Fraud? It can't happen to me!

Feb. 3, 2010

By Bryant Truitt, MBA

Dentists everywhere are facing serious scheduling, production, and profit challenges in these difficult economic times. These times also bring another major issue to an even higher level of importance than normal — FRAUD!

Computer server — Make absolutely certain that the owner dentist(s) are the ONLY ones that have “administrative” rights to access the server to change any settings. Your IT person, CPA, wife, and financial advisor should be the only ones with access. NO ONE ELSE should have access! Your IT person must sign a HIPAA statement of confidentiality saying that access will not be given to anyone without your personal approval. This is absolutely mandatory!

Passwords — Every practice management software program, i.e., Dentrix, and good general accounting software program, i.e., QuickBooks Pro, has built-in security levels and passwords. Make absolutely certain that you use them. Also make sure that you are the ONLY person that has “administrative” rights to access the security levels and passwords to change settings and passwords. Monitor all software program security levels at least every six months, and change the team member passwords at the same time. Do not rely on team members to tell you they are being used — check! Your software vendor will help you set them up. Make the passwords unique (do not use date of birth, family or pet names, phone numbers, etc.), keep a list at home, and provide a list to your CPA or attorney for emergencies. Everyone must have a password! Make sure you handle this critical area personally — you will be very sorry financially if you don’t. Repercussions include less patient care, financial problems, and possibly NO retirement! I have found that less than 20% of practices have and maintain password security.

Remote server access — DO NOT permit team members or associates to have remote access to your server and accompanying software programs. There is no good business reason for them to have remote server access. If they cannot get the work done in the office during normal working hours, then there are issues you need to address that do not include at home computer access. The only ones that should have access are you, your CPA, the IT person, or your financial advisor.

Remember — computer server access, security levels, and passwords are your primary line of defense, and without them you could be totally void of protection and detection and open to associated issues, which is bad!!

Walkout statements — This is an issue because some walkout statements are not sequentially numbered or do not leave a footprint after they are printed in some dental practice management software programs. They have been used in attempts to collect money that is not legitimately due from patients. There can be serious state and/or federal statute ramifications for the dentist(s) and associated team member(s) when walkout statements are used in this manner. It is the responsibility of the dentist(s) to ensure this does not happen.

Vendor refunds — This scam has been around a long time and has received renewed attention because some dentists have not established or do not monitor the major prevention steps. This requires the dentist to sign all accounts payable checks, for the accompanying vendor statement and ALL properly completed backup to be attached, and for the total amount due to be highlighted. DO NOT sign any checks without vendor-supplied documentation attached. DO NOT sign when there are only handwritten entries or totals, no documentation, unclear documentation, a blank check, or oral statement. Check all documentation and vendor names to ensure that you recognize the vendor and entries. Make sure the total on the check is the same as the invoice total. Ask questions if you don’t understand, as this will establish that you are using “trust but verify” prevention techniques.

Patient refunds — Don’t sign patient refund checks without a copy of the patient’s complete ledger and a stamped envelope addressed to the same name and address as that of the guarantor. The dentist should cross check the dollar amount and address, and should mail the refund checks. Ask questions as to the reason for the refund checks. “Why” is a powerful question that can bring interesting replies!

Credit cards — These can be a profitable addition or a cover-up for inappropriate activity. Whatever you do, be sure that you retain the “daily batch report” and “monthly merchant statement” provided by each credit card service you use. Make sure these are kept in date order and locked up. Have the monthly merchant statement sent to your home.

Practice paid credit cards —
There’s a growing number of dentists providing trusted team members with practice paid credit cards for purchasing office supplies, coffee, soda, food, etc. This presents an opportunity for possible inappropriate activity. Set a monthly spending limit for the card and chargeable locations with the issuing company. Consider how the credit cards are to be issued and monitored, and policies for use. Have credit card statements sent to your home.

Outside financing sources — These vendors provide a valuable service to dentistry. There are instances where inappropriate activity has been undertaken that have damaged practices. Therefore, care must be taken that all terms and conditions of completion and use of outside financing sources be fulfilled and monitored. Ensure that you personally review monthly statements from these sources, number and sign the applications, do not use signatory stamps, and do not permit anyone to sign for you. Remember — if the practice name or your name is on the document, you are responsible!

Prescriptions — There have been an increasing number of cases of team members attempting to fill unauthorized prescriptions. They may use or sell the drugs to others. There have been cases where prescriptions are altered by patients. Another scam is to provide prescription pads to outside parties to use as documentation for not being at work or school. Any of these can be very profitable for the perpetrator or team member. There are severe state and/or federal ramifications for such activity that can include the dentist. Therefore, closely monitor prescription pads and remember that most practice management software programs can print prescription blanks. Remember also, just because you are not writing prescriptions does not mean your practice is not. There are ways to monitor such activity, and this is your responsibility.

Signature rubber stamps — Destroy these immediately! There is not a single good business reason for the dentist to have one — period. The liability today is enormous.

OSHA and HIPAA training and DEA compliance — Make absolutely certain you are current, documented, and fulfill every requirement of these federal programs. If you have not personally reviewed your compliance, do so immediately. I have found too many instances where practices would be in serious trouble with one or more of these programs. Possible fines or other disciplinary action may result from violations. Do not overlook these mandatory areas.

These issues provide insight into critical subjects affecting the business side of your practice. Details of how these issues can be manipulated are not provided. However, you need to review and consider each situation and determine the best course of action before you experience a loss. As in every business, new issues or old ones with new angles are appearing daily with the sole purpose of creating opportunities for misapplication, misappropriation, and inappropriate activity. If you sense that any of these is present in your practice, please contact me. I am not saying that every team member fits into these activities, but as never before every dentist should consistently practice “Five Minute Daily Audit” and “Trust but Verify!” prevention techniques.

Bryant D. Truitt, MBA, has specialized in dentistry fraud for 12 years, and has worked in hundreds of practices throughout the United States and Canada. He developed the successful "Five Minute Daily Audit”TM that establishes business systems and internal controls to deter fraud, and increase production, profits, and peace of mind. Call (210) 241-6329 or e-mail [email protected].