We recently found out that another client of ours has been embezzled. Yes, I said "another." Employees stealing from practices unfortunately happens way too often. Though not rare, even just hearing about it is jarring. I find it sticks with me for days, like a black cloud reminding me that people can be awful. Of course, the effect it has on us is trivial compared to the impact it has on the actual victims of this terrible abuse of trust. The point of this post is not to advise you on how to reduce your risk of embezzlement. (We can do that, so contact us if you want to learn more, or start with our short quiz on the subject. But this post is about the emotional impact of having been robbed and deceived by someone you trusted.) If you've discovered that someone you relied on stole from you, here are some things I would like you to know. It's not you, it's them.Becoming a victim of embezzlement has nothing to do with your intelligence. Read that again: being a victim of embezzlement has nothing to do with your intelligence. Too often, victims of embezzlement feel ashamed that it happened to them. But though embezzlers are often clever, the difference between you and them is more about worldview than intellect. In some cases, people who were once honest find ways to rationalize their first theft while working for you. In other cases, embezzlers are repeat offenders who treat their crime as a trade, moving from employer to employer to ply it. Either way, it's clear embezzlers have a completely different sense of what is right and wrong than you do. In all likelihood, you didn't suspect them because you'd never consider doing something like this yourself. It's wrong to blame the victim of any crime, even when the victim is yourself. The only person to blame is the perpetrator. But you can put your intelligence to work for you by learning how to avoid a recurrence. You'll need to look at the world in a different way, so that you
How knowledgeable are you about theft inside medical practices -- and preventing it? This quiz is designed to get you thinking about how you can protect the money you've worked so hard to earn. Embezzlement always leaves practice owners feeling violated. In some cases, when the amounts are large, a practice's profitability can even be jeopardized by an embezzler. Take the quiz -- it only takes about five minutes -- and feel free to get in touch with us if you have questions about the information. We're offering a free 15-minute call to any practice owner who takes the quiz and wants to discuss any concerns it brings to the surface.
© Oleg Shelomentsev - Fotolia.com Most physician practice owners we work tell us they believe it is very unlikely that any employee would steal from them. But when you consider that an MGMA study found that 83% of members had worked in a practice where embezzling had occurred, it seems quite probable that some of those physicians will eventually employ a thief (or would-be thief) -- and that some don't realize they are being stolen from right now. Embezzling is easily missed by physicians and administrators for many reasons. One of the most common is that honest people, people who tend to respect protocols and rules, don't always consider the possibility that others don't share their boundaries. Physicians and practice managers who use a CPA to handle accounting and/or bookkeeping may assume those professionals can spot embezzlement, even though the tracks are almost certainly well-hidden in details that aren't part of a CPA's calculations (and usually aren't even accessible to them). The modern medical practice embezzler can also be an extremely creative thinker. We've worked with practices where the owners believed that embezzling couldn't happen in their practice because they don't accept cash or because the payroll and accounts payable aren't handled by any employee -- but physicians and administrators would be astounded (as we are) by the number of schemes that can tap into any flow of money in or out of the practice. New schemes are also constantly being devised by clever, determined thieves. Of course, for physician owners, another huge obstacle is the fact that most of their time is focused on patient care. This leaves less time and less energy for business details. Doctors need to trust people to manage most administrative matters for them. Unfortunately, embezzlers take advantage of that trust, often presenting themselves as the most loyal, hard-working employees in the practice, cultivating a "halo" that helps them get away with their crimes. Administrators and practice managers, the most trusted individuals in the practice, are generally among the employees with the most opportunity to steal, if they are so inclined. In some
A marketing director for Castle & Cooke, a mortgage firm, is believed to have stolen almost $200K from her employer in less than a year of employment -- until she was caught and charged with fraud. While the case does not involve a medical practice or healthcare organization, it does offer some reminders about protecting a small office from internal theft. The employee allegedly ran up large false expense reimbursements and forged company checks -- both possible in any small business with inadequate controls, including medical practices. Practices can learn from this incident. Check stock should be protected, and managed by a physician owner. No one should be allowed to sign checks except a physician owner -- no signature stamps! And owners should reconcile the bank statement monthly, so that any unauthorized checks could be spotted. Unauthorized expense reimbursements or charges are common routes to embezzlement in medical practices. Be cautious about allowing employees -- even a manager -- unsupervised control of a credit card or an expense account with a vendor. Review purchases "for the office" carefully -- make sure that everything on the Costco or Amazon bill can be accounted for in the office. Remember, not allowing temptation is the best way to prevent embezzlement -- and the best way to maintain a relaxed, family like atmosphere in your office, because you have less need to be suspicious of anyone. Internal controls are a gift to your practice -- they protect against profitability loss while also helping to support trust and morale.
Let's take a few moments to consider what risks you may be carrying around with your phone. One common vulnerability is stored passwords on your phone, e.g. within a “notes” program. Imagine the harm that could come of a thief having access to your banking accounts or practice management software. Your firm could suffer an immediate financial hit, malicious mischief or a potentially devastating breach of patient data. The start of such grief can be your unattended phone meeting with a disgruntled employee or dissatisfied patient. These risks mean that phone security justifies your consideration. Phone security starts with maintaining disciplined control over the physical device. Naturally, your phone should not be left untended in your office, on a shared counter-top or anywhere else where it might be easily stolen. While it seems obvious, it’s very common to see busy administrators leaving their phones behind as they scurry about the office. Luckily, most phones have security features that can significantly mitigate your risk – although many of these features are not enabled by default. In many phones, a four-number passcode can be readily “cracked” by a thief. Better is a quality passcode (avoid common English words) that uses letters and numbers – with iPhones this can be changed under settings/general/passcode lock. Keep you phone’s software updated, as security vulnerabilities are fixed as they are discovered. If you use an iPhone, make sure you have the application Find My iPhone installed (and updated) and enabled. iOS 7, the latest iPhone operating system, security has been greatly improved – potentially making your phone valueless to a thief, but you must first have an Apple ID (and remember it!). Phones using Android 2.2 or greater have a built-in application that can help locate or your phone and/or completely delete the contents of your phone and any installed memory (SD) cards. You’ll need to make sure these features are enabled on your phone (settings/security/device administrators). Regardless of what device you use, be careful when accessing sensitive information when you’re out and about as your phone may connect to an insecure Wi-Fi connection, allowing others
A staffer’s increased prosperity might be coming at your expense. Sudden and unexplained personal spending on the part of a staffer can be a warning sign that embezzlement may be taking place, but there’s another and sometimes even more damaging explanation that you should be concerned about – employee patient data theft. The theft of confidential and legally-protected patient data is on the rise and is already extremely widespread – millions of patient records have been compromised and the costs to the associated practices are many millions of dollars. Some schemes involve employees selling records as "leads" to unethical lawyers or others. Your controls over patient data are as important as your practice’s financial controls. Every practice should have well-defined policies with respect to accessing patient data - e.g., inappropriate accessing of patient data is grounds for dismissal. Practice administrators and physicians should periodically audit how many (and which) patient records employees access – ask your software vendors on how best to generate the necessary reports. Any device that can be stolen, accessed remotely or have data copied from it is a potential vulnerability. I recommend every practice conduct a thorough assessment of the risk of patient data theft every year.
Do you accept cash payments at your practice? The start of a new year is a great time to review how your practice handles cash -- to determine if your internal controls could use some tightening up. With cash, the biggest temptation is to handle these "small" amounts more casually than other payments. When cash payments are rare -- a $30 co-pay here, a $25 co-pay there -- it can seem that they're less important to the bottom line. But, over the course of a year, even a single $30 cash payment per day amounts to close to $8,000! Keeping tabs on those "unimportant" cash payments is actually very important, indeed. The biggest pitfall: mixing cash receipts with petty cash. This all but ensures these amounts won't be deposited and may not be properly tracked. Petty cash should never be more than about $50 or so -- just enough to handle small payment amounts for the office that cannot be handled by credit card or check. Allowing petty cash to grow creates a temptation for misuse -- or worse, theft. Cash should be deposited regularly -- ideally, every day -- for security and for effective tracking for practice evaluation and tax reporting. Receipt stock should be monitored, and the cash received should be reconciled against the day's postings by some at the practice who doesn't collect it and post it to the billing system (in smaller practices, this might need to be the physician/owner).
Joe and Judy's recent webinar (sponsored by Kareo) was a big hit! If you didn't have a chance to attend 'live,' you can register and view it here: Embezzlment-proof your practice Most medical practices are victims of embezzlement at some point -- yes, you read that right! -- so if you haven't already learned how employees can become thieves and employers become marks, this is a must-watch webinar.