessment, physicians should examine their policies, procedures, and processes for any gaps that may leave the practice susceptible to fraudulent activity.
In addition to risk assessment, healthcare professionals should implement additional controls to let employees know that they will most likely be caught should they attempt to steal from the practice. First, duties should be separated among employees to prevent one employee from having too much authority over one area of the practice. For example, one employee should not be given responsibility over purchasing and approving and adding vendors. Second, checks with invoices should be given to the appropriate physician for approval and signature. If an electronic bill payment system is in use, only physicians should be authorized to approve payments. Finally, healthcare professionals should put in place a system for monitoring employee behavior, looking for signs that an individual is involved in or considering fraud.
Physicians should conduct background checks and may want to consider credit checks for all new hires and current employees. For background checks, physicians should keep in mind that, since nearly two-thirds of offenders are not prosecuted, their next employers might not be made aware of their criminal pasts. For credit checks, healthcare professionals should be aware of state law and the federal Fair Credit Reporting Act. Generally, the individual’s permission is required to run a credit check; in some states, credit checks may be run only for those positions with certain financial responsibilities.
Periodic Audits and Restricted Access
Physicians should have audits of their practices and reconciliations of overlapping financial records completed. For the audits, employees should be kept in the dark as to what data will be audited and should be made aware that the audits will occur at announced times. These audits do not need to cover the practice from top-to-bottom but can instead focus on specific areas. For overlapping financial records, employees who did not originally prepare the records should complete the reconciliations. An example of a reconciliation would be the comparison of receipts in the billing system to revenues in the accounting system; these are then crosschecked against bank deposits to ensure amounts match on all fronts.
Healthcare professionals should consider restricting employee access to only those computers, programs and data necessary to complete their respective jobs. In addition, employees should be educated on what constitutes fraudulent, illegal and unethical actions; their roles in preventing fraud; and ways to recognize the signs of fraudulent behavior. Doing so enables employees to notice suspicious behavior while diminishing their ability to defend any unethical behavior on their part.
For more information contact Anne Beason at 312.670.7444. Visit ORBA.com to learn more about our Health Care Group.