American Medical News
By — Posted April 15, 2013
As physicians sign off on their vendors' invoices each month, they may not realize that a check they thought was going to a lawn maintenance firm, alarm company or other business may be headed to a bank account of one of their own trusted employees.
Creating a fictitious vendor account and reactivating an old vendor account still in the practice's system are among several fraud and embezzlement schemes dishonest employees use to steal from practices.
A 2009 Medical Practice Employee Theft and Embezzlement survey by the MGMA-ACMPE, an association of medical practice managers, found that 82.8% of 945 respondents had worked in a medical practice that had been a victim of employee theft or embezzlement. Of that population, 3.6% said the scheme involved submitting a fictitious or inflated business expense.
Although the percentage might seem low, the damage can be substantial. The MGMA survey found that the mean amount stolen was $139,328. The median loss of a fraudulent billing scheme for all businesses was $100,000 and will take two years to discover, according to the Assn. of Certified Fraud Examiners' 2012 Report to the Nations on Occupational Fraud and Abuse.
Experts say practices seldom recoup all their money, even if the employee is prosecuted.
Fortunately, there are red flags and measures physicians can take to reduce the risk of theft.
“Look for strange behavior in the employee, but the biggest indicator is that while you're working really hard and the money is coming in, you aren't taking that much home,” said Alan Gilchrist, a Southfield, Mich., attorney who specializes in health care fraud.
To ensure that a vendor is legitimate, practices need to establish policies and procedures that include documenting and verifying the company's name, physical address, telephone and email address, W-9/taxpayer information number and vendor type, said John Brocar, director of the Fraud & Forensics Recovery practice at Dallas-based Ryan, LLC.
He said physicians should check with the Better Business Bureau to determine whether the vendor is in its database, verify that the company is not listed on the federal government's excluded party list (now combined into the System for Award Management) and Google its name. This lets a practice know if there is any negative public information on the vendor and helps determine if it is a real company.
Brocar said physicians should create special controls for one-time-use companies, high-dollar amounts or recurring payments; review vendor payments and canceled checks monthly to make sure the vendor matches the person who deposited the check; verify that employee and vendor contact information does not contain matching data such as street address; and complete an annual vendor master file audit. Also check the validity of the signature.
Review the vendor list at least annually and inactivate duplicate vendors, said Denise McClure of Averti Fraud Solutions in Boise, Idaho. Restrict employees' rights for adding vendors and changing vendor addresses, and make sure vendor names are spelled completely. Acronyms should never be used unless the vendor's name is an acronym.
Look for vendors with an exceptional increase in activity with your practice, said Susan Childs, a health care consultant in Rougemont, N.C. Experts say embezzlers tend to round out the dollar amount billed and simplify the invoice process, numbering them 1, 2, 3, etc., for instance.
Physicians need to become familiar with the people who provide the services for which they are paying, such as carpet cleaners, said Allan Bachman, education manager for ACFE.
“Are they never there? That should be a red flag,” he said. “Are the carpets still dirty? That's another red flag. Ask vendors, 'When are you coming next?' and be there when they're supposed to show up.”
Other checks and balances:
“If employees think the business is being watched just because the owner wants to know what's going on, they'll be less likely to steal,” Bachman said.