Rx For Defrauded Doctors: Employee Theft in Medical Practices

Medical practices are particularly susceptible to internal fraud, especially embezzlement, because many physicians have zero education in accounting, finance, and business management. Here are three cases and four ways that fraudsters exploited poor management in small businesses plus practical methods that could have prevented the crimes.

The weekend retreat was as needed as it was refreshing. Returning to his medical practice on Monday, the physician believed he was prepared to meet the day's challenges. But when he arrived at the office, he met a representative from the electric utility company accompanied by sheriff's deputies. They told the doctor that the electric service was being disconnected, and the physician and his staff were being evicted from the building for failing to pay the rent. The physician assured them there was a mistake because his office manager of many years, "Josie," prepared bills for payment and had assured him that all accounts were current. Actually, the trusted office manager had embezzled the medical practice for more than $1.9 million in seven years.

Medical practices are prime targets for fraud committed by trusted employees. The lack of knowledge of basic bookkeeping and accounting procedures coupled with the complexity of dealing with insurance providers, write-offs, deductibles, and co-payments for medical services often discourages medical practitioners from becoming actively involved in the accounting and bookkeeping tasks of the business. When added to providing client care and its related paperwork, it's not surprising that doctors depend on employees to properly perform the administrative functions of the practice. That dependence on others, as well as the provider's basic instinct of wanting to offer aid and comfort, creates conditions that offer many opportunities for fraud. (We'll analyze the outrageous opening case later.)

The successful theft of business assets by employees is limited only by the employees' inclination to commit the fraud, their opportunities, their criminal skills, and the amount of resources available to steal. The higher the level of trust and access the employee has, the greater the amount of money that person can convert for personal gain, as well as the reduced likelihood that the fraud will be discovered.

A SUSPICIOUS MANAGER FINALLY ACTS 

A case that involved me professionally shows how all the people responsible for cash management failed to react to the signs of embezzlement. The office manager of a medical practice (not the person in the opening case) contacted me with concerns about one of her employees, "Carol," and the loss of small amounts of cash from the business change box.

For some time, the office manager had the feeling that something was amiss; she believed the employee was developing "negative lifestyle issues" that could harm the practice. Her primary concern was Carol's new romantic relationship with an abusive boyfriend, who had recently been discharged from the military under less than honorable circumstances. Carol had allowed the boyfriend to move into her apartment, which violated the lease restrictions. As is common in such cases, the office manager didn't act on her suspicions because she didn't want to offend Carol.

After reviewing the practice's financial records, I knew the office manager's concerns were valid, and that the petty cash theft was only a fraction of the practice's overall losses. As the office manager suspected, the misconduct had begun around the time she saw Carol's lifestyle changes.

Carol had gained the trust and confidence of the practice owners and the office manager. She was properly screened prior to being hired. All references, as well as former employers, had offered only praise and positive recommendations. As a trusted employee, she was allowed to work alone, at night, and on weekends with minimal supervision. Carol's duties included posting client and insurance payments as well as filing claims for payment from insurance providers. She prepared the daily deposits and took them to the bank. Those conditions provided an excellent environment for committing fraud, and she took full advantage of the opportunity.

Carol had begun by floating deposits “ borrowing cash from one deposit to pay for funds she had taken from an earlier deposit. This showed up in the delay in the bank's posting of the deposits; they didn't agree with the date the deposits were prepared in the office. When she saw she could get away with it, she advanced to a higher level of fraud.

The scheme was simple and effective. Carol properly listed all cash and checks on the deposit slips, which included a carbon copy that remained in the deposit book in the office. She altered only the bank copy of the deposit slips and reduced the amount of cash in the deposit with a corresponding reduction in the total deposit. She whited out cash amounts on the slips and altered the totals to reflect only the sum of the checks. The alterations were apparent to the most casual observer, but the bank never questioned them. No one reacted to the absence of cash in the deposits or to the adulterated deposit slips.

As Carol got more brazen, she omitted the cash amount altogether on the bank copy of the deposit slip and recorded only checks. However, she wrote through the carbon paper of the office copy of the deposit slip to record the correct cash and deposit amounts. She then pocketed the cash receipts.

Though the total cash loss was less than $12,000 over several months, the cost in time and energy took its toll on the practice. The business earlier had incorporated safeguards to prevent and detect this type of fraud, but the doctors didn't enforce them because they thoroughly trusted Carol. Also, the medical practice had changed automated bookkeeping programs but failed to train the office manager in the use of that system. Therefore, she was forced to outsource the bank reconciliation function and receive only quarterly account reconciliations.

When presented with the evidence, Carol confessed, plead guilty to the felony charge of embezzlement, received a suspended prison sentence, and ordered to make restitution. Fortunately, a substantial portion of the loss was covered by the practice's insurance.

LACK OF EDUCATION COSTS 

Another case shows how the lack of accounting or business management skills can adversely affect a successful medical practice. A highly trusted manager, "Nate," who had worked for the practice many years, was so respected that one of the doctors had asked him to be his child's godfather.

The doctors were reluctant to pursue their instincts. They saw numerous red flags flying, but couldn't imagine Nate would defraud their business. If the owners had learned some accounting basics and followed up on their doubts, they would have discovered that Nate had taken cash from the bank deposits. He had convinced the owners that the bank always assessed a service charge for processing cash, but it could be avoided by allowing him to remove the cash from the deposit and replace it with his personal check. He then removed more cash than he offset with his personal checks. The estimated loss was $37,000.

Also, Nate used his total control over the bank accounts by drafting checks payable to himself as reimbursement of office expenses. He didn't supply any supporting documentation, nor did the doctors request any. Then he drafted checks payable to himself while entering the payee in the checkbook as a vendor or service provider and also in the bookkeeping system. The estimated loss was $87,000.

The partners saw other flying flags, but they ignored them. The previous year, the practice discovered that Nate had leased a new BMW 745i in the name of the practice for his personal use. When questioned, Nate replied that he had repaid the monthly lease expenses through deductions from his paychecks. The practice accepted Nate's explanation and no further action was taken. Several months later, the partners found evidence that Nate had used the practice's credit card to pay for a trip to Europe. The employee, ever ready with a reply, admitted using the credit card for personal purchases but said that he had reimbursed the expenses to the practice. The partners didn't verify that claim and, remarkably, maintained their trust in the employee. Nate continued as office manager and to defraud the practice.

In the most glaring scheme of all, Nate maintained two credit card accounts in the practice's name. He used those accounts for his personal expenses including two vacations, one of which was for an overseas trip. The estimated loss was $90,000.

One partner discovered two credit card accounts both in the name of the partnership. When the partner questioned Nate about the need for two accounts, he said he opened the second account to improve the overall credit rating of the practice, which would add value if the practice wanted to add another partner. The partner told Nate to close one account and didn't think anything more about it.

Two years later, when Nate was on vacation, the partner saw two credit card statements in the business' incoming mail. When Nate returned, the partner asked him why the credit card accounts continued to be active; Nate said he hadn't had the opportunity to close the account. Only then was the office staff instructed to give all incoming mail, unopened, to a partner. In less than two months, the partners finally were forced to face reality when past due accounts began arriving in the mail. When they finally realized they were victims of fraud, they responded the way they should have when they first suspected irregularities. They immediately:

• Suspended the office manager pending an audit of the business
• Changed the PIN numbers and passwords on business accounts and accounting software  
• Replaced the locks on the medical practice facility  
• Advised banks, credit providers, and vendors that Nate was no longer allowed to act as a representative of the practice 

When faced with the overwhelming evidence, Nate admitted the theft, entered a guilty plea to the felony charge of embezzlement, and was sentenced to two years in prison and ordered to make restitution. The practice had no insurance or surety bonds to cover the loss, which was approximately $254,000.

A BLOCKBUSTER FRAUD 

While the above crimes are significant, they pale in comparison to Josie's tale that we began in the beginning of the article. This part-time bookkeeper, who worked for a dental practice in Olympia, Wash., embezzled more than $1.9 million in seven years.

Her method was basic, but because of little internal oversight, it was very effective. Josie opened numerous credit card accounts in both her and family members' names for personal expenses and cash advances. When the accounts came due, she paid with checks drawn on the practice's checking account. She concealed the embezzlement by entering the checks in the bookkeeping system as payments to established vendors and manually drafting the checks to the credit card companies.

The practice ignored the warning signs, which isn't unusual in internal fraud cases. Other employees told the partners about Josie's conduct changes. The partners took no action. Josie only worked three days a week, and:

•  Was generous with her money, often purchasing gourmet coffee and pastries for the other office staff members  
•  Took many luxurious, extended vacations - rented limos, five-star hotels, swimming with dolphins - several times a year  
•  Wore expensive jewelry and designer clothing  

After creditors contacted the partners directly to inquire about overdue accounts, the owners examined their line of credit online. They found that Josie had been transferring money from the line of credit account to cover checks drawn on the practice's checking account. The partners obtained copies of the practice's cancelled checks and discovered checks written to multiple credit card companies, at which the practice had no accounts.

The partners contacted local law enforcement authorities who opened a criminal investigation. During a legal search of Josie's residence, police found a report prepared by the practice's CPA that identified unusual and unexplained increases in certain expense categories. The CPA had made the mistake of giving the report to Josie, who failed to give it to the partners.

The prosecutor called in Ken Wilson, CFE. Wilson discovered the bookkeeper had spent $223,000 on clothes, $348,000 on vacations, and taken $83,000 in cash advances. She even spent more than $32,000 at Starbucks! She received a 10-year sentence.

EMPLOYEE FRAUD COMMON DENOMINATORS 

Each of these three cases had many features common to employee fraud. They included the owners' total trust and confidence in the employee, their failure to promptly react to indications of financial irregularities, and limited or no oversight of the offender's activities. Other deficiencies included the use of an accounting system program without providing program training to a supervisor, poor internal control over cash handling procedures, and allowing an employee to have the authority to make financial decisions without input from the owners.

The largest frauds would have been detected at a much earlier date with less loss to the practices if the physicians had taken the advice they often give their patients: "Get regular check-ups and seek professional assistance at the first signs of illness or disease" and sought the services of a Certified Fraud Examiner.

John T. Hughes, CFE, is a forensic accountant with Audit Services of Virginia. 

The Association of Certified Fraud Examiners assumes sole copyright of any article published on www.Fraud-Magazine.com or ACFE.com. Permission of the publisher is required before an article can be copied or reproduced.