Most physicians want to focus on practicing medicine and providing quality patient care. They also want to run a successful medical practice, of course, but many prefer to entrust day-to-day business operations to front-office employees—with little or no oversight. Unfortunately, this may leave a practice vulnerable to fraud and significant financial loss.

Practice embezzlement has been on the rise over the past couple of years, according to the Medical Group Management Association. Startlingly, three out of four physicians will suffer some financial loss from employee dishonesty over the lifetime of their practice. To help prevent and detect fraud, medical practices should implement regular audits and internal controls to monitor and guide proper employee conduct.


Identifying the factors that provide the opportunity for fraud to occur is an important part of preventing fraud. According to an Association of Certified Fraud Examiners survey, these factors include:

– Ability to override existing internal controls

– Lack of management review

– Limited number of competent personnel in oversight roles

– Many medical practices are short-staffed, requiring employees to take on a wide range of responsibilities. From the handling of monies from co-pays and insurance reimbursements to processing payroll and reconciling bank accounts to having regular access to cash boxes, there are a number of ways for employees to misappropriate funds. Proper controls are needed to prevent employees from voiding or manipulating transactions such as a charge after it’s posted to the system. It’s also important to properly separate accounting functions, particularly those dealing with cash.


In addition to the above, gaps in the billing system can create openings for fraud such as deletion of co-payments or other patient payments. Additionally, many times cash drawers are unlocked or not fireproof or, even worse, the key to the box is hanging next to the front desk. Below are other common areas that often lack controls and oversight, allowing employees to steal from a medical practice:

– Co-payments aren’t posted to the system at the time a patient checks in or leaves the practice

– Patients are told to pay a higher amount that isn’t consistent with what’s entered into the system

– Cumbersome cash receipt processes

– Credit card machines aren’t closed out by management, allowing employees to make adjustments to their personal accounts

– No payment reconciliation process

– Payments are posted prior to deposit at the bank

– Deposits are made only weekly or as needed

– No cash is posted or deposited the last two days of the month


There are a number of standard procedures you can implement to help your medical practice run effectively and efficiently, including:

– Issue receipts for all payments received.

– Make sure the front desk performs reconciliation prior to close for the day.

– Close out the credit card machine daily, with manager oversight to approve refunds or voids.

– Keep cash boxes in a fireproof safe overnight, and store the key outside the front-office area.

– Define discounts and co-pay collection procedures.

– Implement access controls, such as codes for receipt modules on billing systems.

Regular testing and auditing of internal controls is important to ensure they’re working. Testing should include a review of the procedures related to payments or cash receipts and should follow payments through to bank deposit. It should include the following steps:

  1. Select a sample of receipts.
  2. Test to determine if posted to the patient’s account.
  3. Verify the lag.
  4. Confirm that the amount of the daily deposit matches the dollar amount received per the receipt book.
  5. If the patient receives a discount, confirm that the amount matches the policy.


There are several ways to mitigate fraud in a medical practice. First, it’s important to involve more than one employee in the accounting process. Another important approach is to review a random selection of bank reconciliations and bank statements every few months, ensuring all receipts are generated from the billing system and each is numbered.

Next, the cash till or drawer should be reconciled at the end of each shift. To do this, one person reconciles the account and places it in the safe. The next day another employee can verify the amount and be responsible for depositing it into the bank, using either a bank courier or desktop depositing.

Finally it’s a good idea to implement a process to reconcile the amount posted in the system with the amount deposited in the bank. One way to encourage the consistent integrity of the process is to implement randomly timed surprise audits.


For questions about how to identify improprieties and misconduct at your practice and determine the best internal controls to address these risks and prevent future fraud, contact your Moss Adams health care professional.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s