Medical Practices must be Diligent about Internal Controls

Healthcare Accountant Columbus OhioBy: Carmen George, CPA- Director, Health Care Services

COVID-19 has created stress for so many healthcare practices. In the midst of this stress, it is important to be diligent with internal controls to try to avoid fraud and employee theft. Sadly, many people are experiencing financial hardship so we are seeing incidences from people that would have never thought to do something like this before. The best practices and internal controls below are a good reminder for healthcare practice administrators and business office managers.

Embezzlement and employee theft occur more in medical practices than in other industries, according to Medical Economics. Crucial to limiting any chances of loss are prevention and detection. As a physician owner, practice manager or administrator, you should have a plan in place for preventing employee fraud. Once you have designed your policies, you will want to monitor and assess for effectiveness. You want to do these assessments every couple years or when you have a change in your accounting and billing staff. It is much easier to implement and follow through with strict policies, than to deal with the aftermath of fraud. Also, make those policies widely known to all employees and let them see the follow up so they know management is watching and there will be consequences for any breaches of the policies. These best practices are easy to do and will become a routine practice once you start doing them.

The best way to prevent employee theft is to make policies that include documentation and separation of duties. Separation of duties is one key control practice. It may be hard to do in small practices, but it is critical. Some of the duties that should be separated are posting bill payments to the billing system and making deposits to the bank, approval of adjustments to accounts receivable and bank reconciliation should be done by someone other than the person responsible for making deposits and signing checks.

Other practices that are designed to minimize the exposure to risk of employee theft is to perform background checks on all your employees, assign petty cash control to a specific employee, monitor your bank accounts daily and assign someone that doesn’t collect or post the payments to reconcile deposits in the bank to those posted in the billing system.

Although employee theft is one of the biggest threats to your healthcare practice, it is important to remember that all threats will not come from inside your organization. Some best practices for you and your employees to help minimize your risk of outside threats are listed below:

1.) Monitor your accounts frequently and set up alerts online to identify suspicious activity.

2.) Make sure your systems are up to date with the latest hardware and software updates. This includes routers, browsers and applications. Often updates will fix bugs that might have allowed a threat into your system.

3.) Clear your browser cache frequently. This will help protect personal information and help applications run optimally.

4.) Make sure everyone is vigilant about password safety. Some ways to do this is to use longer passphrases, never re-use and implement a system that prompts the changing of passwords on a routine frequency.

5.) Everyone should be suspicious of unsolicited emails or emails from a familiar name that seem out of context. Look closer at the email address from the sender. Also, don’t click on links, open attachments or provide personal/business information such as login credentials.

Physician owners, practice administrators and business office managers need to be able to focus on patient care. As your accounting partner, Holbrook & Manter is dedicated to helping you in this fight against fraud. Contact us to see how we can help review your policies and offer observations on your business’ internal controls.