Are you staying vigilant for the various types of medical fraud that might be happening in your practice? Here are the high-risk areas and how to protect yourself.
In a time of economic downturn there is often an uptick in fraud committed against all types of organizations, including medical practices. Theft in medical practices comes in many different forms but the highest risk areas are cash receipts, disbursements, payroll and most recently identity theft.
Most people think of cash receipts or accounts receivable theft as large embezzlement cases, but an employee pocketing copays at the front desk is much more likely, and as damaging to a practice. Compounding the damage with this type of theft is that there is usually a loss of charges as well. In many cases, in order to cover up the missing cash, the receptionist destroys the charge ticket and the practice has now lost the insurance reimbursement as well. With the increase in debit or charge cards in many practices the exposure for this type of fraud has decreased but other risks have increased.
The area of cash disbursements is often a risk due to a lack of controls and a lack of oversight. Physicians need to be reminded that in many significant cases of theft, it is the person they trust the most who is involved.
With the advent of internet sales, items can be bought and paid for by the practice, then delivered to someone’s home and sold on eBay. In one case, an office manager converted all of her personal accounts to match the vendors from the office. Since the physicians never looked at an invoice, she was paying everything through the company including her car payment, utilities and even her groceries.
How, you might ask, could someone steal through payroll? The office manager or practice administrator decides it is time for a raise. In one case the “raise” was an additional $25,000 per year for multiple years before it was discovered. In another, a practice administrator put her daughter on the payroll. Her daughter was working weekends and evenings and she actually did provide legitimate services on a couple of occasions. Unfortunately by the end of the year, the daughter had been paid $40,000 for 40 hours of work.
Since payroll is often processed by an outside entity, luring the physician into a false sense of security, this area seems to have the least amount of oversight. Many physicians sign the disbursement checks, but typically they never review the payroll reports or paychecks. It is even possible to create a fake employee without producing a W-2. Seems impossible, but even with an outside payroll system it can be done.
Google “health care theft” — what do you think will come up? The first 17 pages were all about identity theft, which takes place in as many as 33% of health care organizations according to recent studies.
What form does identity theft take? The most common forms are theft of patient identifiers, employee information or paper/digital medical records information. Most people only think aboutthe financial implications of identity theftfor the person whose identity is stolen. But due to the continually increasing uninsured population, one of the largest increases in medical fraud is associated with the fraudulent sale or use of insurance information.
Since insurance cards do not have pictures, even checking identification is not fool-proof. Beyond the financial implications one must consider the clinical information that could forever be linked to a patient’s stolen identity. Imagine your treatment patterns being dictated by someone else’s medical history.
So now that you are looking suspiciously at all of your employees, patients and subcontractors, what should you do? Since few practices ever recover their losses, the best offense is a good defense. A few ways to prevent fraud are:
1. Perform a fraud risk assessment
In order to properly prepare your practice for prevention, it is essential to understand your starting point. Define and study your policies and procedures. Develop a team or committee for this process. Compile a list of potential threats under your current processes. Internal controls and procedures should be adjusted to provide a better defense against these threats.
2. Create a system of ongoing monitoring
The implementation of a system of monitoring and testing will ensure that as the practice grows and evolves there will be continued focus on detecting and preventing fraud.
3. Ensure the perception of detection
Often the employee’s perception that he or she may get caught will be enough deterrent to keep fraud at bay, so announce your development of a fraud risk committee.
4. Use a hotline
Although many might think their practices are too small and this option would be too costly, there are reasonably priced, third-party options available.
These recommendations may sound like a lot to consider, but remember that the likelihood of fraud decreases dramatically when a fraud risk prevention program is in place. While these programs are known to prevent and detect fraud, no method is 100%. However, by remaining vigilant and continuing to be aware of what is happening within your practice, you will be better equipped to handle and prevent fraud.
Jenny L. Harmon, CPA, is a director with GBQ Physician Practice Group LLC. She has been heavily involved in practice startups, as well as aiding existing practices with billing issues, staff modeling and selection, project analysis, financial management, compliance issues and tax planning. Jenny can be reached at (614) 947-5246.
GBQ Physician Practice Group LLC is also a proud member of the National CPA Health Care Advisors Association. HCAA is a nationwide network of CPA firms devoted to serving the health care industry. Members provide proactive solutions to the accounting needs of physicians and physician groups. For more information contact the HCAA at firstname.lastname@example.org.