Wipfli logo
Insights - Articles, Blogs and on-demand webcasts

Articles & E-Books


How to Protect Your Medical Practice From Employee Financial Fraud

Apr 26, 2019

When it comes to employee theft, medical practices are some of the most vulnerable. According to the Association of Certified Fraud Examiners (ACFE), health care has the fourth-highest rate of reported fraud, out of 25 industries.[1]

Just how often does it happen? It’s hard to say, because most medical practices don’t want the public to know they’ve been victimized. Many fraud cases go unreported. Yet the ACFE estimates that the typical organization loses 5% of annual revenue to fraud, so if your clinic realizes $1 million in income, for example, you could be losing $50,000 a year to employee embezzlement and theft. 

Why Fraud Happens

Many doctors see themselves as healers and caregivers first, and businesspeople second. That could be why so many practice owners fail to implement the kinds of controls necessary to deter fraud in the first place.

Clinics particularly susceptible are those with cash-payment models and retail product lines. Dermatology practices, dentist offices and eyecare clinics, for example, are often at highest risk. What’s more, the fraudsters we see are almost always longtime, trusted employees. Physician clinic owners tend to have small teams, and they don’t want to believe that someone close to them would steal.

Fraud specialists refer to the “fraud triangle” to explain how and why fraud occurs. This model suggests that three factors must be present: opportunity, pressure and rationalization.

Opportunity is one area of the triangle that clinic owners can control. You can deter employees by putting systems and processes in place that limit their ability to steal. This could mean inventory controls, restricted access and a variety of checks and balances in your accounting system.

Employees who steal have some kind of motive pressuring them, and they will rationalize their crime in different ways:

  • Financial pressures such as addiction, gambling or other vices
  • Family needs such as a sick loved one or a child entering college
  • Living beyond their means and feeling like the clinic owner has plenty to “share”
  • Feeling like the company “owes” them

Employees who steal may feel undercompensated or unrewarded for business success. Some act out of a sense of revenge. And others may simply respond to an opportunity, believing the physician owner won’t miss the money anyway.

How Fraud Happens

Employees can find any number of ways to commit theft. Medical clinics are particularly susceptible to billing schemes and faulty expense reimbursements. Skimming cash, using company accounts for personal purchases and stealing inventory are also common.

In roughly half of all thefts, employees will create fraudulent documents or falsify documents in order to cover their tracks. But altering transactions in the accounting system is also common.

Spotting the Warning Signs

Hindsight is 20/20, and it’s easier to spot the warning signs after you’ve discovered something amiss. Still, here are some red flags that could signal an employee is stealing:

  • An employee spends excessively or has financial problems
  • An employee is resistant to share certain responsibilities or take a vacation
  • There is frequent confusion over transactions that are later “cleared up”
  • There are increasing expenses, missing inventory or increasing write-offs

Discovering Fraudsters

Employees are one of your best sources of fraud detection. According to the ACFE, 40% of fraud detection stems from an employee tip. No one likes to be cheated, and employees who spot fraud are likely to report it.

We recommend employee fraud prevention training to help employees and managers know what to look for. Consider setting up an anonymous employee tip line so employees can report possible fraud.

But know that you can’t rely on employee tips alone. Physicians and clinic owners should implement some active internal controls to deter and detect theft. These controls will catch fraud sooner, when the losses are less. These are seven of the top strategies we recommend:

  • Activate an audit trail: Most bookkeeping systems have an audit trail function, which tracks every addition, deletion or modification to your records. Make sure the function is on and review the records periodically. Consider why certain edits would have been necessary, such as changes in date, vendor name or check number, and follow up on any irregularities.
  • Prohibit backdated changes: We’ve seen an employee hide account irregularities by altering previous year transactions. Most bookkeeping systems allow you to lock down previous years so they cannot be altered.
  • Check inventory: Count inventory periodically and assign the task to someone who isn’t in charge of purchasing or recording transactions. If you don’t have enough staff for that, bring in an outside party or rotate duties inside the office.
  • Review your statements: Spend time each month reviewing transactions and vendors and learning the patterns of your business. Review the books periodically and pay close attention to cash disbursements, refunds and copays.
  • Separate responsibilities: Segregate financial duties so an employee who handles cash isn’t the same person who manages the books and makes deposits at the bank.
  • Use your bank’s fraud prevention tools: Set up a “Positive Pay” program with your bank. This allows you to list approved vendors, preventing payment to unauthorized accounts.
  • Conduct a risk assessment: An outside consultant can spot holes in your internal controls and recommend areas for remediation.

According to the ACFE, if fraud does occur while internal controls are in place, a clinic’s losses are typically cut in half from what they would have been without internal controls. Proactive data monitoring, regular management review and an employee tip hotline were all shown to have a significant impact on losses.

Protect your clinic with Wipfli. Our fraud examiners and internal control specialists help you deter and detect employee theft. Contact us to learn more or get started.

[1] ldquo;Report to the Nations: 2018 Global Study on Occupational Fraud and Abuse,” Association of Certified Fraud Examiners, 2018, https://www.acfe.com/report-to-the-nations/2018/, accessed April 2019.


Dru D. Carney, MBA, CFE, CFCI
Senior Consultant
View Profile
Cybercrime: The Unseen Threat to Your Organization
Technology has revolutionized the business world, empowering organizations to solve challenges and connect with customers like never before. But it’s also given rise to a new threat: cybercrime. If your data fell into the wrong hands, would you be ready to respond with your business’s reputation — and bottom line — at stake?
Featured Insight

Cybersecurity Essentials for Health Care Organizations

Taking a proactive approach to security management is every health care organization's obligation. Wipfli offers flexible, packaged services to meet your organizations's security needs.