Employee fraud costs industries billions of dollars a year — and health care is no exception. It is important to be aware of the potential for misdoings in your practice and take steps to prevent them by closing down opportunities by ensuring that your internal controls are designed to provide maximum protection.
What is It?
The most common forms of employee fraud are:
- Theft of receipts or cash on hand;
- Altering or forging a check;
- Submitting fictitious invoices;
- Paying personal expenses with practice funds; and
- Payroll or expense reimbursement fraud.
These thefts often go undetected for between eight and 36 months. In most cases, employees who steal money work alone; however, many of these employees have been with a practice for three or more years.
How Can You Deal with It?
The best way to deal with employee theft is to keep it from happening in the first place. Doing so requires implementing sound internal controls, including:
- Risk Assessment
Examine your practice’s policies, procedures and processes for any weaknesses in the system for protecting integrity and ethics. Conduct a risk assessment every two years or whenever there is a major system change (such as a new electronic health record [EHR]) or personnel change (such as a new billing clerk).
- Separation of Staff Duties
Avoid having a single employee in charge of purchasing and approving or adding vendors. Although it may be difficult to spread duties among several employees in smaller practices, it is critical to implement internal controls that let employees know they will likely be caught if they steal.Also, checks with invoices should be given to the appropriate physician for him or her to approve and sign. Similarly, if you are using an electronic bill payment system, only owner-physicians should be authorized to approve payments.
- Monitoring Employee Behavior
Look for telltale signs that an employee is involved with or considering fraud. For example, an employee who never goes on vacation or takes a day off may not want someone else to have access to his or her files. To combat this behavior, require all employees to take scheduled vacations and cross-train staff members on each other’s duties and responsibilities.
What Should You Look For?
First and foremost, criminal background checks are a must for all new hires as well as current employees. However, keep in mind that nearly two-thirds of offenders are not prosecuted, so their next employer might be unable to learn of their prior offenses.
What About Audits and Training?
Employees should know that unannounced audits are possible, but they should not know what data will be reviewed. Such audits need not be top-to-bottom reviews of the practice’s finances; instead they should focus on specific areas.
Additionally, overlapping financial records should be reconciled periodically. For example, compare receipts that are recorded in the billing system to revenues recorded in the accounting system, and then cross-check those numbers with your bank deposits. Make sure someone other than the person who prepares the records conducts the reconciliation.
Consider restricting employee computer access to only those computers, programs and electronic data that they need to perform their jobs. Educate your staff about what constitutes fraudulent, illegal and unethical actions; their role in preventing and deterring fraud; and how to recognize the signs of prohibited behavior. Doing so will not only make them more likely to notice suspicious behavior, but also diminish their ability to defend themselves if they are caught in the act of defrauding the practice.
Who Can Help?
Finally, ask your CPA for help implementing preventive measures and investigating any fraud that comes to light. It is particularly important to get professional help as soon as you spot a potential problem.