As I noted in my last post, ’Preventing fraud: How much do medical practices lose and why?,’ the average organization loses 5 percent of revenue annually to fraud, waste and abuse, according to a recent study conducted by the Association of Certified Fraud Examiners. Medical practices are certainly not exempt from these losses. In fact, because physicians tend to rely on only one or two ’trusted’ administrative employees, and because of the high volume of transactions and records flowing through the typical medical practice, many physicians may be susceptible to even higher rates of loss.
Physicians’ first priority is quality patient care, which is as it should be. Often practice administration is left to others, which sometimes leads to practice inefficiencies, along with unnecessary exposure to fraud.
However, there are some basic internal control procedures that can be implemented which serve to limit practice exposure. While no internal control system is 100 percent effective in preventing fraud, the presence of basic internal controls can dissuade an employee from attempting a theft, since there is a perceived likelihood of their detection. Without basic controls, physicians are unlikely to prevent or detect fraud in a timely manner.
Here are some fairly easy to adopt control procedures that all medical practices should have in place:
- Physicians should receive unopened copies of bank statements. The monthly statements should be scanned for unusual items, with particular focus spent on the images of cleared checks and wire transfers.
- Insist on timely bank reconciliations from your accounting staff. Review the reconciliation in conjunction with both the bank statement and the practice’s monthly financial statements. Be aware of reconciling items that are old or unusual. Sometimes reconciling items can conceal fraud schemes. Also, if bank accounts are not reconciled at all, fraud can be difficult to detect.
- Periodically review payroll reports. Look to see whether each employee’s year-to-date gross salary is reasonable, particularly those employees who are charged with payroll responsibilities. Such employees may be able to take extra, unauthorized pay for themselves.
- Adopt an annual budget each year and monitor actual practice results against the budget. The monitoring process compels the timely production of monthly financial statements, and may also serve to quickly identify financial anomalies for further investigation.
- Segregate employee responsibilities so that those who collect patient co-pays and open incoming mail are not the same individuals who are responsible for the practice’s accounting and reconciliation functions. Employees responsible for accounting should be provided with copies of checks received and daily cash collection reports, not with the actual checks or cash. In such an environment, accounting personnel serve as a control over those with physical access to incoming payments.
- Authorize any new vendors before allowing disbursement of funds. Fictitious vendors are a significant fraud risk, especially for larger medical practices. Perform cursory background investigations on proposed new vendors by reviewing websites and asking for references. Review and initial all vendors’ invoices as a method of payment authorization. Beware of odd invoices; for instance, those invoices which have no telephone numbers, no physical address or are for odd amounts (i.e., with round numbers) may warrant further inquiry.
- Require employees to take vacations offsite each year. This policy allows for valuable cross-training of existing staff and is a control over potential fraud schemes that require the constant attention of a dishonest employee. The “dedicated” employee who never takes a vacation may actually be involved in a scheme, particularly if s/he has access to incoming funds and has accounts receivable/billing responsibilities.
These control policies are fairly innocuous from a practice culture standpoint. However, these procedures (and many others like them) can be incredibly effective in preventing and detecting fraud, which has the potential to save the practice many, many thousands of dollars annually.
Reserve your seat now for MedCity CONVERGE, to be held July 9-10 in Philadelphia. Discover strategies, solutions and startups in healthcare innovation. Be a part of this gathering where the entire healthcare ecosystem converges.