Employee fraud costs industries billions of dollars a year — and health care is no exception. It’s important to be aware of the potential for misdoings in your practice and take steps to prevent them by closing down opportunities. Ensure that your internal controls are designed to provide maximum protection.
What is it?
The most common forms of employee fraud are:
These thefts often go undetected for between eight and 36 months. And, in most cases, employees who steal money work alone. Many have been with a practice for three or more years.
How can you deal with it?
The best way to deal with employee theft is to keep it from happening in the first place. Doing so requires implementing sound internal controls, including:
Risk assessment. Examine your practice’s policies, procedures and processes for any faults in the system for protecting integrity and ethics. Conduct a risk assessment every two years or whenever there’s a major system change (such as a new electronic health record [EHR]) or personnel change (such as a new billing clerk).
Separation of staff duties. Avoid having a single employee in charge of purchasing and of approving and adding vendors. Although it may be difficult to spread duties among several employees in smaller practices, it’s critical to implement internal controls that let employees know they’ll likely be caught if they steal.
Also, checks with invoices should be given to the appropriate physician for him or her to approve and sign. Similarly, if you’re using an electronic bill payment system, only owner-physicians should be authorized to approve payments.
Monitoring employee behavior. Look for telltale signs that an employee is involved with or considering fraud. For example, an employee who never goes on vacation or takes a day off may not want someone else to have access to his or her files. To combat this behavior, require all employees to take scheduled vacations.
What should you look for?
First and foremost, get criminal background checks for all new hires as well as current employees. But keep in mind that nearly two-thirds of offenders aren’t prosecuted, so their next employer might be unable to learn of their criminal pasts.
Conducting credit checks on all new hires and periodically on current employees is also a good idea. However, be aware of state law and the federal Fair Credit Reporting Act. You generally need the person’s permission to run a credit check and, in some states, credit checks are allowed only for positions with certain financial responsibilities.
What about audits and training?
Employees should know that unannounced audits are possible, but they shouldn’t know what data they’ll cover. Such audits need not be top-to-bottom reviews of the practice’s finances. They can focus on specific areas.
Also, periodically reconcile overlapping financial records. For example, compare receipts that are recorded in the billing system to revenues recorded in the accounting system, and then cross-check those numbers with your bank deposits. Make sure someone other than the person who prepares the records conducts the reconciliation.
Consider restricting employee computer access to only those computers, programs and electronic data that they need to perform their jobs. Educate your staff about what constitutes fraudulent, illegal and unethical actions; their role in preventing and deterring fraud; and how to recognize the signs of prohibited behavior. Doing so will not only make them more likely to notice suspicious behavior, but also diminish their ability to defend themselves if they’re caught in the act of defrauding the practice.
Who can help?
Finally, ask your CPA for help implementing preventive measures and investigating any fraud that comes to light. It’s particularly important to get professional help as soon as you spot a potential problem.