• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

Where to Start with Employee Theft: Part I


Prevention and detection measures are critical to combating employee embezzlement, but to truly fight the risk of fraud the practice also must insure against potential losses.

Prevention and detection measures are critical to combating employee embezzlement, but to truly fight the risk of fraud the practice must affect a third element, completing the three corners of the “Fraud Triangle.” Insuring against a potential loss due to employee theft is the third required element in “Prevention, Detection and Insurance.” Maintaining adequate “employee dishonesty coverage” could likely serve as your only means for recovering diverted funds when prevention and detection measures fail.

Where to Start? Educate Your Employees

In so many cases of employee theft and embezzlement at least one other employee or co-worker knew of wrongdoing and at times even knew of an employee stealing or committing fraud against the practice. Those types of details often surface when interviewing all the employees as part of an investigation. Obviously, the practice would have suffered a contained loss had the employee acted on his or her knowledge or suspicions.

The problem in these instances is there are no policies, procedures or means for employees to communicate their information to someone in a position to do something about it without jeopardizing their own employment. Worse, the practice never communicated to employees their obligation to report any information related to any potential wrongdoing to allow the owners and/or management to investigate the issue.

Merely telling employees they have a duty to forward indications of potential theft or wrongdoing will not suffice. The practice must provide specific channels for employees to communicate the information, and the employee handbook or personnel manual must include a description of these channels and how to use them. These documents must confirm the assurance of an employee’s anonymity. For example, many employers use an independently monitored 1-800 “fraud hotline.”

Using a bona fide independently monitored hotline ensures zero risk to the employee of caller ID, as the person monitoring received calls has no relationship to the practice. Further, while the service gathers, transcribes and communicates the information to the practice’s owners or management, it does not provide or retain the actual call.

Potential Fraud Rears Its Ugly Head

Most fraud victims can vividly remember the day of discovery. Denial, panic, anxiety and anger all constitute common reactions.

For Example…

Consider this example. While conducting routine follow-up procedures on outstanding balances within accounts receivable on your billing system, the representative from the carrier identifies that the patient balance in question (unpaid on your system) was previously paid to the group several months ago.

Did they receive payment? Did the check get lost in the mail? Or, perhaps, did payment get applied to the wrong patient balance? These are all common possibilities in this scenario. The representative provides the payment date, and the billing system cannot locate any payments for that carrier around that date. Your collections person expands the inquiry to other outstanding patient balances with that carrier and provides them to the representative. Unfortunately, each one shows up as previously paid and no longer outstanding (uncollected) on your system.

Unaware of why the practice’s system does not reflect the carrier’s payment, the collections person requests a copy of the carrier’s payment, front and back. Simultaneously, the collections person informs the practice manager (or a physician owner, if no manager) of the discrepancy.

Speculating on what could have happened can prove problematic, so the practice should keep the issue quiet until it receives the check image. If a diversion scheme exists, identifying the perpetrator could prove difficult if not impossible with such limited information.

Conducting detailed inquiries and interviews with the staff involved with billing and collections could tip off a fraudster to their scheme’s discovery, causing them to delete and destroy any trails they left, along with supporting evidence they retained of their crime.

Or, it could reveal a legitimate and credible explanation, such as the inadvertent sending of a carrier’s payment check to the wrong medical practice, something the other practice’s controls should have detected and prevented, but did not. Under that scenario, the employees would never know of the issue, thus avoiding any unnecessary negative impact on employee morale.

Given the existence of limited information and the need for additional due diligence to determine what exactly happened, the need may not exist to notify the practice’s counsel or the insurance carriers for employee dishonesty at this time. While the potential for diversion may exist, many other explanations common to medical billing could prove the case. The carrier may reveal the check existed, but never cleared their bank. The check could therefore have disappeared in the mail or within the practice’s processes. Either way, the practice could request a replacement payment of the carrier.

While waiting for the payment images to arrive from the carrier, someone could discretely look into any other patterns of unpaid balances with other carriers.

Are there any trends? Are unexplained unpaid balances found across all carriers, or restricted to certain carriers? Often practices have several large payers, such as Medicare, Medicaid, Blue Cross and Aetna, who account for the majority of revenue, as well as many smaller payers.

Thefts from the larger carriers may prove difficult for employees due to the sheer size of the payments and because many remit their payments electronically, eliminating the opportunity to steal their payments.

Most small practices continue to receive checks from many smaller payers. Concealing the diversion of a $50,000 payment from Medicare, accompanied by a 10-page Explanation of Benefits (EOB), would prove far more difficult than skimming several smaller checks, each less than $2,000 from other payers with less volume, whose EOBs may only include a few patient accounts.

Patience and Persistent Will Prevail

Getting information from anyone about anything these days can prove extremely tiresome and take what seems like an eternity.

So, after hounding the carrier’s representative to follow-up with their research department to get you the image needed of their payment, you finally receive it. The check, payable to the practice, has cleared the carrier’s bank.

Unfortunately, when you flip the check over, in place of the presence of the practice’s endorsement stamp, the check contains no endorsement (“Endorsement Absent Deposit Guaranteed”). The check encodings identify the banks as “First Atlantic Bank” and “Pioneer Bank” (both fictitious for this article). The check is drawn from a Pioneer account, explaining that encoding, but the practice does not have any known bank accounts at First Atlantic Bank. Who received and processed the check paid to the practice, and where did the funds go?


Do you now have evidence that an employee has perpetrated fraud against the practice? It’s very much a possibility, but not the possibility, and so uncertainty remains.


What you know? That the carrier’s check cleared a bank not used by the practice. A request of First Atlantic Bank may provide you the answer you seek (“Whose account did the check clear?”), but likely not. If the bank account in question belongs to anyone other that the practice (which is known not to be the case), the bank cannot identify the name or nature of the account.

One solution? Contact the carrier to alert them of their check’s diversion and request the issuance of a replacement check. The problem will then shift to their fraud department, and the practice will obtain its funds. However, if a theft issue resides within the practice, the remedy for the replacement check will not provide any further information supporting or refuting that potential.

A little discrete due diligence can also help determine if a fraud problem exists.

Start by identifying all the employees with potential access to the payment. Then, with human resources, review those employees paid via direct deposit. Review each employee’s deposit forms (and potentially their attached canceled voided check) to see if any of the employees have their paychecks deposited to an account at First Atlantic Bank. If so, certainly you should further investigate those employees. If no direct deposits exist, consider reviewing any past reimbursement checks issued to employees, and if you can obtain images, see if any of the checks cleared First Atlantic Bank. Ultimately you may need to engage counsel to get you the information needed of First Atlantic Bank.

Simultaneous to all these efforts, you should review all the unpaid accounts to identify other balances for confirmation with other payers or carriers. Follow-up procedures, including calling the carriers on those accounts, could identify other instances where your practice sent a payment not received or recorded on the practice’s system. If you indentify one or more checks as not received, you likely have an internal problem.

Evidence of potential fraud confirmed. So now what?

Once you find the potential for fraud, theft or embezzlement, the first thing every medical practice must do is contact counsel. Prudent, independent and objective legal direction and advice will pay dividends and will also minimize additional risks and exposure for the practice.

Frequently, other “ancillary” issues could prove a greater risk to the practice than the act of theft itself. Most importantly, engaging counsel to direct and oversee all investigative activity in this regard will provide a layer of confidentiality by ensuring attorney-client privilege over all work performed. Suffice to say, you need to contain the information known among the fewest people possible.

Schedule an initial meeting as soon as possible with counsel, outside the physical practice if possible, so as to not alert employees potentially involved. During that meeting, the practice and counsel must work together to identify a strategy on how to move forward, confirming or refuting the potential fraud, as well as determining “who,” “what schemes,” “how,” “how much” and “how long” of the fraudulent activity. Much of this may prove indeterminable at the initial meeting, so avoid speculating beyond the known facts and information. A major discussion point should detail how the practice will preserve key information and evidence to minimize the risk of loss through destruction or diversion.

Concurrently, the practice should locate and review insurance policies, identifying any possible coverage in place. Commercial packages often include employee theft and embezzlement (commonly called “employee crime”).

One of the most important areas of the policy comprises the section entitled, “Your duties in the event of a loss.” Typically small in size, this section identifies the four to five steps the insured (the practice) must take to preserve, file and collect on a claim against the policy coverage.

The first step almost always requires the insured to timely notify the insurance carrier of the “potential” for a claim. Many refer to this as “putting the carrier on notice.” Remember, the practice may possess little proven knowledge at this point, but the potential for a claim likely exists. A claim may ultimately not be filed, but in order to preserve the option to file a claim, the practice must provide timely notice.

So what do you tell the carrier? My advice: Little to nothing, because you probably don’t know much more at that point. Anything further exists as mere speculation. The policy requires notice, so provide nothing more.

Also insist that the carrier mail you a written acknowledgement that you provided timely notice and start a potential insurance claim file. If sent via email, print and preserve their emailed acknowledgement. I am a big proponent of counsel dealing directly with the insurance carriers on behalf of the practice.

With counsel on board, evidence preserved and the insurance carriers put on notice, you now have time to execute your strategy and planned procedures.

You may need other professionals to aid in the investigation and preparation of the resulting insurance claim (if warranted), such as fraud examiners, forensic CPAs, medical billing experts and forensic computer specialists. The practice’s counsel overseeing the matter should directly engage every outside professional brought onto the investigative team to ensure the attorney-client privilege governs their work.

Stephen A. Pedneault is the principal and founder of Forensic Accounting Services, LLC,


orensic accountant, Steve is also certified fraud examiner, certified in financial forensics and a forensic certified accountant. He is

public accounting firm specializing in fraud investigations, forensic accounting, employee embezzlement, fraud prevention, litigation support services, internal control evaluations, due diligence analysis and various other special projects. A fan author and frequent public speaker on issues related to fraud. He has authored or co-authored three books on the subject and is currently working on a fourth. For more information, see:


Related Videos
Victor J. Dzau, MD, gives expert advice
Victor J. Dzau, MD, gives expert advice